All jobs

Cybersecurity GRC Consultant

Dual IT
Dual IT
Location
Warsaw
Employment Type
Contract
Location Type
On-site
Level
Director

The opportunity

This is an on-site contract role at an EU agency headquarters in Warsaw, focused on cybersecurity governance, risk, and compliance. You'll work across GRC strategy, risk management frameworks, privacy impact assessments, and compliance programmes in a regulated public-sector environment.

Contract details: 12-month initial term with up to 3 annual renewals (maximum 48 months total). ~230 man-days per year (normal working hours). On-site delivery: approx. 30% intra-muros / 70% extra-muros. Security screening must be initiated within the first 45 days of assignment; RESTREINT UE/EU RESTRICTED clearance required.

What you'll do

  • Ensure compliance with and provide guidance on data privacy and data protection standards, laws, and regulations

  • Identify and document compliance gaps

  • Conduct privacy impact assessments; develop, maintain, communicate, and train upon privacy policies and procedures

  • Enforce and advocate the organisation's data privacy and protection programme

  • Ensure data owners, controllers, processors, and internal/external partners are informed of their data protection rights and obligations

  • Act as a key contact point for queries and complaints regarding data processing

  • Assist in designing, implementing, auditing, and compliance testing activities

  • Monitor audits and data protection training activities

  • Cooperate and share information with authorities and professional groups

  • Contribute to the development of the organisation's cybersecurity strategy, policy, and procedures

  • Develop staff awareness training to foster a culture of data protection

  • Manage legal aspects of information security and third-party relations

What you bring

Mandatory:

  • Minimum Level 7 education (master's degree or equivalent in a relevant field)

  • English language proficiency at C1 (CEFR) or above

  • At least 9 years of ICT-relevant professional experience

  • At least 8 years of experience at a similar position

  • At least 4 certifications from the following list (or internationally recognised equivalents):

    • CISA (ISACA Certified Information Systems Auditor)

    • CISM (ISACA Certified Information Security Manager)

    • CRISC (ISACA Certified in Risk and Information Systems Control)

    • CISSP (ISC2)

    • CGRC (ISC2 Certified in Governance, Risk and Compliance)

    • CSSLP (ISC2 Certified Secure Software Lifecycle Professional)

    • CCSP (ISC2 Certified Cloud Security Professional)

    • CISSP-ISSMP (ISC2)

    • GSNA (GIAC Certified Systems and Network Auditor)

    • GCCC (GIAC Certified Critical Controls)

    • GIAC Certified ISO-27000 Specialist

    • ISO 27001 Lead Implementer or equivalent

    • ISO 27001 Lead Auditor or equivalent

    • ISO 27005 Risk Manager or equivalent

  • Personal Security Clearance at RESTREINT UE/EU RESTRICTED level (security screening initiated within 45 days of assignment)

Specific experience required:

  • 5+ years in cybersecurity GRC with a clear focus on cybersecurity risk management

  • Proven experience designing or operationalising a cyber risk management framework

  • Hands-on experience with ServiceNow GRC (IRM / Risk / Policy and Compliance modules)

  • Demonstrated experience maintaining and managing a cybersecurity risk register

  • Experience integrating risk management with vulnerability management, incident management, cloud risk, and third-party risk

  • Experience contributing to cybersecurity maturity improvement programmes

Knowledge and skills:

  • Cybersecurity laws, regulations, standards, methodologies, and frameworks

  • Cybersecurity and privacy policies and legal/regulatory compliance requirements

  • Privacy impact assessment standards and frameworks

  • Ability to lead development of cybersecurity and privacy policies aligned to business and legal requirements

  • Communication of data protection topics to diverse stakeholders

Assessment: Written test (up to 70 points, 70% pass threshold) + interview (up to 100 points, 70% pass threshold). Final evaluation: Technical quality 65% / Price 35%.

Location

Frontex Headquarters, Warsaw, Poland. On-site delivery (approx. 30% intra-muros / 70% extra-muros). No travel foreseen.

Apply now
Cybersecurity GRC Consultant
Apply now