Skip to content
Back to open positions

Data protection GRC Manager

Tel Aviv   |   Hybrid   |   Fulltime

About Entero

Entero is a global compliance consulting firm specializing in tech, digital consumer protection, and data protection. We serve small and medium-sized tech companies across various industries, providing expert guidance on privacy, data protection, AI, and consumer protection. Our solutions include compliance program development, GRC program integration, trust and compliance portals, and ongoing regulatory advisory services.

Role Overview

A Governance, Risk, and Compliance (GRC) Manager plays a critical role in organizations by documenting, implementing and overseeing policies, procedures, and frameworks that ensure compliance with legal and regulatory standards, manage risks, and maintain effective corporate governance. 

This role bridges multiple disciplines around privacy, data protection, cyber law, consumer protection and AI law —such as risk management, compliance, and governance—helping organizations to stay aligned with regulatory requirements, reduce risks, and optimize decision-making across business operations.

Reporting to Entero’s program manager/CEO, and directly to the client (several SMB’s in various tech and product industries).

Key Responsibilities

  1. Conducting data mapping and documentation records of processing activities, including:
  • End-to-end product reviews
  • Data flows mapping
  • Vendors mapping
  • Documenting and maintaining records of processing activities
  1. Governance Framework Development and Implementation: Develop and enforce governance policies, including privacy and data protection, retention, ethics, and standards that align with the client’s organization’s strategic objectives; Collaborate with the client’s executive leadership and department heads to establish robust governance processes.
  2. Communication: Working with the team at Entero and with the client to establish a compliance communication program and implement it into the client’s different departments; Helping to develop and maintain knowledge portals, amongst other things, as part of the communication program.
  3. Risk Management: Identify, assess, and prioritize compliance and privacy risks across the client’s organization; Develop and implement risk mitigation strategies, including risk assessments, audits, and controls; Maintain risk registers and ensure regular reporting on risk status and management actions.
  4. Compliance Oversight and Management: Ensure the client’s organization’s operations align with local, national, and international laws and regulations (e.g., GDPR, CCPA/CPRA, and similar regulatory frameworks); Oversee compliance programs, including data protection and information security; Manage internal and external audits and monitor compliance metrics and reporting mechanisms.
  5. Policy Development and Enforcement: Establish for clients and help them maintain policies and procedures that align with privacy and data protection GRC best practices; Ensure policies are communicated and enforced across departments, including training and awareness programs; Update client’s policies regularly to reflect regulatory changes and industry standards.
  6. GRC Program Implementation and Monitoring: Coordinate and lead data protection compliance frameworks, initiatives and projects, ensuring they are integrated into the client’s organization’s operations; Monitor the effectiveness of GRC programs through regular evaluations, audits, and key performance indicators (KPIs); Use GRC tools and software to streamline reporting, automate compliance checks, and track risk management efforts.
  7. Reporting and Documentation: Prepare regular reports on privacy and data protection GRC issues, including compliance status, risk exposure, and governance updates; Maintain thorough documentation for all GRC activities to meet regulatory requirements and support audit processes.
  8. Cross-Functional Collaboration: Act as a liaison between legal, finance, R&D, product, operation, IT, HR, and other departments to ensure an integrated approach to privacy and data protection GRC; Work closely with internal clients’ stakeholders to embed GRC processes into business workflows and activities, helping to cultivate a risk-aware culture.
  9. Research on Regulatory and Market Developments:
  • Conduct Research on Regulatory Updates: Stay informed on recent regulatory developments, industry standards, and enforcement actions impacting GRC. This includes regularly monitoring governmental bodies, legal publications, and compliance resources to gather updates on relevant laws, such as GDPR, CCPA/CPRA, and similar regulatory acts.
  • Analyze Enforcement Actions and Fines: Investigate recent enforcement actions by regulatory authorities (e.g., European Data Protection Board, European Commission, FTC, FCC, FCA, etc.) to identify trends, common compliance issues, and implications for the organization.

Essential Skills and Qualifications

  • Experience: Preferably 3-5 years as a privacy and data protection specialist/manager/officer or a GRC analyst or manager. 
  • Skills: Analytical, solution-driven mindset; proficient in project and client relationship management; Native-level proficiency in English (both written and spoken); clear, professional, effective, and concise written and spoken communication in English. 
  • Education: bachelor’s or master’s degree in fields such as business administration, law, finance, or risk management. 
  • Analytical and Problem-Solving Skills: Strong ability to analyze data, assess risk, and make informed decisions.
  • Communication Skills: Proficiency in communicating and simplifying complex regulatory requirements and risk scenarios to non-specialist stakeholders.
  • Technical Skills: Knowledge of tech, web, privacy and data protection terminology, tech-savvy, attention to detail.

Apply now

Learning and Development Opportunities

As a Data Protection GRC Manager at Entero, you will have access to clients’ operations, and continuous learning and development opportunities, empowering you to expand your expertise in privacy and data protection program management, regulatory frameworks, and compliance operations. You’ll engage with diverse industries and tackle multi-faceted GRC challenges, from privacy risk assessment to policy development and framework implementation. This role offers exposure to cutting-edge products and technologies, allowing you to refine your technical skills while working hands-on with advanced data protection solutions. Additionally, staying at the forefront of regulatory developments globally and participating in international compliance discussions will support your growth as a privacy and data protection expert.

Subscribe to our list

Your subscription is subject to our privacy policy

© 2022 All Rights Reserved to Entero Strategies Ltd.

Application Form

At this point we onboard founding members only. To apply as a founding member please complete and submit the form and we will get back to you within 10 days.

* Submission of application form does not constitute a membership approval

small_c_popup.png

SIMPLIFIED COMPLIANCE WORKSHOPS

Request to exercise privacy right

The EU and the EK GDPR

Each of the rights listed below may be exercised by submitting this request electronically, by clicking on the “Submit” button, or, by sending the completed form by email to dpo@avanquest.com, or by post to XXX.

Pay attention:

  • Fields marked with * are required for the application to be validated and processed.
  • If you granted your consent for the processing of personal data that is subject to your request via either channel, (complete)