Governance Risk and Compliance Expert
Location
Europe
Posted
2 days ago
Salary
0
Seniority
Mid Level
No structured requirement data.
Job Description
Governance Risk and Compliance Expert
Bridge 351
Role Description Frontex's Digital Services Unit (DIG) is reinforcing its capacity to handle personal data protection and privacy compliance across its ICT environment. As GRCE, you'll support Frontex in applying Regulation in practice — turning legal and governance requirements into concrete documentation, processes and follow-up actions across multiple ICT systems, projects and procurements. - Preparing, updating and improving Records of Processing Activities (RoPAs) and Data Protection Impact Assessments (DPIAs) across ICT systems - Drafting and maintaining privacy notices and related data protection documentation - Validating personal data protection documentation against technical reality, working closely with system and technical owners - Analysing and documenting technical arrangements relevant to data protection: access rights, logs/SIEM exports, retention, hosting, data flows, transfers and processor chains - Supporting technical fact-finding for personal data breach incidents (without taking over breach qualification or notification decisions) - Working with incomplete or inconsistent information — distinguishing confirmed facts from assumptions and structuring clear next steps for management follow-up - Tracking actions, gaps and remediation items, and coordinating with system owners, project teams and the Frontex DPO - Providing privacy-by-design input into ICT projects, system changes and procurement files Qualifications - 5+ years of IT-relevant professional experience, including 4+ years in a similar role - At least 5 years of personal data protection compliance experience in an ICT, EU institutional, public-sector or similarly technology-heavy environment - At least 3 years of hands-on experience preparing, updating or reviewing RoPAs, DPIAs, DPAs or TIAs for real systems, including data mapping and validating input from system/technical owners - At least 2 years of experience analysing technical arrangements relevant to data protection (access rights, logs, retention, hosting, transfers, processors) - Excellent understanding of EU data protection legislation, standards and compliance frameworks - Strong stakeholder management and communication skills across technical and non-technical audiences Requirements - Minimum education: Master's degree or equivalent - At least 3 certifications among: CISA, CISM, GSNA, GCCC, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, CAP, CRISC, CISSP-ISSMP, GIAC ISO-27000 Specialist (or internationally recognized equivalents) Languages - Fluent English (C1) Work Model - Full remote Location - Europe
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
• The Compliance Manager is responsible for leading compliance, regulatory oversight, quality assurance, and safety programs across XpresTest operations. • This role serves as the primary resource for ensuring adherence to federal, state, local, airport, and healthcare-related regulations while supporting operational excellence and risk mitigation. • The Compliance Manager partners closely with Operations, Clinical Leadership, Quality Assurance, Human Resources, Legal, Facilities, Information Security, and site leadership to develop, implement, monitor, and continuously improve compliance programs, policies, training, and standard operating procedures. • The position plays a critical role in maintaining regulatory readiness, supporting audits and inspections, promoting workplace safety, and ensuring the consistent delivery of compliant testing services across all locations.
• Guide the design and development of the global regulatory strategy for development projects • Serve as the dedicated regulatory subject matter expert on development teams • Act as the primary point of contact for and lead direct engagements with regulatory agencies • Partner with R&D to develop and implement clinical trial submission plans • Collaborate with internal stakeholders to provide technical leadership on Quality, Safety, and Efficacy sections for regulatory submissions • Proactively identify and communicate project-specific regulatory risks and opportunities
• Leads critical decisions on import/export compliance and licensing • Drives accurate classification, documentation, and regulatory adherence • Partners across functions to embed compliance into business processes • Contributes to the evolution of Novanta’s global compliance programme • Supports audits and ensures readiness in an ever-changing regulatory environment
• Act as product safety and compliance contributor within R&D projects, ensuring safety principles are embedded in system architecture and detailed design. • Participate in risk assessments and safety analyses (e.g. hazard analysis, risk reduction measures) for complex electromechanical and automated systems. • Interpret and apply international product safety standards and regulations (CE, EN, IEC, ISO, NRTL) in practical engineering context. • Provide hands‑on technical guidance to engineering teams during development, design reviews, and change management. • Contribute to the product safety and compliance strategy across the product lifecycle, including development, verification, and market access. • Interface with external test laboratories, notified bodies, and authorities to secure approvals and certifications. • Support Product Management, Sales, and Operations with expert input on safety and regulatory matters for global market access.
