Cyber Security Compliance Expert

POSITION PURPOSE

The Cybersecurity Compliance Expert is a global position with both strategic and operational components. This role is essential for ensuring that Zentiva complies with all relevant cybersecurity regulations within the European Union, including NIS2, GDPR, AI Act, and Data Act. The Cybersecurity Compliance Expert acts as a business partner to all functions interacting with cybersecurity compliance.

On the strategic level, the Cybersecurity Compliance Expert is responsible for ensuring that the company's cybersecurity practices meet current and future regulatory requirements. This includes defining compliance standards and policies, identifying and training compliance owners, and acting as the Single Point Of Contact (SPOC) for all compliance-related matters. The expert is also responsible for continuously improving and adapting the company's cybersecurity compliance framework to meet evolving regulatory needs.

On the operational level, the Cybersecurity Compliance Expert oversees the implementation of compliance measures, monitors compliance status, and ensures adherence to established standards and policies. This includes approving critical changes, conducting regular compliance audits, and managing incident response plans.

KEY RESPONSIBILITIES AND DUTIES

• Regulatory Compliance: Ensure compliance with EU cybersecurity regulations, including NIS2, GDPR, AI Act, and Data Act.
• Policy Development: Develop, implement, and maintain cybersecurity compliance policies and procedures.
• Risk Management: Conduct regular risk assessments to identify and mitigate compliance gaps.
• Monitoring and Reporting: Monitor compliance with internal and external cybersecurity regulations and prepare regular compliance reports.
• Incident Response: Develop and oversee incident response plans to ensure timely and effective handling of security breaches.
• Training and Awareness: Conduct training sessions and awareness programs for employees on cybersecurity best practices and compliance requirements.
• Collaboration: Work closely with internal teams to integrate compliance measures into existing processes and systems.
• Audit Coordination: Coordinate and support internal and external audits related to cybersecurity compliance.
• Continuous Improvement: Stay informed about evolving cybersecurity regulations and industry standards, and implement necessary adjustments to the compliance framework.

OTHER RESPONSIBILITIES

• Technical Ownership: Partial technical ownership of the cybersecurity compliance tools and systems.
• Business Ownership: Business ownership of the cybersecurity compliance domain within the company's IT infrastructure.

QUALIFICATIONS & REQUIRED SKILLS

Work history

• 5+ years in cybersecurity compliance or a related field.
• Experience in a regulated industry is preferred.

Experience

• Must-have:
  • Experience with at least some of the EU cybersecurity regulations (NIS2, GDPR, AI Act, Data Act).
  • Experience with risk assessment.
  • Experience in developing and implementing Cyber Security / compliance policies and procedures.
• Nice-to-have:
  • Experience with cybersecurity frameworks and standards (e.g., ISO 27001, NIST).
  • Experience with incident response and management.

Skills:

• Soft-skills:
  • Strong analytical and problem-solving skills.
  • Excellent communication and negotiation skills.
  • Ability to work collaboratively with cross-functional teams.
• Hard-skills:
  • Proficiency in risk assessment tools and techniques.
  • Fluent in English (C1 or C2 level – certification not required).
  • Knowledge of cybersecurity tools and systems.
  • Knowledge of IT/Cybersecurity relevant compliance.

Personal characteristics:

• Strong sense of responsibility and attention to detail.
• Proactive and continuous improvement mindset.
• Ability to stay updated with the latest cybersecurity trends and regulations.