Legal Specialist, DPO

Sitero is an emerging leader in Clinical services and software solutions for the life sciences industry. We have experience and expertise in a diverse range of therapeutic areas and focus on innovative technology-enabled solutions that allow our clients to focus on their core strengths. For early phase studies through Phase III clinical trials our experienced team delivers high-touch services and technology to ensure the safety of all stakeholders across the clinical research community with an emphasis on ethics compliance and innovation.

Job Title: Legal Specialist DPO

Location: Poland

Function: Corporate Counsel

Sitero is seeking an experienced and motivated Legal Specialist who will serve a dual function role as the companys designated Data Protection Officer (DPO). Based in Poland this individual will provide day-to-day corporate legal counsel across a broad range of business matters while assuming primary responsibility for Siteros data privacy program in compliance with the EU General Data Protection Regulation (GDPR) and other applicable privacy and security laws.

This is a high-visibility dual-function role ideal for a Poland-based legal professional who possesses deep knowledge of European data protection law and is equally comfortable providing practical legal guidance on employment matters vendor contracts and corporate governance. The DPO function carries statutory independence under GDPR Article 3739 and reports directly to senior leadership.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Data Protection Officer DPR & Privacy

• Serve as Siteros officially designated DPO under GDPR Article 37 acting as the primary point of contact for data subjects supervisory authorities and internal stakeholders on all data protection matters.
• Lead the development implementation enforcement and ongoing monitoring of Siteros global Data Privacy Policy and Data Protection Program to ensure full compliance with GDPR applicable US privacy laws and other regional privacy and security regulations.
• Oversee and conduct Data Privacy Impact Assessments (DPIAs) as required under GDPR Article 35 addressing the following areas in each assessment:
• The purpose(s) for which Personal Data is being processed and the processing operations to be carried out.
• Details of the legitimate interests being pursued by Sitero.
• An assessment of the necessity and proportionality of processing operations relative to the stated purpose(s).
• An assessment of the risks posed to data subjects including likelihood and severity.
• Details of measures in place to minimize and handle risks including safeguards data security controls and other mechanisms to demonstrate compliance.
• Receive investigate and respond to reported or discovered violations of Data Processing Agreements (DPAs) coordinating timely remediation and reporting to senior leadership; serve as the primary contact at for all data protection inquiries and violation notifications.
• Maintain and continuously update Siteros Records of Processing Activities (RoPA) in accordance with GDPR Article 30.
• Manage data subject rights requests (access rectification erasure portability objection) within statutory timeframes.
• Review negotiate and maintain Data Processing Agreements and Standard Contractual Clauses (SCCs) with vendors processors and sub-processors.
• Monitor and advise on regulatory developments across EU member states proactively identifying compliance gaps and recommending corrective action.
• Liaise directly with the Polish supervisory authority (UODO) and other EU data protection authorities as required.
• Deliver organization-wide data privacy training and awareness programs; foster a culture of privacy-by-design and data minimization.

Corporate Legal Counsel

• Provide day-to-day legal advice on a broad range of corporate matters including commercial contracts vendor agreements service agreements confidentiality/NDA agreements and clinical trial-related legal documents.
• Draft review and negotiate contracts with clients vendors and business partners ensuring alignment with Siteros risk tolerance and applicable law.
• Advise leadership on corporate governance regulatory compliance and risk management escalating material legal risks as appropriate.
• Support intellectual property protection including review of IP-related clauses in commercial agreements.
• Assist in managing disputes claims and litigation strategy in coordination with external counsel.
• Support corporate entity management and compliance filings across Siteros European legal entities.
• Stay current on Polish and EU commercial law and advise on the legal impact of regulatory changes on Siteros operations.

Employment Law & HR Partnership

• Serve as the primary legal advisor to the People & HR team on all employment law matters in Poland and where applicable across EU jurisdictions.
• Advise on the full employment lifecycle including hiring practices employment contract templates compensation structures performance management disciplinary procedures and terminations ensuring compliance with the Polish Labor Code and applicable EU employment directives.
• Review and maintain compliant employee policies handbooks and HR procedures ensuring alignment with both Polish law and Siteros global people policies.
• Advise on the intersection of data privacy and human resources including lawful bases for processing employee personal data employee monitoring policies and HR data retention schedules.
• Support the HR team with legal aspects of employee relations matters including investigations grievances and accommodations.
• Advise on works council obligations employee representation requirements and collective labor matters where applicable under Polish law.
• Partner with HR to ensure onboarding processes background screening and employee data handling are fully GDPR-compliant.
• Provide guidance on cross-border employment arrangements including remote work policies and international employee data transfers.

EDUCATION AND EXPERIENCE REQUIRED:

• Law degree (LL.B. LL.M. or equivalent) from an accredited institution; admission to the Polish Bar (Radca Prawny or Adwokat) or equivalent EU bar is strongly preferred.
• Minimum 5 years of post-qualification legal experience with significant exposure to data protection and privacy law.
• Demonstrated in-depth knowledge of the GDPR and its practical application in a corporate environment including DPIA methodology DPA drafting and interaction with supervisory authorities.
• Strong working knowledge of Polish employment law (Kodeks Pracy) and its application to HR and people operations.
• Experience drafting and negotiating commercial contracts vendor agreements and data processing agreements.
• Fluency in Polish and English (written and spoken) is required; additional EU language proficiency is an asset.
• Certified Information Privacy Professional / Europe (CIPP/E) or equivalent privacy certification is highly desirable.
  
  

Preferred Experience

• Prior experience serving in a DPO capacity or in a dedicated privacy counsel role.
• Experience in the life sciences clinical research or healthcare sector with familiarity with clinical data and regulatory frameworks (e.g. ICH-GCP EMA guidelines).
• Familiarity with US privacy regulations (e.g. HIPAA CCPA) and their interplay with GDPR.
• Experience with multi-jurisdictional data governance in an international organization.
• Working knowledge of ISO 27001 or similar information security standards.

COMPENSATION & BENEFITS:

Siteroproudly offers animpressive compensation package and benefits including a competitive salary paid time off and healthcare and retirement benefits.

EMPLOYMENT TYPE:

Full Time Permanent

COMMITMENTS:

• Standard Hours 40 hours per week one hour lunch Monday Friday. Additional hours as needed.
• Willing to work in shifts as and when needed.
• Willing to flex to accommodate India Standard Time and North American time zones as needed.

DISCLAIMER:

Sitero is an equal opportunity employer and welcomes all job applicants. All qualified applicants will receive consideration for employment without discrimination on the basis of race color religion sex sexual orientation gender identity national origin protected veteran status disability or any other factors prohibited by law.

Required Experience:

Manager