EU Regulatory Compliance Manager (NIS2 | DORA | GDPR)

Description

Location: Katowice Hybrid model: 2 days office/3 days remote Let us introduce you the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY. At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help build a better working world. The opportunity In this role, as EU Regulatory Compliance Manager you’ll lead gap assessments, design compliance frameworks and orchestrate multi‑disciplinary implementations spanning policy, process and technology. You will help clients operationalize incident reporting, third‑party oversight and digital operational resilience testing, aligning to ISO 27001/22301 and industry guidance. What we look for We are looking for ambitious individuals interested in working in global dynamic environment. We are interested in people who would like to develop and upskill themselves as well as cooperate and support others.

What we offer

• EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across ten locations – Argentina, China, Hungary, India, the Philippines, Poland, Sri Lanka, Mexico, Spain and the United Kingdom – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.

• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

Requirements

• Certifications such as ISO/IEC 27001 Lead Implementer/Lead Auditor, CIPP/E, C‑DORA CO, CRISC, CISA or CISM

• Sector experience (financial services, healthcare, energy, digital infrastructure) and multi‑jurisdiction projects

• Working knowledge of related regulations (eIDAS 2.0, AI Act, Cyber Resilience Act) and control mapping

• Additional EU language will be an advantage

• Experience developing and delivering training

Requirements

• Expert ability to interpret regulatory text and convert it into practical, risk‑based controls and operating procedures

• Strong cybersecurity and resilience literacy (IAM, logging/monitoring, vulnerability/patch management, BCP/DR)

• Clear communication tailored to boards, regulators, technical teams and business stakeholders

• Program and change management across multi‑function initiatives; comfort with iterative/Agile rollouts

• Analytical mindset and structured documentation skills (policies, standards, playbooks, templates)

• Strong English communication - both written and verbal

• Strong computer skills, including advanced Microsoft suit (Excel, PowerPoint presentation etc.)

• Strong attention to detail even when dealing with routine tasks

• Assertive, with strong influencing skills

• Prior experience working with Global cliental preferred

• Confident to deal with senior level contacts, internally and externally

• Able to effectively summarize and conclude on work, applying appropriate documentation standards

• Able to effectively prioritize and execute tasks in a high-pressure environment

Zakres obowiązków

• Perform readiness and gap assessments against NIS2, DORA and GDPR; produce prioritized roadmaps and business cases

• Design governance, policy and control frameworks aligned to ISO/IEC 27001, ISO 22301 and relevant ENISA/EBA guidance

• Establish incident classification and reporting procedures (including dual‑reporting to competent authorities and data protection authorities where applicable)

• Define and coordinate resilience testing programs (scenario‑based testing, TLPT/threat‑led exercises) and track remediation

• Embed ICT third‑party risk management—due diligence, contractual clauses (audit rights, exit), monitoring and concentration risk

Requirements

• 5-10 years in regulatory compliance, risk management or audit with demonstrable EU regulatory experience

Requirements

• Experience conducting gap assessments, defining controls and preparing organizations for audits/inspections

• Knowledge of ISO/IEC 27001 and ISO 22301 and how they align to EU obligations

• Strong English communication skills

• Proven stakeholder management, including interactions with regulators, auditors and executive leadership

• Willingness to learn and develop

• Proactiveness and flexibility

• Confident to deal with senior level contacts

Requirements

• Deliver stakeholder training and awareness; brief executives and boards on compliance posture, risks and investment options

• Support supervisory interactions and inspections; manage corrective action plans through closure

• Support quality and risk management needs across Consulting practices