Senior data protection specialist (governance, risk & compliance)

At Ayesa Digital we grow with you!

Every professional in our company is vital to us. Thanks to their talent, we continue to expand; today, we are a global team of over 11,000 people working toward a common goal.

Ayesa Digital is currently participating in high-impact European Union projects designed to address major European challenges and drive science and innovation. These are strategic technological projects based on collaborative initiatives that stand out for their international focus and a strong commitment to socially-oriented results.

If you are an enthusiastic professional looking for a new career challenge, this is your place. We are looking to incorporate a Senior Data Protection Specialist (Governance, Risk & Compliance). Leap — we are waiting for you!

What You Will Do (Responsibilities):

• Ensure that IT operations comply with EU data protection and privacy standards, laws and regulations
• Support the design, implementation, auditing and testing of controls to ensure data protection compliance
• Identify, document and propose remediation actions for compliance gaps
• Provide expert advice on data protection matters, particularly in the context of personal data processing activities
• Conduct Privacy Impact Assessments (DPIAs) and support risk analysis activities
• Draft and review Records of Processing Activities (RoPAs), privacy notices and related documentation
• Develop, maintain and promote data privacy policies, procedures and awareness initiatives across the organisation
• Act as a key point of contact for data protection queries, incidents and complaints
• Ensure stakeholders (data owners, controllers, processors and partners) understand their data protection obligations
• Monitor audit activities and contribute to data protection training programs
• Collaborate with internal teams (IT, cybersecurity, operations, legal) and external stakeholders, including authorities
• Contribute to the continuous improvement of organisational data protection strategy, policies and processes
• Manage legal aspects of information security and third-party data protection compliance

What We Are Looking For (Requirements):

• Candidates based anywhere in the European Union are welcome to apply
• Minimum education level: Level 7 (Master)
• Minimum English level: C1 (CEFR)
• At least 5 years of relevant professional experience in IT/data protection, with a minimum of 4 years in a similar role
• At least 5 years of experience in personal data protection compliance in ICT, EU institutions, public sector or similar environments
• Hands-on experience (minimum 3 years) preparing or reviewing RoPAs, DPIAs, DPA, TIA and related documentation
• At least 2 years of experience analysing technical environments (data flows, access management, logs, SIEM, hosting, transfers, subprocessors, etc.)
• Strong ability to work with incomplete or inconsistent information, identify gaps and structure actionable next steps
• At least 3 recognised certifications such as CISA, CISM, CRISC, CISSP-ISSMP, CAP, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, GIAC certifications or equivalent
• Excellent knowledge of EU data protection legislation and regulatory frameworks
• Strong understanding of data protection standards, policies and best practices
• Solid background in IT operations, service delivery and compliance frameworks
• Practical experience with privacy impact assessment methodologies
• Ability to align business strategy with legal and regulatory requirements
• Proven capability to design and implement data protection policies and procedures
• Excellent communication skills with the ability to explain complex privacy topics to diverse audiences
• Strong ethical mindset and ability to adapt to regulatory changes
• Team-oriented approach with strong collaboration skills

What We Offer:

• Prestigious projects within European institutions.
• International, innovative, and multicultural environments.
• Continuous support from a team of experts in EU projects.

If you are ambitious, enthusiastic, and seeking a new professional challenge in international projects with real-world impact, this is the place for you!

In accordance with Organic Law 3/2007 of March 22, the company is committed to promoting the defense and effective application of the principle of equality between men and women, preventing any type of labor discrimination based on sex, and guaranteeing equal entry opportunities. Furthermore, we promote diversity and reject any discrimination based on race, gender, functional diversity, religion, sexual orientation, gender identity, or any other personal or social condition, striving to build an inclusive and enriching environment.