Data Protection and Classification Expert

The client is a leading international consulting company specializing in real estate, infrastructure, and industrial sector solutions. With headquarters in Stuttgart, Germany, they operate in over 60 locations worldwide and have a team of approximately 6,000 employees.

They are recognized for their innovative approach to sustainability and digitalization, offering cost-effective and future-oriented solutions tailored to the specific needs of their clients.

This role is part of an internal initiative focused on evolving and optimizing the organization’s existing data landscape. The project is centered around enhancing current processes and modernizing the data platform, with a strong focus on Microsoft Fabric and Business Intelligence capabilities.

You will work on improving and integrating existing Data Warehouse solutions while supporting the transition toward more modern, scalable architectures.

You will be joining an established internal team and collaborating closely with both IT and business stakeholders across the organization. The role reports directly to the Head of Data, ensuring alignment with company-wide data governance, security and strategic initiatives.

• Interview process that respects people and their time
• Professional and open IT community
• Internal meet-ups and resources for knowledge sharing
• Time for recovery and relaxation
• Bright online and offline events
• Opportunity to become part of our internal volunteer community

1. Data Protection Governance
   Define, implement, and maintain data protection and information classification policies, standards, and procedures.
   Ensure compliance with applicable regulations (e.g., GDPR) and recognized frameworks (ISO/IEC 27001, TISAX, NIST).
   Conduct data protection impact assessments (DPIAs) and provide expert guidance on best practices.
2. Information Classification & Handling
   Design and manage the organization’s data classification framework and handling requirements.
   Drive the classification of data across systems and business processes.
   Provide guidance and tools for labeling, tagging, and securing sensitive information.
   Support and enhance data governance and compliance initiatives using Microsoft Purview.
3. Data Lifecycle & Governance
   Partner with data owners and business units to identify, map, and document sensitive and personal data.
   Define and enforce data retention, archival, and deletion policies aligned with legal and business needs.
   Promote and embed data minimization and privacy-by-design principles.
4. Monitoring, Risk & Incident Management
   Monitor adherence to data protection and classification policies.
   Identify, assess, and communicate data-related risks to stakeholders.
   Support data incident response, including breach handling, documentation, remediation, and lessons learned.
5. Awareness & Training
   Develop and deliver training on data protection, classification, and secure data handling.
   Act as the subject matter expert (SME) for data governance and classification topics.
6. Collaboration & Advisory
   Collaborate with Cyber Security, Legal, Compliance, and Data teams to ensure aligned practices.
   Advise on technical controls such as DLP, access management, encryption, and data discovery tools.
   Support audits and regulatory requests, ensuring timely and accurate responses.

The Data Protection & Classification Expert is responsible for implementing, enhancing, and maintaining the organization’s data protection, data governance, and information classification frameworks.
This role ensures that data is managed in compliance with legal, regulatory, and internal security requirements, while supporting secure and efficient business operations.
Working closely with the Head of GRC, the role collaborates with Cybersecurity, Legal, Compliance, IT, and business stakeholders to drive consistent and scalable data protection practices across the organization.
The position also supports internal and external audits, contributes to the continuous improvement of the GRC framework, and helps strengthen overall data privacy and information security maturity across a global environment.

Key Competencies

• Strong understanding of data lifecycle management, data protection principles, and cybersecurity controls
• Solid knowledge of regulatory frameworks and standards (e.g., GDPR, ISO 27001/27701, NIST Privacy Framework, TISAX)
• Experience with data protection technologies (e.g., DLP, CASB, data discovery, encryption tools)
• Proven ability to implement policies, processes, and governance frameworks
• Strong analytical skills with high attention to detail
• Excellent communication, documentation, and stakeholder management capabilities
• Ability to work cross-functionally and manage complex topics with clarity
• Good understanding of operational security practices in IT and industrial environments

Qualifications & Certifications

• Relevant certifications such as CIPP/E, CIPM, or CIPT
• Experience with Microsoft Azure and/or Microsoft Purview
• Strong knowledge of GDPR and international data privacy regulations
• Familiarity with ISO standards (ISO 27001, ISO 27701, ISO 22301)