Middle Compliance Specialist / Data Privacy

N-iX is a software development service company that helps businesses across the globe develop successful software products. Founded in 2002, N-iX has come a long way and increased its presence in nine countries -  Poland, Romania, Ukraine, Bulgaria, Sweden, Malta, the UK, the US, and Colombia. Today, we are a strong community of 2,000+ professionals and a reliable partner for global industry leaders and Fortune 500 companies.

Currently N-iX is seeking an experienced and dedicated Compliance Specialist with a strong focus on Data Privacy. This mid-level role is crucial in ensuring our organization's adherence to global data protection laws and best practices. As Compliance Specialist you will be involved in continuous improvement, implementing, and monitoring our data privacy program, providing expert guidance across the business, proactively managing privacy risks, ensuring contractual compliance and business continuity planning.

Duties:

• Privacy Program Management: oversee the ongoing development, implementation, and maintenance of the company's comprehensive data privacy program
• Regulatory Compliance: Ensure continuous compliance with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), and other relevant national and international privacy frameworks
• Support client engagement activities in the information security, data protection, or compliance domain. Perform contracts review and ad-hoc questionnaires preparation.
• Policy & Procedure Development: review, and update internal data privacy policies, procedures, and guidelines to reflect legal requirements and best practices
• Privacy by Design/Default: Provide expert privacy advice and guidance to various business units throughout the lifecycle of processes, projects, systems, and services, promoting Privacy by Design and Default principles
• Data Protection Impact Assessments (DPIAs): Conduct and oversee Data Protection Impact Assessments (DPIAs) for new and significant changes to existing data processing activities
• Data Subject Rights: Manage and respond to Data Subject Rights (DSR) requests (e.g., access, rectification, erasure, portability) in a timely and compliant manner
• Third-Party Risk Management: Support the assessment of privacy risks associated with third-party vendors and data processors, including reviewing data processing agreements and Standard Contractual Clauses as needed
• Incident Response: Assist in data breach incident response planning and execution, including investigation, containment, and notification procedures as required by law
• Training & Awareness: Develop and deliver engaging data privacy training and awareness initiatives for the staff across the organization
• Monitoring & Reporting: Monitor compliance with internal privacy policies and external regulations, prepare regular compliance reports for management, and identify areas for improvement
• Internal Audits: provide support for internal privacy audits and assessments to identify gaps and ensure adherence to privacy standards and controls, including potentially contributing to ISO 27701 (Privacy Information Management System) audits
• Record Keeping: Maintain accurate records of data processing activities (ROPA) and other relevant privacy documentation.

Qualifications:

• 3+ years of demonstrated experience in data privacy compliance, data protection, or a related legal/compliance role, preferably within a fast-paced or regulated industry
• In-depth knowledge and practical application experience of GDPR is essential. Familiarity with other global privacy regulations is a strong advantage
• Understanding of information security principles and their intersection with data privacy (e.g., ISO 27001 and family, SOC2 Type II)
• Relevant professional certification(s) such as CIPP/E, CIPP/M, CIPM, CDPSE, or equivalent are highly desirable and are a strong advantage
• Strong analytical, problem-solving, and critical thinking skills with the ability to interpret complex legal and regulatory requirements
• Excellent written and verbal communication skills, with the ability to articulate complex privacy concepts clearly to technical and non-technical audiences
• Proven ability to work independently, manage multiple priorities, and meet deadlines in a dynamic environment
• High level of integrity, discretion, and ethical conduct
• Excellent written and verbal communication skills in English