Cybersecurity, GRC

Role Overview

This role is responsible for leading governance, risk, and compliance programs, managing cybersecurity and information systems audit initiatives, and developing end-to-end compliance frameworks aligned with EU and international standards. You will collaborate closely with technical teams, legal stakeholders, and executive leadership to enhance security resilience and drive strategic cybersecurity governance.

Key Responsibilities

Cybersecurity Governance & Risk Management

• Conduct comprehensive information systems audits, identify critical vulnerabilities, and develop remediation and risk-mitigation plans.
• Evaluate security controls across network security, identity and access management, intrusion detection, and zero-trust architecture.
• Lead cybersecurity maturity assessments for critical infrastructure and enterprise environments.

GRC & Compliance

• Manage full-cycle compliance projects for
  NIS2
  ,
  ISO 27001
  ,
  SOC 2
  , and
  DORA
  , from gap analysis to audit readiness and successful certification.
• Develop governance and operational-resilience frameworks for clients in the financial sector, healthcare, e-commerce, and technology.
• Drive IT governance processes and create policies, procedures, and enterprise-level risk methodologies.

Privacy & Data Protection

• Perform
  DPIAs
  ,
  LIAs
  , ROPA, and design privacy policies to ensure robust GDPR compliance and effective regulatory engagement.
• Build and deliver tailored training programs on data privacy and cybersecurity awareness.

Strategy & Advisory

• Analyse regulatory implications on client operations and deliver strategic recommendations to senior leadership.
• Advise stakeholders on aligning business processes with technical and regulatory cybersecurity requirements.
• Contribute to national cybersecurity initiatives, including expert input for the transposition of the NIS2 Directive.

Required Certifications:

• CIPP/E Certified Information Privacy Professional/Europe
• CIPT – Certified Information Privacy Technologist (IAPP)
• CISA – Certified Information Systems Auditor (ISACA)
• AIGP – AI Governance Professional (IAPP)

Ideal Candidate Profile

• Strong background in cybersecurity, information systems auditing, governance, and regulatory compliance.
• Deep understanding of EU frameworks (GDPR, NIS2, DORA) and global standards (ISO 27001, SOC 2, PCI-DSS, HIPAA).
• Exceptional communication, advisory, and cross-functional leadership skills.
• Ability to translate complex technical and legal concepts into clear, actionable guidance for business leaders.
• English speaker;
• Ambition and desire to assert oneself through performance;
• Willingness to learn continuously
• Positive attitude and orientation towards the client (to have charisma)
• Ability to synthesize, observe, organize, and manage time efficiently
• Ability to have flexibility of the schedule, with orientation of the client's needed
• Practice profession with passion
• Loyalty about the company and culture of company
• Family center of his/her principal value

Expected Impact in the First 12 Months

• Increase the GRC maturity level of supported organisations.
• Achieve successful ISO, SOC 2, NIS2, and DORA audit outcomes.
• Implement a structured enterprise IT & cyber risk management framework.
• Improve security posture and reduce regulatory or operational incidents.

What we can offer:

• A pleasant and dynamic work environment where you can't get bored;
• The chance to learn and develop continuously - by participating in programs, courses, etc. in accordance with the established career plan;
• Private health insurance;
• Participation at conferences and business events paid by the company;
• Continuous training and preparation
• Flexible schedule: from home and from the office
• Open minded management vision

We're a fast-moving, multidisciplinary team helping organizations protect their data, stay compliant, and build secure, resilient operations. Our work blends cybersecurity, privacy, and regulatory expertise to support clients across industries. We're looking for a consultant who's passionate about both protecting systems and ensuring compliance with privacy laws like GDPR.

Want to discover more about us? Hit Apply or drop us an email at to schedule a meeting.