GRC Consultant - German Speaking in London

We are growing. Privacy and AI compliance has moved from a back office concern to a board level priority, and our clients are asking more of us because of it. Every week brings a new regulation, a new enforcement decision, or a new product launch that needs a privacy lens before it ships. This demand is an opportunity for us. We are building Lex Dinamica for what comes next in this work, and we are looking for the people who want to build it with us.

This role is how we build out our GRC capability across our global client base, including the German speaking accounts where local language is part of doing the work properly.

Lex Dinamica is a consulting firm that provides Privacy, AI and Risk solutions. Our advisory, technology and DPO services help clients address regulatory challenges worldwide and deliver compliance-driven value. Our clients range from FTSE 100 companies and global multinationals to government contractors and high growth scale ups, and they come to us for advisory work, DPO support delivered as a service, AI governance, and privacy technology programmes including OneTrust, where we are a certified implementation partner.

The GRC Consultant role is how we extend our work into governance, risk and compliance more broadly, with a strong focus on the DACH accounts where German is the working language. You will help clients design, run and improve the frameworks that hold their compliance programmes together, and bring an integrated view to organisations increasingly asked to manage privacy, security, AI and operational risk as one.

In this role, you will:

• Advise clients across governance, risk and compliance, including framework design, controls, and assurance
• Support implementation of GRC technology platforms, with a focus on OneTrust and adjacent tools
• Bring a broad GRC lens to engagements that touch privacy, security, AI and operational risk
• Act as a German language point of contact for DACH region engagements

You will advise clients on the frameworks that hold their compliance programmes together. Risk taxonomies, control libraries, policy structures, assurance approaches, and the operating models that bring them to life. You will help clients move from fragmented, function specific compliance toward something integrated.

You will support the implementation and configuration of GRC technology. OneTrust is a focus for us, alongside the wider landscape of GRC platforms our clients use. You do not need to be a OneTrust expert today. You do need to be ready to build that expertise quickly with our support and certification.

You will bring an integrated view across risk domains. Privacy, information security, AI governance, operational resilience, third party risk, and the regulatory landscape that connects them. Our clients increasingly want one partner who can see across all of it. You will help us be that partner.

You will be a German language anchor for the team. When a DACH client wants to work in their own language, review documentation in German, or have technical content localised properly, you are the person who makes that possible.

You will contribute to how we work. Our GRC service line is growing, and the people who join now will help shape the methodologies, templates, and ways of working that we take to every future client.

Must haves

• A solid grounding in governance, risk and compliance, with practical experience designing or operating GRC frameworks, controls, or assurance programmes in a client or in house setting.
• Fluency in both German and English, written and spoken. You can run a working session, write a clear email, and review documentation in either language.
• A genuine interest in privacy, AI governance, and the wider compliance technology space. You enjoy the intersection of regulation, risk and technology and want to build a career there.
• Willingness to learn OneTrust and broader GRC platforms quickly, supported by our internal training and certification.
• Strong analytical and problem solving instincts. GRC work is detail heavy, and small framework choices have real downstream consequences.
• Strong written and verbal communication. You can explain a complex risk concept to a non technical client without losing them or oversimplifying.
• A right to work in the UK.

Nice to haves

• Hands on experience with one or more GRC technology platforms (OneTrust, ServiceNow GRC, Archer, MetricStream, or similar).
• Familiarity with widely used GRC frameworks and standards (ISO 27001, ISO 27701, SOC 2, NIST CSF, COSO, or similar).
• Working knowledge of GDPR, the German Federal Data Protection Act (BDSG), and the broader regulatory landscape across the DACH region.
• Exposure to specific regimes such as DORA, NIS2, the EU AI Act, or sectoral compliance requirements.
• Consulting experience, whether at a professional services firm, a Big Four, or a privacy or risk specialist firm.
• A recognised credential such as CIPP/E, CIPM, CRISC, CISA, ISO 27001 Lead Auditor or Implementer, or equivalent.
• Additional language capability beyond German and English.
• A relevant degree in a field such as Business, Law, Economics, Computer Science, Information Security, or similar.

Lex Dinamica was built from day one to solve the problems that organisations face when data, regulation, technology and trust all have to hold together at once. That focus is what we are, and it is what we lead with from the first client conversation to the final deliverable. Headquartered in London and supported by delivery centres across the EU, US and India, we partner with clients from FTSE 100 companies and global multinationals to government contractors and high growth scale ups. Our work spans more than fifty jurisdictions and over one hundred and fifty delivered projects. Our founders came out of Big Four consulting. The firm they built deliberately keeps what works about that model, the rigour, the breadth, the client discipline, and strips out what does not, the layers, the politics, the pace.

We are a firm of curious people, fast learners, and genuine team players. We are selective about who we hire, because the people already here are worth working alongside.

You will be based in our London office with hybrid working, spending two days a week in the office and the rest of your week wherever you work best. At Lex Dinamica, we understand that a career is one part of a wider life, and we build our working patterns around that reality.

What we offer

• Competitive salary
• 26 days of annual leave, with the option to accrue additional days over time
• Hybrid working as standard
• Private pension contributions
• Optional private health insurance
• A work from anywhere policy that lets you work abroad for defined periods each year

If this sounds like the role you are looking for, send us your CV. For more information, or for part time opportunities, get in touch with our team via LinkedIn.

Our screening process assesses candidates' qualities, capabilities, experience, fit, vision, and ambition to ensure they align with our needs. We conduct comprehensive evaluations and in-depth interviews to identify top talent. The data you provide us with will be processed exclusively for recruitment purposes and assessing your application against our requirements. You may withdraw your application at any time by getting in touch with a member of our team, via LinkedIn or the contact details found on our website. You may ask us to keep your information on file for any future opportunities.

Lex Dinamica is proud to be an equal opportunity employer, which means we are committed to creating and celebrating diverse thoughts, cultures, and backgrounds throughout our organisation. Employment at Lex Dinamica is based on substantive ability, objective qualifications, and work ethic, not an individual's background, religion, sex or gender, gender identity or expression, sexual orientation, national origin or ancestry, alienage or citizenship status, physical or mental disability, pregnancy, age, genetic information, veteran status, marital status, status as a victim of domestic violence or sex offenses, reproductive health decision, or any other characteristics protected by applicable law.