Role Description Als (Associate) Consultant für Cloud Compliance & Governance unterstützt du unsere Kunden dabei, ihre Cloud-Umgebungen compliant, sicher und regulatorisch konform zu gestalten. Du arbeitest an der Schnittstelle zwischen Compliance, Governance und Cloud-Technologien – in wechselnden Kundenprojekten, von mittelständischen Unternehmen bis hin zu Konzern-Umgebungen. Dabei entwickelst du technisches Know-how und Beratungskompetenz. Je nach Erfahrungslevel wirst du eigenverantwortlich arbeiten oder schrittweise in die folgenden Aufgaben hineinwachsen: - Beratung von Kunden zu Compliance-Strategien und regulatorischen Anforderungen (DSGVO, NIS2, DORA, ISO 27001, BSI Grundschutz) - Aufbau und Betrieb von Informationssicherheitsmanagementsystemen (ISMS) - Implementierung und Konfiguration von Microsoft Purview (Compliance-Module, DLP, Sensitivity Labels) - Umsetzung von Cloud Governance Frameworks, Cloud Policy Management und Compliance Reporting - Beratung zu Datenschutz- und Datensouveränitätskonzepten (DSGVO, Data Residency, EU Sovereign Cloud) - Durchführung bzw. Mitwirkung bei Compliance Assessments und Reifegradanalysen - Umsetzung von Data Governance und Information Lifecycle Management - Einordnung regulatorischer Anforderungen an den KI-Einsatz – von der Nutzungsentscheidung bis zur Compliance-Bewertung - Enge Zusammenarbeit mit Security-, Legal- und Cloud-Teams beim Kunden Qualifications - Associate Consultant: Abgeschlossenes oder kurz vor dem Abschluss stehendes Masterstudium der Informatik, Wirtschaftsinformatik, Rechtswissenschaften, IT-Security oder eines vergleichbaren Studiengangs bzw. Ausbildung - Grundlegendes Interesse an IT-Compliance, Datenschutz, regulatorischen Anforderungen und Cloud-Technologien sowie Motivation, dich schnell in neue Themengebiete einzuarbeiten - Grundlegendes Verständnis von Compliance-Frameworks, Datenschutzrecht (z. B. DSGVO) oder IT-Governance, z. B. aus dem Studium oder eigenen Projekten - Analytisches Denkvermögen, strukturierte Arbeitsweise und Lernbereitschaft - Gute Kommunikationsfähigkeiten und die Bereitschaft, komplexe regulatorische Zusammenhänge verständlich zu erklären - Consultant: Abgeschlossenes Masterstudium oder vergleichbare Ausbildung und rund 2 Jahre Berufserfahrung im Bereich IT-Compliance, Cloud Governance, Datenschutz oder IT-Security - Kenntnisse relevanter Compliance-Frameworks und regulatorischer Anforderungen (z. B. DSGVO, NIS2, ISO 27001, BSI Grundschutz) - Erfahrung mit Cloud-Plattformen (insbesondere Microsoft Azure) sowie Compliance- und Governance-Werkzeugen wie Microsoft Purview - Verständnis von Datenschutz-, Datensouveränitäts- und Information-Governance-Konzepten - Fähigkeit, regulatorische und technische Zusammenhänge verständlich für Kunden aufzubereiten und zu präsentieren - Bereitschaft, Verantwortung in Kundenprojekten eigenständig zu übernehmen Requirements - Nice to have: Erste Kenntnisse in Cloud-Plattformen (Microsoft Azure oder M365) oder Compliance-Tools - Erste praktische Erfahrungen, z. B. durch Praktika, Werkstudentätigkeiten oder eigene IT-Projekte - Grundkenntnisse in ISO 27001, BSI-Grundschutz oder DSGVO-Anforderungen - Zertifizierungen (z. B. SC-900: Microsoft Security, Compliance & Identity Fundamentals; AZ-900: Azure Fundamentals, CSA) - Interesse oder erste Berührungspunkte mit Microsoft Purview oder GRC-Plattformen Benefits - Du arbeitest an vielfältigen Projekten bei DAX-Konzernen und führenden Mittelständlern. - Innovative, interdisziplinäre Themen verbinden wissenschaftlichen Tiefgang mit echter Hands-on-Mentalität. - Du hast viel Platz für eigene Ideen und kannst eigenverantwortlich gestalten und handeln. - Flexible Arbeitszeiten, freie Standortwahl, Überstundenausgleich und Reisezeit, die als Arbeitszeit zählt. - Ein faires Fixgehalt plus Bonus, Jobrad, Top-Ausstattung und viele weitere Benefits. - Individuelle Weiterbildungs- und Laufbahnprogramme begleiten dich während deiner gesamten Zeit bei Comma Soft. - Erfahrene Profis und Newbies arbeiten direkt zusammen – unterstützt durch ein strukturiertes Mentoring. - Ob Gipfelis (monatliche Mitarbeitertreffen), Grillen auf der Dachterrasse, GamesNights oder Sommerfeste mit deinen Liebsten – wir feiern gerne und oft zusammen.

• Ensure compliance with legal and internal standards and conduct audits with a focus on labor law • Develop partner vetting and monitoring tools; implement pragmatic, scalable risk solutions • Resolve ticket escalations and enforce contractual penalties up to offboarding non-performing partners • Standardize contracts in cooperation with the Legal department and coordinate between DSPs, Customer Care and Account Management

Role Description The international expert will work with UNFPA RH NP A and national MOHMI specialists on adoption of treatment protocols including the following stages: - Assessment and revision phase - 10 working days - Desk review of existing local treatment protocol for breast cancer, identify gaps and provide recommendations. - Conduct 1 (one) online technical meeting to present evidence-based desk review results to national oncologists. - Support update of breast cancer protocol to align with WHO standards and international good practices. - Conduct 3 days online training with national specialists on the updated clinical protocol. - Methodology development - 5 working days - Develop a manual peer-review methodology for clinicians to assess adherence to protocols as a part of the quality assurance cycle, including clinical compliance indicators for national monitoring and internal audit. - Conduct a one day online workshop with national specialists on manual peer-review methodology and clinical compliance indicators. - Reporting phase - 3 working days - Develop a final consultancy report and set of related documents. Duration and Working Schedule - The Duration of this consultancy is 18 working days, from August 10th to November 30th 2026 including operational closure of the contract. Dates may vary due to availability of the expert and the national partners. Outcomes and Deliverables - Deliverable 1: Assessment Report, including a desk review of current protocols, a summary of technical recommendations from online meetings, and the first draft of updated clinical protocols for breast cancer aligned with WHO standards developed by August 30th. - Deliverable 2: 3-day online training conducted for national specialists on the updated clinical protocols by September 25th. - Deliverable 3: A complete package consisting of the set of Manual peer-review methodology clinical compliance indicators developed by October 20th. - Deliverable 4: One day online workshop for national partners on Manual peer-review methodology and clinical compliance indicators conducted by November 10th. - Deliverable 5: Final consultancy report developed by November 25th. Monitoring and Progress Control - The UNFPA Programme Analyst on Reproductive Health will monitor the International Consultant’s work through reviewing submitted materials. - The consultant will provide an update on a weekly basis on progress, challenges encountered, and support requirements. Ethical Considerations - UNFPA requires its consultants to adhere to ethical principles and standards when doing research. - The selected consultant should clearly identify any potential ethical issues and approaches, as well as the processes for ethical review in the inception report. National Ownership - The involvement of appropriate national partners will be a critical condition for the development of all the mission outcome materials in ensuring stakeholder ownership and its subsequent utilisation. Supervisory Arrangements - The International Consultants will directly work under the supervision of and report to the UNFPA Programme Analyst on reproductive health, along with the overall guidance from the UNFPA Head of Office. Expected Travel - Travel is not expected under this consultancy. Required Expertise, Qualifications, and Competencies - Advanced degree in medical sciences (Oncology and Mammology). - Qualified oncologist possessing minimum 7 years of relevant experience in the area of breast cancer treatment. - Knowledge of existing WHO recommendations and good practices as well as evidence collected by research institutions and societies. - Experience in development of protocols, clinical guidances or recommendations, methodologies. - Fluency in Russian or English. - Familiarity and experience with the Central Asian context is an asset. Inputs / Services to be Provided by UNFPA - UNFPA will provide the consultant with all the necessary materials, data, information, and available reports. - The UNFPA Country Office will put together a list of core sources and readings before the start of the consultancy. Other Relevant Information - The consultancy fee will be calculated based on the P-4 level of the UN Salary Scale for Professional and higher categories effective 1 January 2026 and will be paid in a lump sum upon successful completion of deliverables. - UNFPA provides a work environment that reflects the values of gender equality, diversity, integrity and healthy work-life balance. - We are committed to ensuring gender parity in the organization and therefore encourage women to apply. - Reasonable accommodation may be provided to applicants with disabilities upon request, to support their participation in the recruitment process. - Persons with disabilities, and individuals of other underrepresented groups are highly encouraged to apply. - UNFPA promotes equal opportunities in terms of appointment, training, compensation and selection for all regardless of personal characteristics and dimensions of diversity.

• Drive the development, maturity, and execution of UpGuard’s InfoSec Governance, Risk, and Compliance function, with primary ownership over technology and cybersecurity risk. • Partner closely with procurement, legal, and business stakeholders to embed security reviews into the purchasing lifecycle. Lead Third-Party Risk Management (TPRM) evaluations for new and existing vendors. • Review security exhibits, Data Processing Agreements, and security questionnaires during procurement negotiations to safeguard UpGuard and its customers. • Partner with the CISO to contribute expert analysis on broader enterprise and operational risk matters, ensuring a unified approach to risk management. • Architect and run the technology and security components of the Risk Management process. You will maintain, continually improve, and deliver executive-ready reporting on trends, vulnerabilities, and strategic insights. • Formally own the technology and security control components of UpGuard’s annual SOC 2 Type II audit cycle. Design, manage, and coordinate remediations and improvements stemming from prior cycles, incident post-mortems, and internal assessments. • Work cross-functionally with the Product team to develop public-facing trust documentation, while identifying security control gaps and improvement opportunities within the Product Development Life Cycle (PDLC). • Draft, implement, and maintain a robust framework of InfoSec policies, standards, processes, and guidelines tailored to an evolving threat landscape. • Design and implement comprehensive, company-wide security awareness and compliance training programs utilizing the MindTickle platform.