Description

GRC Specialist | Bridging the Gap between IT Security, Legal Compliance & AI Governance

How I Can Help Your Organization

Are you navigating the complexities of ISO 27001, struggling with GDPR documentation, or concerned about the upcoming requirements of the EU AI Act?

I help fast-growing startups and established enterprises in Berlin build robust Information Security Management Systems (ISMS) that are not just "compliant on paper," but technically sound and audit-ready. With a background as a qualified lawyer and hands-on training in Cybersecurity, I translate complex legal requirements into actionable IT controls.

What Sets Me Apart

The biggest challenge in GRC is the "silo" between the legal department and the IT team. I bridge that gap.

Legal Expertise: I understand the nuances of the BGB, TTDSG, and GDPR, ensuring your data processing and contracts are watertight.

Technical Proficiency: Unlike traditional compliance consultants, I understand the tech stack. I can discuss vulnerability management, IAM, and cloud security (AWS/GCP) directly with your DevOps and Security teams.

AI Governance Pioneer: I specialize in the EU AI Act, helping companies classify AI systems (Annex III) and implement the necessary risk management frameworks before the deadlines hit.

Key Deliverables & Projects I Manage

I provide end-to-end support for your GRC roadmap, including:

Framework Implementation: Gap analysis and roadmap for ISO/IEC 27001 and NIST CSF.

Data Privacy & GDPR: Building RoPA registers, conducting DPIAs, and finalizing audit-ready Cookie Policies.

Risk Management: Developing prioritized Risk Registers (likelihood/impact scoring) and treatment plans.

AI Compliance: High-risk AI classification, governance policy development, and ethical AI alignment.

Policy Pack Development: Drafting tailored policies for Access Control, BYOD, Remote Work, and Incident Response.

Third-Party Risk (TPRM): Reviewing DPAs and vendor security assessments to secure your supply chain.

Langues

Anglais
Bilingue ou natif
Espagnol
Bilingue ou natif
Allemand
Capacité professionnelle limitée

Préférences en matière de lieu de travail

Accepte de travailler sur site

Berlín (jusqu’à 50 km)

Researchpreneurs
GRC Specialist (Intern)
février 2026 - avril 2026 (2 mois)
Berlin, Germany
-Conducted ISO 27001 gap analysis, built an asset inventory in Eramba GRC, and developed a full policy pack (DPIA, BYOD, remote work, acceptable use, access control) aligned with ISO 27001 and GDPR.

-Performed structured risk assessments (likelihood, impact, residual risk scoring) and built a prioritized risk register with mitigation actions, control owners, and review cycles.

-Delivered a multi-framework platform flow review covering authentication, data collection, third-party integrations, and AI-based features against GDPR, ISO 27001, and EU AI Act (Annex III high-risk classification).

-Finalized an audit-ready Cookie Policy with third-party vendor analysis, GDPR Art. 5(2) classification, and verified consent banner behavior; researched German data retention obligations (HGB, AO, BGB ss. 195 & 305).

-Reviewed the company's Terms & Conditions, identified and prioritized compliance gaps across GDPR, BGB, and EU AI Act; managed a GRC ticket tracker and coordinated remediation directly with the CEO.

-Built the company's RoPA register from scratch covering 20+ processing activities per GDPR Art. 30, documenting legal bases, retention periods, cross-border transfer mechanisms (SCCs, DPF, BCR), and TOMs.

-Reviewed a vendor DPA, identified GDPR non-conformities, and drafted a formal amendment request; investigated email deliverability issues (SPF, DKIM, DMARC) and produced a technical findings report.
GDPR Compliance Cybersecurity GRC Policy Development EU AI Act ISO 27001
Self-employed
Freelance Legal Counsel
janvier 2017 - janvier 2019 (2 ans)
Bogotá, Bogota, Colombia
-Advised SMEs and individuals on labor and social insurance compliance, contributing to reduced legal exposure and improved regulatory adherence.
-Drafted over 100 contracts and legal submissions, supporting favorable outcomes in administrative and civil proceedings.
Salazar Lawyers
Legal Coordinator
décembre 2015 - décembre 2016 (1 an)
Barranquilla, Atlantico, Colombia
-Managed legal collections across 200+ active cases, ensuring data accuracy and timely documentation to support litigation.
-Represented clients in court and advised on credit liquidation strategies, contributing to the successful recovery of outstanding debts.