Senior Governance Risk and Compliance Expert

Why are you looking for a job?

If your answer ticks all the boxes, this could be the start of a great collaboration.

• You have a curious mind - You won't understand what we're talking about if you don't 🤔
• You want to learn more around technology - You won't survive if you don't 😱
• You want to make the world a bit better 😇

We happen to be just like that as well. We like hacking things here and there (you included) and create scalable solutions that bring value to the world.

SquareDev? 🐿️

We use state-of-the-art technology to build solutions for our customers and our partners' customers. We make sure we stay best-in-class by participating in research projects across Europe, collaborating with top universities and enterprises on AI, Data, and Cloud.

About QnR Group

SquareDev is a member of the QnR Group, a leading technology organization specializing in end-to-end custom software solutions, Artificial Intelligence, Cybersecurity, SAP S/4HANA, SAP Business One, ServiceNow, and FinTech solutions.

As part of QnR Group's ongoing expansion — both in Greece and internationally — we are continuously hiring across a wide range of tech roles. Successful candidates may be hired by QnR Group, or another company within the Group, depending on the role and project.

Role overview

We are looking for a Senior Governance Risk and Compliance Expert to join one of our public sector clients based in Warsaw, working remotely. You will ensuring that IT operations align with EU data protection legislation, conducting privacy impact assessments, maintaining records of processing activities and advising stakeholders across the organisation on their obligations.

Requirements

The ideal candidate will be responsible for:

• Ensuring IT operations comply with data privacy laws, regulations and standards.
• Conducting privacy impact assessments (DPIAs) and maintaining records of processing activities (RoPAs).
• Identifying compliance gaps and proposing practical countermeasures.
• Advising on data protection matters, particularly around personal data processing.
• Developing, maintaining and communicating data privacy policies and procedures.
• Delivering staff awareness training to foster a culture of data protection.
• Acting as the contact point for queries and complaints related to data processing.
• Cooperating with authorities and professional groups on data protection matters.
• Managing legal aspects of information security and third-party relations.

To excel in this role, you'll need:

• At least 5+ years of IT experience and 4+ years in a GRC role.
• Master’s degree in Computer Science, Engineering or a related technical field.
• Hands-on data protection compliance experience in an ICT, EU institutional, or public-sector environment.
• Experience in preparing or reviewing RoPAs, DPIAs, Data Processing Agreements, and Transfer Impact Assessments, including data mapping and input validation from technical owners.
• Experience in documenting technical arrangements relevant to data protection: access rights, privileged access, logs/SIEM exports, retention, data flows, processors and subprocessors.
• Deep knowledge of EU data protection legislation, regulatory frameworks, and privacy standards.
• Ability to work with incomplete or inconsistent ICT information, distinguishing facts from assumptions, identifying gaps and structuring clear follow-up.
• Strong communication skills, able to explain data protection topics to both technical and non-technical audiences.
• English C1 level certification.
  

Certifications you'll need:

At least 3 certifications from the following:

• CISA — Certified Information Systems Auditor
• CISM — Certified Information Security Manager
• GSNA — GIAC Systems and Network Auditor
• GCCC — GIAC Critical Controls
• ISO 27001 Lead Implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• CAP — (ISC)² Certified Authorization Professional
• CRISC — ISACA Certified in Risk and Information Systems Control
• CISSP-ISSMP — (ISC)² Information Systems Security Management Professional
• GIAC Certified ISO-27000 Specialist
• or internationally recognised equivalent (subject to EU-I acceptance)

Nice to have

• Prior experience in an EU institutional environment.
• Familiarity with the practical implications of evolving EU legal frameworks on organisational data protection strategy.
• Experience collaborating across multidisciplinary teams including cybersecurity, SOC, and architecture functions.