Cybersecurity, GRC & Compliance Consultant

• CIPP/E Certified Information Privacy Professional/Europe
• CIPT – Certified Information Privacy Technologist (IAPP)
• CISA – Certified Information Systems Auditor (ISACA)
• AIGP – AI Governance Professional (IAPP)

• Strong background in cybersecurity, information systems auditing, governance, and regulatory compliance.
• Deep understanding of EU frameworks (GDPR, NIS2, DORA) and global standards (ISO 27001, SOC 2, PCI-DSS, HIPAA).
• Exceptional communication, advisory, and cross-functional leadership skills.
• Ability to translate complex technical and legal concepts into clear, actionable guidance for business leaders.
• English speaker;
• Ambition and desire to assert oneself through performance;
• Willingness to learn continuously
• Positive attitude and orientation towards the client (to have charisma)
• Ability to synthesize, observe, organize, and manage time efficiently
• Ability to have flexibility of the schedule, with orientation of the client’s needed
• Practice profession with passion
• Loyalty about the company and culture of company
• Family center of his/her principal value

• Increase the GRC maturity level of supported organisations.
• Achieve successful ISO, SOC 2, NIS2, and DORA audit outcomes.
• Implement a structured enterprise IT & cyber risk management framework.
• Improve security posture and reduce regulatory or operational incidents.

• Conduct comprehensive information systems audits, identify critical vulnerabilities, and develop remediation and risk-mitigation plans.
• Evaluate security controls across network security, identity and access management, intrusion detection, and zero-trust architecture.
• Lead cybersecurity maturity assessments for critical infrastructure and enterprise environments.

• Manage full-cycle compliance projects for NIS2, ISO 27001, SOC 2, and DORA, from gap analysis to audit readiness and successful certification.
• Develop governance and operational-resilience frameworks for clients in the financial sector, healthcare, e-commerce, and technology.
• Drive IT governance processes and create policies, procedures, and enterprise-level risk methodologies.

• Perform DPIAs, LIAs, ROPA, and design privacy policies to ensure robust GDPR compliance and effective regulatory engagement.
• Build and deliver tailored training programs on data privacy and cybersecurity awareness.

• Analyse regulatory implications on client operations and deliver strategic recommendations to senior leadership.
• Advise stakeholders on aligning business processes with technical and regulatory cybersecurity requirements.
• Contribute to national cybersecurity initiatives, including expert input for the transposition of the NIS2 Directive.

• A pleasant and dynamic work environment where you can't get bored;
• The chance to learn and develop continuously - by participating in programs, courses, etc. in accordance with the established career plan;
• Private health insurance;
• Participation at conferences and business events paid by the company;
• Continuous training and preparation
• Flexible schedule: from home and from the office
• Open minded management vision

Decalex Digital operates as a global entity, providing Governance, Risk Management, and Compliance (GRC) services, with well-established presences in Romania and the UK.
With over a decade of expertise in privacy and cybersecurity Decalex stands as a market leader, providing a comprehensive suite of Governance, Risk Management, and Compliance (GRC) services. Our offerings encompass a wide spectrum from data protection and cybersecurity to Anti-Money Laundering (AML)/Know Your Customer (KYC) compliance and whistleblowing support.
All team members are seniors and are internationally certified as experts in the industry. Moreover, to provide a complete perspective on the client company's situation when compliance is sought, the team of specialists involved in the project is multidisciplinary (Legal, IT, Project management, business intelligence).
Decalex is lauded for its innovative solutions and business-focused approach, crafting and managing compliance plans that safeguard data, ensure cybersecurity, comply with financial regulations, and facilitate ethical business practices. Our dedication to excellence and comprehensive service offerings make us the partner of choice for businesses seeking to navigate the complexities of GRC with ease and assurance.