Would you like to modernise an enterprise privacy program and not just keep the lights on?

Do you have experience with DPIA tools/catalogs?

Great , please read on as we have the role for you!

We’re working with a fast-growing international SaaS / Legal Tech organisation that provides a leading legal data intelligence platform. Their Security function is investing heavily in modernising its global Privacy Program, and they’re looking for an Advanced Risk & Compliance Analyst – Privacy to join the Governance, Risk & Compliance (GRC) team.
This role is ideal for someone who wants to go beyond “maintenance mode” privacy work and help build and transform a privacy program in a highly technical, security-focused environment.

You’ll have a direct impact on Enterprise privacy policies and controls, A new DPIA / data catalog / master data environment and how privacy is embedded in a cloud-based platform used worldwide. You will sit in the Security GRC (Governance, Risk & Compliance) team and focus on privacy, risk, and compliance initiatives on a global scale.

This is a fully remote B2B contract opportunity in Poland which is offered as a 3 month contract. 

Your Tasks Will Include:

• Privacy program modernisation: Assist with the end-to-end modernisation of the enterprise privacy program.
• Align privacy policies, controls, and processes with evolving regulations (e.g., GDPR, CCPA/CPRA) and business needs.
• DPIAs & data risk assessments: Conduct Data Protection Impact Assessments (DPIAs) and similar assessments for new and existing systems.
• Identify, analyse, and help mitigate privacy risks across products and services.
• Work closely with Security, IT, and Legal on risk mitigation strategies.
• Data catalog & master data: Significantly contribute to the redesign and implementation of the enterprise master data catalog and privacy/data inventory.
•  Support the transition from legacy Excel-based catalogs/ROPA into a new DPIA/data catalog tool.
• Policies, SOPs & documentation: Create, maintain, and implement privacy policies, standard operating procedures (SOPs), and other data protection documentation.
•  Ensure documentation is aligned with regulatory requirements, and practical and usable for business and technical teams.
• Controls & regulatory mapping: Map privacy and regulatory requirements to ISO/IEC 27001, 27018, 27701 and/or other frameworks (e.g., NIST Privacy Framework, SOC 2 Privacy).
• Perform control testing and risk assessments related to privacy.
• Operational privacy work: Support handling of Data Subject Access Requests (DSARs) (e.g., access, deletion) in coordination with Legal and Security.

To be a good fit for the Senior Privacy & Compliance Specialist role, you will have:

• 3+ years of experience in Privacy, data protection, and/or Risk management, compliance, or data governance with a strong privacy component.
• Hands-on experience with PIAs/DPIAs and privacy risk assessments, Data catalogs, data inventories, or master data management initiatives.
• Strong working knowledge of global privacy regulations, including:GDPR, CCPA/CPRA and other major privacy laws.
• Proven experience in building or transforming a privacy program, not just maintaining one.
• Familiarity with risk and control frameworks, such as: ISO/IEC 27001, 27018, 27701, NIST Privacy Framework, SOC 2 Privacy Principles (or comparable frameworks).
• Ability to translate complex regulatory requirements into practical, scalable processes and controls
• Strong written and verbal communication skills with the ability to work with both technical and non-technical stakeholders.
• Experience within a SaaS environment 

What you’ll gain

• A central role in modernising a global privacy program in a high-growth, security-focused tech environment.
• The chance to build and improve privacy processes, controls, and tooling from the ground up.
• Exposure to a wide range of frameworks and regulatory regimes.
• Close collaboration with Security, Legal, Product, and IT on high-impact privacy and security topics.

Sounds interesting?  Send us your CV by applying to this page

The provision of personal data by you is fully voluntary and the basis for their processing is your consent. We have prepared some necessary information, you can find in document: "Information regarding the processing of your personal data". There you will find how your Personal Data is being processed and what your rights are in connection to this.

The personal data will be processed by Sowelo Consulting spółka z ograniczoną odpowiedzialnością with its registered seat in Cracow (LLC) registered in National Court Register (KRS) under no. 0000671136, our Employees and Subcontractors (jointly referred to as the Company).

Sowelo Consulting sp. z o.o. (LLC) is entered in the register of employment agencies under the number: 35288

Our candidate selection process relies entirely on human judgment. We explicitly avoid using automated screening algorithms or AI-driven scoring systems for any part of the assessment. Every single profile is reviewed personally by our experienced recruiters, ensuring a thorough and unbiased consideration of your fit.

IT Recruitment Poland | Executive Search | Recruitment Process Outsourcing