HR Governance and Compliance

Job Description

Role: HR Compliance & Workforce Risk (NIS2 / DORA)

HR Compliance & Workforce Risk is responsible for building and operating the HR control environment supporting compliance with EU cyber resilience regulations, including NIS2 and DORA.

The role leads the implementation and ongoing management of HR-owned controls related to workforce governance, cyber training compliance, employee lifecycle controls, contractor compliance, audit readiness, and workforce risk management across multiple EU jurisdictions.

Working closely with Cyber Security, ICT Risk, Legal, Internal Audit, Procurement, HR Technology, and IAM teams, the position serves as the primary HR lead for workforce-related cyber compliance and resilience activities.

• Partner with Cyber Security, ICT Risk, and Compliance teams to translate NIS2 and DORA requirements into scalable HR operational controls.
• Design and implement HR-owned frameworks covering:
  • Workforce cyber security awareness and executive training
  • Policy acknowledgement and attestation processes
  • Joiner, mover, and leaver controls linked to Identity & Access Management (IAM)
  • Contractor and contingent workforce onboarding standards
  • Workforce-related cyber incident response procedures
• Establish audit-ready HR evidence repositories and compliance documentation.
• Develop remediation plans, implementation roadmaps, and measurable compliance milestones.
• Support regulatory readiness assessments and Works Council consultation activities where applicable.

• Operate and continuously improve HR cyber compliance controls within the Tier 2 People Services function.
• Manage enterprise-wide cyber training governance, completion tracking, reporting, and escalation management.
• Oversee policy attestation cycles and workforce compliance enforcement activities.
• Ensure workforce lifecycle events trigger appropriate access governance and deprovisioning controls.
• Support workforce-related actions during cyber incidents, including access suspension protocols and employee communications.
• Maintain contractor and supplier workforce compliance standards across jurisdictions.

• Act as HR control owner for workforce cyber compliance evidence and audit documentation.
• Support Internal Audit reviews, regulatory inspections, and external assurance activities.
• Deliver workforce risk and compliance reporting to HR leadership and governance forums.
• Collaborate closely with Cyber Security, ICT Risk, IAM, Procurement, Legal, Data Privacy, HRIS, and HR Technology teams.
• Support the integration of HR controls into enterprise systems and workflows, including Oracle HCM, Service Now, and reporting platforms.

• From 5 years of experience in HR Operations, HR Governance, HR Risk, Compliance, Shared Services, or related functions within multinational and/or regulated environments.
• Proven experience supporting regulatory remediation, audit-driven transformation, operational risk, or compliance programs.
• Strong understanding of HR lifecycle processes, workforce governance, and shared services operating models.
• Exposure to regulatory frameworks such as NIS2, DORA, GDPR, SOX, or equivalent governance and compliance standards.
• Experience partnering with Cyber Security, Risk, Technology, Internal Audit, or Governance functions in complex matrix organizations.
• Familiarity with enterprise HR technology ecosystems including Oracle HCM, Service Now, IAM, and analytics/reporting platforms.
• Experience operating in Works Council environments is advantageous.
• Strong program execution and operationalization capability with the ability to translate regulatory requirements into practical HR controls and processes.
• Audit-oriented, evidence-driven mindset with strong risk awareness and data governance understanding.
• Excellent stakeholder management, executive communication, collaboration, and influencing skills.
• Analytical, structured, and solution-oriented approach with the ability to operate effectively in fast-paced transformation environments.

The individual in…