At Ayesa Digital we grow with you!
Every professional in our company is vital to us. Thanks to their talent, we continue to expand;
today, we are a global team of over 11,000 people working toward a common goal.
Ayesa Digital is currently participating i n high-impact European Union projec ts designed to address major European challenges and drive science and innovation. These are strategic technological projects based on collaborative initiatives that stand out for their international focus and a strong commitment to socially-oriented results.
If you are an enthusiastic professional looking for a new career challenge, this is your place. We are looking to incorporate a Senior Data Protection Specialist (Governance, Risk & Compliance) . Leap — we are waiting for you!
What You Will Do (Responsibilities):
Ensure that IT operations comply with EU data protection and privacy standards, laws and regulations
Support the design, implementation, auditing and testing of controls to ensure data protection compliance
Identify, document and propose remediation actions for compliance gaps
Provide expert advice on data protection matters, particularly in the context of personal data processing activities
Conduct Privacy Impact Assessments (DPIAs) and support risk analysis activities
Draft and review Records of Processing Activities (RoPAs), privacy notices and related documentation
Develop, maintain and promote data privacy policies, procedures and awareness initiatives across the organisation
Act as a key point of contact for data protection queries, incidents and complaints
Ensure stakeholders (data owners, controllers, processors and partners) understand their data protection obligations
Monitor audit activities and contribute to data protection training programs
Collaborate with internal teams (IT, cybersecurity, operations, legal) and external stakeholders, including authorities
Contribute to the continuous improvement of organisational data protection strategy, policies and processes
Manage legal aspects of information security and third-party data protection compliance
What We Are Looking For (Requirements):
Candidates based anywhere in the European Union are welcome to apply
Minimum education level: Level 7 (Master)
Minimum English level: C1 (CEFR)
At least 5 years of relevant professional experience in IT/data protection, with a minimum of 4 years in a similar role
At least 5 years of experience in personal data protection compliance in ICT, EU institutions, public sector or similar environments
Hands-on experience (minimum 3 years) preparing or reviewing RoPAs, DPIAs, DPA, TIA and related documentation
At least 2 years of experience analysing technical environments (data flows, access management, logs, SIEM, hosting, transfers, subprocessors, etc.)
Strong ability to work with incomplete or inconsistent information, identify gaps and structure actionable next steps
At least 3 recognised certifications such as CISA, CISM, CRISC, CISSP-ISSMP, CAP, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, GIAC certifications or equivalent
Excellent knowledge of EU data protection legislation and regulatory frameworks
Strong understanding of data protection standards, policies and best practices
Solid background in IT operations, service delivery and compliance frameworks
Practical experience with privacy impact assessment methodologies
Ability to align business strategy with legal and regulatory requirements
Proven capability to design and implement data protection policies and procedures
Excellent communication skills with the ability to explain complex privacy topics to diverse audiences
Strong ethical mindset and ability to adapt to regulatory changes
Team-oriented approach with strong collaboration skills
What We Offer :
Prestigious projects within European institutions.
International, innovative, and multicultural environments.
Continuous support from a team of experts in EU projects.
If you are ambitious, enthusiastic, and seeking a new professional challenge in international projects with real-world impact, this is the place for you!
In accordance with Organic Law 3/2007 of March 22, the company is committed to promoting the defense and effective application of the principle of equality between men and women, preventing any type of labor discrimination based on sex, and guaranteeing equal entry opportunities. Furthermore, we promote diversity and reject any discrimination based on race, gender, functional diversity, religion, sexual orientation, gender identity, or any other personal or social condition, striving to build an inclusive and enriching environment.