Data Privacy and Classification Officer

Drees & Sommer SE -
Málaga, Málaga provincia

Solicitar ahora

Detalles del empleo

Jornada completa

Beneficios

Programa de recomendación

Cualificaciones

Azure
Cifrado
Gestión de compliance
Respuesta a incidencias

Descripción completa del empleo

Experience Level

Experienced professional

Area

Location

Calle Trinidad Grund 12, 29001 Málaga

Employment Type

Full-time

Company

Drees & Sommer Digital Services

Start Date

By arrangement

The Data Protection & Classification Officer is responsible for implementing, improving and maintaining the organization’s data protection, data governance, and information classification framework. This role ensures that data is handled in accordance with legal, regulatory, and internal security requirements, while enabling secure and efficient business operations. The officer supports head of GRC in collaboration with cybersecurity, legal, compliance, IT, and business units to drive consistent data protection practices across the enterprise.

The Data Privacy and Classification Officer is a professional with extensive expertise in Data Privacy Governance, Risk, and Compliance (GRC), bringing a deep understanding of global data privacy frameworks, regulations, and best practices. With a strong track record in executing compliance programs and embedding data privacy controls within large-scale and multinational environments, this role supports Drees & Sommer’s mission to ensure regulatory compliance, business continuity, and long-term data privacy and information security maturity. Support yearly internal and external assessment and audit programme in alignment with the head of the department. Support the development, implementation, and maintenance of the company’s GRC framework.

YOUR TASKS

Core Responsibilities

1. Data Protection Governance

Develop, maintain, and enforce policies, standards, and procedures related to data protection and information classification.
Ensure compliance with relevant regulations (e.g., GDPR, national and international privacy laws) and industry frameworks (ISO/IEC 27001, TISAX, NIST).
Conduct impact assessments (e.g., DPIAs) and advise on data handling best practices.

2. Information Classification & Handling

Define and maintain the organization’s data classification scheme and associated handling requirements.
Coordinate classification of new and existing data assets across systems and business processes.
Provide guidance and tooling for labelling, tagging, and securing sensitive data.
Knowledge and experience implementing Data Governance and Compliance with Microsoft Purview.

3. Lifecycle & Data Governance Management

Support data owners and business units in identifying, mapping, and documenting personal and sensitive datasets.
Define retention, deletion, and archival requirements aligned with legal and business needs.
Oversee implementation of data minimization and “privacy-by-design” principles.

4. Monitoring, Reporting & Risk Management

Monitor compliance with data protection and classification rules.
Identify, assess, and report data protection risks to relevant stakeholders.
Support incident response related to data breaches or data loss—including documentation, remediation, and lessons learned.

5. Awareness & Training

Develop and deliver training programs on data protection, secure handling, and classification requirements.
Serve as the subject matter expert (SME) for questions related to data governance and classification.

6. Collaboration & Advisory

Work closely with Cyber Security, Data Governance, Legal, and Compliance teams.
Provide input for technical solutions such as DLP, access controls, encryption, data discovery, and classification tools.
Participate in audits and support responses to regulatory inquiries.

YOUR PROFILE

Key Competencies

Strong understanding of data lifecycle, protection mechanisms, and cybersecurity controls.
Knowledge of relevant frameworks (GDPR, NIST Privacy Framework, ISO 27001/27701, TISAX)
Familiarity with technical tooling (DLP, CASB, data discovery, encryption tools, etc.)
Excellent communication, documentation, and stakeholder management skills
Ability to work across business units and manage complex topics with clarity
Proficiency in policy and process implementation
Strong writing and documentation skills
Awareness of operational security practices in IT and industrial environments
Strong analytical thinking and attention to detail

Certifications & Qualifications

CIPP/E, CIPM, CIPT
Microsoft Azure / Microsoft Purview
Good Knowledge on GDPR and other international Data Privacy Standards
Good Knowledge on ISO 27001/27701/22301

YOUR ADVANTAGES

To ensure your work-life balance, we offer the option of mobile working

We promote your professional and personal development through individual training and further education at the Drees & Sommer Academy

We support your health with a bonus for sports enthusiasts. We offer the possibility of subscribing to a private health insurance policy

Employees benefit from tax advantages related to their commuting expenses for the office

Fiscal advantages for employees expenses in meal costs during the worktime. Employee referral program with attractive bonus scheme

Supporting career and familiy by receiving tax benefits for kindergarten expenses

Solicitar ahora

Experience Level

Area

Location

Employment Type

Company

Start Date

YOUR TASKS

YOUR PROFILE

YOUR ADVANTAGES

Herramientas para candidatos

Herramientas para empresas

Buscar

Mantener la conexión