Head of Data Privacy and Data Protection Officer (DPO) for Ciklum

Kyiv, Gdansk, Wroclaw, Malaga


Ciklum is a Software Engineering and Solutions Company. Our 3,000+ IT professionals are located in the offices and delivery centres in Ukraine, Belarus, Poland and Spain.

As Ciklum employee, you'll have the unique possibility to communicate directly with the client when working in Extended Teams. Besides, Ciklum is the place to make your tech ideas tangible. The Vital Signs Monitor for the Children’s Cardiac Center as well as Smart Defibrillator, the winner of the US IoT World Hackathon, are among the cool things Ciklumers have developed.

Ciklum is a technology partner for Google, Intel, Micron, and hundreds of world-known companies. We are looking forward to seeing you as a part of our team!

Read more about the client


Ciklum is looking for a Head of Data Privacy and Data Protection Officer (DPO) to join our team on a full-time basis.

This role has group-level responsibility and can be based in Kyiv, Gdansk, Wroclaw or Malaga office.


The Head of Data Privacy and DPO will lead and mature the privacy function and its management system to ensure Ciklum’s compliance with Data Privacy obligations globally. In addition, the Head of Data Privacy and DPO will operate as a privacy subject matter expert and DPO, both within Ciklum (corporate), its clients and vendors, and supervisory authorities from time to time.

Key Responsibilities include:

  • Ownership of Ciklum’s Data Privacy strategy, governance, and programme as part of wider Information Security (IS) Governance and strategy
  • In cooperation with IS management, formulate the Data Privacy strategy and programme and deliver the Privacy Programme and roadmap of work
  • Lead and perform the analysis of the current Data Privacy compliance to detect critical security deficiencies, report on these to the business and recommend remediation, mitigation or improvements
  • Establish and run privacy management processes
  • Create and update Privacy Programme Policies and Procedures, Privacy Notices and Consents Forms
  • Gather and report on performance of KPIs of Privacy Programme
  • Submit Privacy budget as part of Ciklum global IS and Privacy budget
  • Manage PD inventory and mapping, (including scoping of personal data (PD) inventory, conducting interviews with relevant other functions) and periodic update of both PD inventory reports and maps
  • In cooperation with IS management, procure, mobilise and manage audit initiatives (ISO/IEC 27001:2013, privacy internal audits, etc.)
  • In cooperation with IS management, define, document and implement the requirements of ISO 27001 standard as applicable to data privacy; maintain and manage Privacy risks register and Privacy Controls Statement of Applicability
  • Operate and implement effective Data Privacy risk assessment and treatment (incl., define and assess PD processing risk levels, suggest risk treatment strategies, approve risks and risk mitigation strategies with risk owners)
  • Ensure compliance with GDPR, suggest and ensure compliance with other data privacy legislation applicable upon Ciklum entities
  • Jointly with IS function, manage IS and Privacy incidents (incl. register and investigate PD incidents, document PD Breaches, assess risks connected with PD Breach, define communication strategy for PD Breach)
  • Ensure privacy requirements are met within change management processes
  • Conduct DPIA for projects and PD processing where required (including, DPIA reporting, risk definition and assessment)
  • Respond and manage data subject requests (incl. communication with data subjects and internal stakeholders, fulfilling the requests, responding on the results)
  • Manage Data Privacy requirements in relations with Ciklum vendors and customers (incl. maintaining active registers of vendor processing Ciklum PD and processing of customer PD)
  • Communicate with clients and vendors within Data Processing Agreements, respond to their requests about Ciklum’s Data Privacy, review, and signoff of data privacy terms and conditions in commercial contracts to ensure that Ciklum as personal data processor can fulfill requirements stated
  • Communicate with Data Protection Supervisory Authorities, report and establish relationship with Supervisory Authorities
  • Communicate within organisation on key Data Privacy updates (incl. policies news, trainings, breaches)
  • Conduct data privacy trainings (incl. maintaining existing and updating/creating new trainings) within Data Privacy team and across organisation
  • Maintain subscription to IAPP and monitor news and updates provided by IAPP

Stakeholder Management

The Head of Data Privacy and DPO should effectively manage relationships with senior business executives, stakeholders, colleagues, customers and suppliers.

Responsibilities include:

  • Maintaining regular stakeholder contact through face-to-face and written communication
  • Dealing with customers and internal stakeholder queries professionally and expeditiously, and creating an environment where they recognise positive service and respect for business stakeholders.
  • Recognising opportunities for improvement and champion change management initiatives and motivate team members to embrace change
  • Communicating complex concepts and issues clearly and succinctly to stakeholders at all levels of the organisation, from junior staff to senior management


  • At least 5 years experience in a professional compliance, data privacy or information security role or equivalent role, with focused experience in an data privacy leadership role or equivalent role managing data privacy agenda
  • Proven program management skills and dealing with customer requests
  • Knowledge and practical experience in:
    • Establishing and managing a privacy programme
    • Managing PD protection obligations
    • Corporate business continuity processes
    • Procuring, contributing or managing audit initiatives (ISO 27001, 27701, etc.)
  • Ability to work effectively with internal and external stakeholders
  • Fluent spoken English and Ukrainian or Russian
  • Excellent written English
  • Ability to efficiently create clear, concise written documents, presentations, roadmaps and diagrams in English


  • Experienced privacy/technology lawyer/auditor or information systems professional
  • Relevant master’s degree education
  • Data privacy qualification(s) desirable, e.g. C-DPO, CIPP-E
  • ISO 27001 Lead Auditor, 22301 Lead Auditor or equivalent is a plus

Personal skills

  • Positive attitude, can-do mindset and a self-starter
  • Ability to work in a fast-paced and autonomous manner calmly
  • Marshalling resources and leading people and projects
  • Ability to work in an unstructured environment, bringing structure to that
  • Understands and balances long-term (“big picture”) and short-term perspectives
  • Excellent influencing, communication and presentation skills
  • A high degree of accountability and a track record of delivering on commitments

What's in it for you

  • Ability to work on challenging projects, deal with complex solutions
  • Nicely designed, centrally located offices with a warm atmosphere that creates good working conditions
  • A unique working environment where you communicate and work directly with client
  • Strong focus on continuous expertise growth through various training and communities