← Back to Open Positions

Type: Part-time / Freelance / Per-request engagement

Location: Remote (EU-based preferred)

Start: As soon as the right person is found

Engagement model: Project-based or retainer; aligned to EU project deliverable cycles

Unicis is an open-source GRC (Governance, Risk, and Compliance) platform built for EU SMEs. We help organisations navigate NIS2, GDPR, ISO 27001, DORA, and CRA without spreadsheets. We are a small, fully remote team operating under Estonian law, based across Europe, and funded through EU research projects and early commercial revenue.

We build in the open. Our platform, our handbook, and our processes are public. We work asynchronously, we move fast, and we expect every contributor to own their domain completely.

Read more: What is Unicis? | V/TO

We are looking for an experienced compliance, privacy, and cybersecurity professional to join Unicis as an advisor and contributor on a part-time, per-request basis.

This is not a full-time employee role. You will be engaged for specific deliverables — primarily EU project work, compliance framework validation, and advisory support for the platform — with the expectation of growing involvement as Unicis scales.

You will work directly with Predrag (CEO) and Alexander (EU Projects) on:

• Contributing to EU-funded project deliverables where compliance, privacy, or cybersecurity expertise is required (OSCRAT, VIC, CyberSec4OT, SAFE SPORT, and future projects)
• Reviewing and validating compliance framework mappings in the Unicis Platform (NIS2, GDPR, ISO 27001, DORA, CRA, and emerging frameworks)
• Advising on regulatory interpretation for EU SME customers — helping the product team translate regulatory text into actionable platform features
• Supporting Unicis's own internal compliance posture (GDPR data processing, security documentation, trust center)
• Participating in conference presentations, workshops, and webinars representing Unicis's compliance expertise (e.g., VIC project events, EU cybersecurity conferences)
• Optionally: contributing to Unicis blog content, whitepapers, and framework documentation as a subject matter expert

• 5+ years of hands-on experience in compliance, privacy, or cybersecurity — not just advisory, but implementation experience with real organisations
• Deep EU regulatory knowledge: NIS2, GDPR, and at least one of ISO 27001, DORA, or CRA — you can explain the practical implications, not just cite the articles
• International coverage: Familiarity with frameworks beyond the EU — SOC 2, NIST CSF, ISO 42001, TISAX, or similar — for customers operating across jurisdictions
• EU project experience: Has contributed to at least one EU-funded research or innovation project (Horizon, NGI, Digital Europe, or similar) — understands deliverable formats, consortium dynamics, and reporting requirements
• Written communication: Can produce clear, well-structured compliance documentation, reports, and deliverables in English — additional EU languages are a strong plus
• Remote-first: Comfortable working asynchronously across time zones; self-directed; no need for micromanagement

• Certifications: CIPP/E, CIPM, CISSP, CISM, ISO 27001 Lead Auditor/Implementer, or equivalent
• Experience advising SMEs specifically — not just large enterprise compliance programmes
• Familiarity with open-source software and open-core business models
• Experience with GRC tooling (Unicis, CISO Assistant, Vanta, Drata, or similar)
• Network within EU cybersecurity and privacy communities (ENISA, CLUSIF, BSI, etc.)
• Experience contributing to public standards, working groups, or regulatory consultations

• Flexible engagement: You choose your availability. We engage you when we have relevant deliverables — no fixed hours, no long-term commitment required to start
• Meaningful work: Your expertise directly shapes a platform used by EU SMEs navigating real regulatory obligations — not theoretical compliance theatre
• EU project participation: Co-authorship on EU project deliverables and potential conference/event participation under project budgets
• Equity/revenue share conversation: For the right person who wants deeper involvement, we are open to discussing a more formal long-term arrangement
• Open-source credit: Your contributions to framework mappings and compliance content are publicly attributed
• Rate: Competitive day/hourly rate aligned to EU project billing rates and your experience level — discussed during the first call

• Primary communication: Element/Matrix for async; Nextcloud Talk for calls
• Project tracking: OpenProject for tasks, timesheets, and deliverable milestones
• Documents: Nextcloud for shared files and deliverable drafts
• Time logging: OpenProject timesheets; invoicing via your own invoice to Unicis (processed through Dolibarr, paid via Wise)
• Onboarding: Mandatory onboarding via Unicis Moodle (short, async)

Send a short message (no CV templates, please) to careers@unicis.tech via FreeScout, or reach out directly to Predrag on Matrix or LinkedIn.

Tell us:

1. What EU regulatory frameworks you know best and at what depth
2. One EU project you have contributed to and what your role was
3. Your rough availability and preferred engagement model
4. Why Unicis and why now

We will respond within 3 business days. If there is a fit, we schedule a 45-minute call via Nextcloud Talk.

← Back to Open Positions