Location: Katowice

Hybrid model: 2 days office/3 days remote

EU Regulatory Compliance Manager (NIS2 | DORA | GDPR)

Let us introduce you the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY.

At EY, we’re all in to shape your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.​

Join EY and help build a better working world.

The opportunity

In this role, as EU Regulatory Compliance Manager you’ll lead gap assessments, design compliance frameworks and orchestrate multi‑disciplinary implementations spanning policy, process and technology. You will help clients operationalize incident reporting, third‑party oversight and digital operational resilience testing, aligning to ISO 27001/22301 and industry guidance.

Your key responsibilities

• Perform readiness and gap assessments against NIS2, DORA and GDPR; produce prioritized roadmaps and business cases

• Design governance, policy and control frameworks aligned to ISO/IEC 27001, ISO 22301 and relevant ENISA/EBA guidance

• Establish incident classification and reporting procedures (including dual‑reporting to competent authorities and data protection authorities where applicable)

• Define and coordinate resilience testing programs (scenario‑based testing, TLPT/threat‑led exercises) and track remediation

• Embed ICT third‑party risk management—due diligence, contractual clauses (audit rights, exit), monitoring and concentration risk

• Map and rationalize control requirements across overlapping regulations; create evidence models and audit‑ready documentation

• Deliver stakeholder training and awareness; brief executives and boards on compliance posture, risks and investment options

• Support supervisory interactions and inspections; manage corrective action plans through closure

• Support quality and risk management needs across Consulting practices

Skills and attributes for success

• Expert ability to interpret regulatory text and convert it into practical, risk‑based controls and operating procedures

• Strong cybersecurity and resilience literacy (IAM, logging/monitoring, vulnerability/patch management, BCP/DR)

• Clear communication tailored to boards, regulators, technical teams and business stakeholders

• Program and change management across multi‑function initiatives; comfort with iterative/Agile rollouts

• Analytical mindset and structured documentation skills (policies, standards, playbooks, templates)

• Strong English communication - both written and verbal

• Strong computer skills, including advanced Microsoft suit (Excel, PowerPoint presentation etc.)

• Strong attention to detail even when dealing with routine tasks

• Assertive, with strong influencing skills

• Prior experience working with Global cliental preferred

• Confident to deal with senior level contacts, internally and externally

• Able to effectively summarize and conclude on work, applying appropriate documentation standards

• Able to effectively prioritize and execute tasks in a high-pressure environment

To qualify for the role, you must have

• 5-10 years in regulatory compliance, risk management or audit with demonstrable EU regulatory experience

• Deep working knowledge of NIS2 and GDPR; strong familiarity with DORA requirements for financial entities and ICT providers

• Experience conducting gap assessments, defining controls and preparing organizations for audits/inspections

• Knowledge of ISO/IEC 27001 and ISO 22301 and how they align to EU obligations

• Strong English communication skills

• Proven stakeholder management, including interactions with regulators, auditors and executive leadership

• Willingness to learn and develop

• Proactiveness and flexibility

• Confident to deal with senior level contacts

Ideally, you’ll also have

• Certifications such as ISO/IEC 27001 Lead Implementer/Lead Auditor, CIPP/E, C‑DORA CO, CRISC, CISA or CISM

• Sector experience (financial services, healthcare, energy, digital infrastructure) and multi‑jurisdiction projects

• Working knowledge of related regulations (eIDAS 2.0, AI Act, Cyber Resilience Act) and control mapping

• Additional EU language will be an advantage

• Experience developing and delivering training

What we look for

We are looking for ambitious individuals interested in working in global dynamic environment. We are interested in people who would like to develop and upskill themselves as well as cooperate and support others.

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across ten locations – Argentina, China, Hungary, India, the Philippines, Poland, Sri Lanka, Mexico, Spain and the United Kingdom – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.

• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

About EY

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

In compliance with the requirements of the Whistleblower Protection Act, our company has established the Procedure for reporting breaches of law and undertaking appropriate follow-up actions. Any misconduct should be reported through the EY Ethics Hotline.