View all jobs
Company Description
Fujitsu is a global leader in digital services, transforming organizations and the world through innovation. With a commitment to sustainability, Fujitsu builds trust in society by leveraging cutting-edge technology and innovation. Our services aim to drive positive change and create lasting impact in various industries globally.
DESCRIPTION OF THE TASKS
The external service provider will perform the following typical tasks and responsibilities:
At least three (3) certifications from the following list (or internationally recognized equivalents) are mandatory:
RoC 54 - x2 Governance Risk and Compliance Expert (GRCE) in support of DIG personal data protection activities
Warsaw, Poland| Role: | Governance Risk and Compliance Expert (Abbreviation: GRCE) |
| Location: | Frontex Headquarters (Warsaw) |
| Languages: | English C1 (Minimum level confirmed by CEFR) |
| Work Model: | Off-site service provision (Foreseen ratio: 40% intra-muros / 60% extra-muros) |
| Context/Project: | Data Protection, Data Privacy, and Personal Data compliance within ICT operations |
| Education Requirement: | Minimum level of education: Level 7 – Master’s degree |
| Security/Integrity: | Personal Security Clearance Required: CONFIDENTIEL UE/EU CONFIDENTIAL (procedure must be initiated within the first 45 days of assignment) |
Fujitsu is a global leader in digital services, transforming organizations and the world through innovation. With a commitment to sustainability, Fujitsu builds trust in society by leveraging cutting-edge technology and innovation. Our services aim to drive positive change and create lasting impact in various industries globally.
DESCRIPTION OF THE TASKS
The external service provider will perform the following typical tasks and responsibilities:
- Compliance Oversight: Ensure compliance of IT operations with data privacy and protection standards, laws, and regulations.
- Audit & Testing: Assist in designing, implementing, auditing, and compliance testing activities; monitor data protection-related training.
- Gap Analysis: Identify, document, and propose countermeasures to compliance gaps.
- Advisory Services: Provide legal advice and guidance on data privacy standards; advise specifically on personal data processing matters.
- Assessments & Documentation: Conduct privacy impact assessments; write and review records of processing activity (RoPA) and privacy statements.
- Policy & Training: Develop, maintain, and communicate data privacy policies; develop staff awareness training to foster a culture of data protection.
- Stakeholder Engagement: Inform data owners, processors, and subjects of their rights and responsibilities; act as a contact point for queries and complaints.
- External Liaison: Cooperate and share information with authorities and professional groups.
- Strategic Contribution: Contribute to the development of organizational strategy, policies, and procedures.
- Regulatory Knowledge: Excellent understanding of EU data protection legislation, regulations, standards, and frameworks (including PIAs).
- Operational Insight: Strong knowledge of IT Operations and IT Services delivery.
- Strategy Alignment: Ability to factor legal and regulatory requirements into IT business strategy and services.
- Communication: Excellent ability to explain and communicate data protection and privacy topics to diverse audiences.
- Ethics & Analysis: High adherence to ethical standards and ability to understand the implications of legal framework modifications.
- Collaborative Mindset: Strong ability to collaborate with multi-disciplinary team members and colleagues.
- IT Professional Experience: Minimum of 5 years of IT-relevant professional experience.
- Similar Position Experience: Minimum of 4 years of experience in a similar position.
- Domain Expertise:
- At least 5 years of personal data protection compliance experience in an ICT, EU institutional, or public-sector environment.
- At least 3 years of hands-on experience preparing or reviewing RoPAs, DPIAs, DPAs, or TIAs for real systems.
- At least 2 years of experience analyzing technical arrangements (e.g., access rights, logs, data flows, retention, and hosting).
- Analytical Ability: Proven ability to work with incomplete ICT-related information, identify evidence gaps, and structure clear management follow-ups.
At least three (3) certifications from the following list (or internationally recognized equivalents) are mandatory:
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)
- GSNA (GIAC Certified Systems and Network Auditor)
- GCCC (GIAC Certified Critical Controls)
- ISO 27001 Lead Implementer or Lead Auditor
- ISO 27005 Risk Manager
- CAP ((ISC)² Certified Authorization Professional)
- CRISC (ISACA Certified in Risk and Information Systems Control)
- CISSP-ISSMP ((ISC)² Certified Information Systems Security Management Professional)
- GIAC Certified ISO-27000 Specialist