Description

GRC Specialist | Bridging the Gap between IT Security, Legal Compliance & AI Governance

How I Can Help Your Organization

Are you navigating the complexities of ISO 27001, struggling with GDPR documentation, or concerned about the upcoming requirements of the EU AI Act?

I help fast-growing startups and established enterprises in Berlin build robust Information Security Management Systems (ISMS) that are not just "compliant on paper," but technically sound and audit-ready. With a background as a qualified lawyer and hands-on training in Cybersecurity, I translate complex legal requirements into actionable IT controls.

What Sets Me Apart

The biggest challenge in GRC is the "silo" between the legal department and the IT team. I bridge that gap.

Legal Expertise: I understand the nuances of the BGB, TTDSG, and GDPR, ensuring your data processing and contracts are watertight.

Technical Proficiency: Unlike traditional compliance consultants, I understand the tech stack. I can discuss vulnerability management, IAM, and cloud security (AWS/GCP) directly with your DevOps and Security teams.

AI Governance Pioneer: I specialize in the EU AI Act, helping companies classify AI systems (Annex III) and implement the necessary risk management frameworks before the deadlines hit.

Key Deliverables & Projects I Manage

I provide end-to-end support for your GRC roadmap, including:

Framework Implementation: Gap analysis and roadmap for ISO/IEC 27001 and NIST CSF.

Data Privacy & GDPR: Building RoPA registers, conducting DPIAs, and finalizing audit-ready Cookie Policies.

Risk Management: Developing prioritized Risk Registers (likelihood/impact scoring) and treatment plans.

AI Compliance: High-risk AI classification, governance policy development, and ethical AI alignment.

Policy Pack Development: Drafting tailored policies for Access Control, BYOD, Remote Work, and Incident Response.

Third-Party Risk (TPRM): Reviewing DPAs and vendor security assessments to secure your supply chain.

Languages

English
Native or bilingual
Spanish
Native or bilingual
German
Conversational

Workplace preferences

Can work on-site

Berlín (up to 50km)

Researchpreneurs
GRC Specialist (Intern)
February 2026 - April 2026 (2 months)
Berlin, Germany
-Conducted ISO 27001 gap analysis, built an asset inventory in Eramba GRC, and developed a full policy pack (DPIA, BYOD, remote work, acceptable use, access control) aligned with ISO 27001 and GDPR.

-Performed structured risk assessments (likelihood, impact, residual risk scoring) and built a prioritized risk register with mitigation actions, control owners, and review cycles.

-Delivered a multi-framework platform flow review covering authentication, data collection, third-party integrations, and AI-based features against GDPR, ISO 27001, and EU AI Act (Annex III high-risk classification).

-Finalized an audit-ready Cookie Policy with third-party vendor analysis, GDPR Art. 5(2) classification, and verified consent banner behavior; researched German data retention obligations (HGB, AO, BGB ss. 195 & 305).

-Reviewed the company's Terms & Conditions, identified and prioritized compliance gaps across GDPR, BGB, and EU AI Act; managed a GRC ticket tracker and coordinated remediation directly with the CEO.

-Built the company's RoPA register from scratch covering 20+ processing activities per GDPR Art. 30, documenting legal bases, retention periods, cross-border transfer mechanisms (SCCs, DPF, BCR), and TOMs.

-Reviewed a vendor DPA, identified GDPR non-conformities, and drafted a formal amendment request; investigated email deliverability issues (SPF, DKIM, DMARC) and produced a technical findings report.
GDPR Compliance Cybersecurity GRC Policy Development EU AI Act ISO 27001
Self-employed
Freelance Legal Counsel
January 2017 - January 2019 (2 years)
Bogotá, Bogota, Colombia
-Advised SMEs and individuals on labor and social insurance compliance, contributing to reduced legal exposure and improved regulatory adherence.
-Drafted over 100 contracts and legal submissions, supporting favorable outcomes in administrative and civil proceedings.
Salazar Lawyers
Legal Coordinator
December 2015 - December 2016 (1 year)
Barranquilla, Atlantico, Colombia
-Managed legal collections across 200+ active cases, ensuring data accuracy and timely documentation to support litigation.
-Represented clients in court and advised on credit liquidation strategies, contributing to the successful recovery of outstanding debts.