Senior data protection specialist (governance, risk & compliance)

At Ayesa Digital we grow with you! Every professional in our company is vital to us. Thanks to their talent, we continue to expand; today, we are a global team of over 11,000 people working toward a common goal.Ayesa Digital is currently participating in high-impact European Union projects designed to address major European challenges and drive science and innovation. These are strategic technological projects based on collaborative initiatives that stand out for their international focus and a strong commitment to socially-oriented results.If you are an enthusiastic professional looking for a new career challenge, this is your place. We are looking to incorporate a Senior Data Protection Specialist (Governance, Risk & Compliance). Leap — we are waiting for you!What You Will Do (Responsibilities):Ensure that IT operations comply with EU data protection and privacy standards, laws and regulationsSupport the design, implementation, auditing and testing of controls to ensure data protection complianceIdentify, document and propose remediation actions for compliance gapsProvide expert advice on data protection matters, particularly in the context of personal data processing activitiesConduct Privacy Impact Assessments (DPIAs) and support risk analysis activitiesDraft and review Records of Processing Activities (RoPAs), privacy notices and related documentationDevelop, maintain and promote data privacy policies, procedures and awareness initiatives across the organisationAct as a key point of contact for data protection queries, incidents and complaintsEnsure stakeholders (data owners, controllers, processors and partners) understand their data protection obligationsMonitor audit activities and contribute to data protection training programsCollaborate with internal teams (IT, cybersecurity, operations, legal) and external stakeholders, including authoritiesContribute to the continuous improvement of organisational data protection strategy, policies and processesManage legal aspects of information security and third-party data protection complianceWhat We Are Looking For (Requirements):Candidates based anywhere in the European Union are welcome to applyMinimum education level: Level 7 (Master)Minimum English level: C1 (CEFR)At least 5 years of relevant professional experience in IT/data protection, with a minimum of 4 years in a similar roleAt least 5 years of experience in personal data protection compliance in ICT, EU institutions, public sector or similar environmentsHands-on experience (minimum 3 years) preparing or reviewing RoPAs, DPIAs, DPA, TIA and related documentationAt least 2 years of experience analysing technical environments (data flows, access management, logs, SIEM, hosting, transfers, subprocessors, etc.)Strong ability to work with incomplete or inconsistent information, identify gaps and structure actionable next stepsAt least 3 recognised certifications such as CISA, CISM, CRISC, CISSP-ISSMP, CAP, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, GIAC certifications or equivalentExcellent knowledge of EU data protection legislation and regulatory frameworksStrong understanding of data protection standards, policies and best practicesSolid background in IT operations, service delivery and compliance frameworksPractical experience with privacy impact assessment methodologiesAbility to align business strategy with legal and regulatory requirementsProven capability to design and implement data protection policies and proceduresExcellent communication skills with the ability to explain complex privacy topics to diverse audiencesStrong ethical mindset and ability to adapt to regulatory changesTeam-oriented approach with strong collaboration skillsWhat We Offer:Prestigious projects within European institutions.International, innovative, and multicultural environments.Continuous support from a team of experts in EU projects.If you are ambitious, enthusiastic, and seeking a new professional challenge in international projects with real-world impact, this is the place for you!In accordance with Organic Law 3/2007 of March 22, the company is committed to promoting the defense and effective application of the principle of equality between men and women, preventing any type of labor discrimination based on sex, and guaranteeing equal entry opportunities. Furthermore, we promote diversity and reject any discrimination based on race, gender, functional diversity, religion, sexual orientation, gender identity, or any other personal or social condition, striving to build an inclusive and enriching environment.