Legal Specialist, DPO

Sitero is an emerging leader in Clinical services and software solutions for the life sciences industry. We have experience and expertise in a diverse range of therapeutic areas and focus on innovative, technology-enabled solutions that allow our clients to focus on their core strengths. For early phase studies through Phase III clinical trials, our experienced team delivers high-touch services and technology to ensure the safety of all stakeholders across the clinical research community with an emphasis on ethics, compliance, and innovation. 

Job Title: Legal Specialist, DPO                    

Location: Poland              

Function: Corporate Counsel         

Sitero is seeking an experienced and motivated Legal Specialist who will serve a dual function role as the company’s designated Data Protection Officer (DPO). Based in Poland, this individual will provide day-to-day corporate legal counsel across a broad range of business matters while assuming primary responsibility for Sitero’s data privacy program in compliance with the EU General Data Protection Regulation (GDPR) and other applicable privacy and security laws.

This is a high-visibility, dual-function role ideal for a Poland-based legal professional who possesses deep knowledge of European data protection law and is equally comfortable providing practical legal guidance on employment matters, vendor contracts, and corporate governance. The DPO function carries statutory independence under GDPR Article 37–39 and reports directly to senior leadership.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Data Protection Officer – DPR & Privacy

• Serve as Sitero’s officially designated DPO under GDPR Article 37, acting as the primary point of contact for data subjects, supervisory authorities, and internal stakeholders on all data protection matters.
• Lead the development, implementation, enforcement, and ongoing monitoring of Sitero’s global Data Privacy Policy and Data Protection Program to ensure full compliance with GDPR, applicable US privacy laws, and other regional privacy and security regulations.
• Oversee and conduct Data Privacy Impact Assessments (DPIAs) as required under GDPR Article 35, addressing the following areas in each assessment:
• The purpose(s) for which Personal Data is being processed and the processing operations to be carried out.
• Details of the legitimate interests being pursued by Sitero.
• An assessment of the necessity and proportionality of processing operations relative to the stated purpose(s).
• An assessment of the risks posed to data subjects, including likelihood and severity.
• Details of measures in place to minimize and handle risks, including safeguards, data security controls, and other mechanisms to demonstrate compliance.
• Receive, investigate, and respond to reported or discovered violations of Data Processing Agreements (DPAs), coordinating timely remediation and reporting to senior leadership; serve as the primary contact at [email protected] for all data protection inquiries and violation notifications.
• Maintain and continuously update Sitero’s Records of Processing Activities (RoPA) in accordance with GDPR Article 30.
• Manage data subject rights requests (access, rectification, erasure, portability, objection) within statutory timeframes.
• Review, negotiate, and maintain Data Processing Agreements and Standard Contractual Clauses (SCCs) with vendors, processors, and sub-processors.
• Monitor and advise on regulatory developments across EU member states, proactively identifying compliance gaps and recommending corrective action.
• Liaise directly with the Polish supervisory authority (UODO) and other EU data protection authorities as required.
• Deliver organization-wide data privacy training and awareness programs; foster a culture of privacy-by-design and data minimization.

Corporate Legal Counsel

• Provide day-to-day legal advice on a broad range of corporate matters including commercial contracts, vendor agreements, service agreements, confidentiality/NDA agreements, and clinical trial-related legal documents.
• Draft, review, and negotiate contracts with clients, vendors, and business partners, ensuring alignment with Sitero’s risk tolerance and applicable law.
• Advise leadership on corporate governance, regulatory compliance, and risk management, escalating material legal risks as appropriate.
• Support intellectual property protection, including review of IP-related clauses in commercial agreements.
• Assist in managing disputes, claims, and litigation strategy in coordination with external counsel.
• Support corporate entity management and compliance filings across Sitero’s European legal entities.
• Stay current on Polish and EU commercial law and advise on the legal impact of regulatory changes on Sitero’s operations.

Employment Law & HR Partnership

• Serve as the primary legal advisor to the People & HR team on all employment law matters in Poland and, where applicable, across EU jurisdictions.
• Advise on the full employment lifecycle, including hiring practices, employment contract templates, compensation structures, performance management, disciplinary procedures, and terminations, ensuring compliance with the Polish Labor Code and applicable EU employment directives.
• Review and maintain compliant employee policies, handbooks, and HR procedures, ensuring alignment with both Polish law and Sitero’s global people policies.
• Advise on the intersection of data privacy and human resources, including lawful bases for processing employee personal data, employee monitoring policies, and HR data retention schedules.
• Support the HR team with legal aspects of employee relations matters, including investigations, grievances, and accommodations.
• Advise on works council obligations, employee representation requirements, and collective labor matters where applicable under Polish law.
• Partner with HR to ensure onboarding processes, background screening, and employee data handling are fully GDPR-compliant.
• Provide guidance on cross-border employment arrangements, including remote work policies and international employee data transfers.

EDUCATION AND EXPERIENCE REQUIRED:

• Law degree (LL.B., LL.M., or equivalent) from an accredited institution; admission to the Polish Bar (Radca Prawny or Adwokat) or equivalent EU bar is strongly preferred.
• Minimum 5 years of post-qualification legal experience, with significant exposure to data protection and privacy law.
• Demonstrated, in-depth knowledge of the GDPR and its practical application in a corporate environment, including DPIA methodology, DPA drafting, and interaction with supervisory authorities.
• Strong working knowledge of Polish employment law (Kodeks Pracy) and its application to HR and people operations.
• Experience drafting and negotiating commercial contracts, vendor agreements, and data processing agreements.
• Fluency in Polish and English (written and spoken) is required; additional EU language proficiency is an asset.
• Certified Information Privacy Professional / Europe (CIPP/E) or equivalent privacy certification is highly desirable.
  
  

Preferred Experience

• Prior experience serving in a DPO capacity or in a dedicated privacy counsel role.
• Experience in the life sciences, clinical research, or healthcare sector, with familiarity with clinical data and regulatory frameworks (e.g., ICH-GCP, EMA guidelines).
• Familiarity with US privacy regulations (e.g., HIPAA, CCPA) and their interplay with GDPR.
• Experience with multi-jurisdictional data governance in an international organization.
• Working knowledge of ISO 27001 or similar information security standards.

COMPENSATION & BENEFITS:

Sitero proudly offers an impressive compensation package and benefits, including a competitive salary, paid time off, and healthcare and retirement benefits.

EMPLOYMENT TYPE:

Full Time, Permanent

COMMITMENTS:

• Standard Hours 40 hours per week, one hour lunch, Monday – Friday. Additional hours as needed.
• Willing to work in shifts as and when needed.
• Willing to flex to accommodate India Standard Time and North American time zones as needed.

DISCLAIMER: 

Sitero is an equal opportunity employer and welcomes all job applicants.  All qualified applicants will receive consideration for employment without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other factors prohibited by law.