Senior Data Protection Specialist (Governance, Risk & Compliance) - Santander
hace 19 horas
Santander
Responsibilities • Ensure that IT operations comply with EU data protection and privacy standards, laws and regulations, • Support the design, implementation, auditing and testing of controls to ensure data protection compliance, • Identify, document and propose remediation actions for compliance gaps, • Provide expert advice on data protection matters, particularly in the context of personal data processing activities, • Conduct Privacy Impact Assessments (DPIAs) and support risk analysis activities, • Draft and review Records of Processing Activities (RoPAs), privacy notices and related documentation, • Develop, maintain and promote data privacy policies, procedures and awareness initiatives across the organisation, • Act as a key point of contact for data protection queries, incidents and complaints, • Ensure stakeholders (data owners, controllers, processors and partners) understand their data protection obligations, • Monitor audit activities and contribute to data protection training programs, • Collaborate with internal teams (IT, cybersecurity, operations, legal) and external stakeholders, including authorities, • Contribute to the continuous improvement of organisational data protection strategy, policies and processes, • Manage legal aspects of information security and third‑party data protection complianceRequirements, • Candidates based anywhere in the European Union are welcome to apply, • Minimum education level: Level7 (Master), • Minimum English level: C1 (CEFR), • At least5years of relevant professional experience in IT/data protection, with a minimum of4years in a similar role, • At least5years of experience in personal data protection compliance in ICT, EU institutions, public sector or similar environments, • Hands‑on experience (minimum3years) preparing or reviewing RoPAs, DPIAs, DPA, TIA and related documentation, • At least2years of experience analysing technical environments (data flows, access management, logs, SIEM, hosting, transfers, subprocessors, etc.), • Strong ability to work with incomplete or inconsistent information, identify gaps and structure actionable next steps, • At least3 recognised certifications such as CISA, CISM, CRISC, CISSP‑ISSMP, CAP, ISO27001 Lead Implementer/Auditor, ISO27005 Risk Manager, GIAC certifications or equivalent, • Excellent knowledge of EU data protection legislation and regulatory frameworks, • Strong understanding of data protection standards, policies and best practices, • Solid background in IT operations, service delivery and compliance frameworks, • Practical experience with privacy impact assessment methodologies, • Ability to align business strategy with legal and regulatory requirements, • Proven capability to design and implement data protection policies and procedures, • Excellent communication skills with the ability to explain complex privacy topics to diverse audiences, • Strong ethical mindset and ability to adapt to regulatory changes, • Team‑oriented approach with strong collaboration skillsWhat We Offer, • Prestigious projects within European institutions, • International, innovative, and multicultural environments, • Continuous support from a team of experts in EU projects In accordance with Organic Law3/2007 of March22, the company is committed to promoting the defense and effective application of the principle of equality between men and women, preventing any type of labour discrimination based on sex, and guaranteeing equal entry opportunities. xcskxlj The company also promotes diversity and rejects any discrimination based on race, gender, functional diversity, religion, sexual orientation, gender identity, or any other personal or social condition, striving to build an inclusive and enriching environment. #J-18808-Ljbffr