Download PDF

Sara Magdalena Goldberger

    Business Analyst GRC, Privacy & Cybersecurity

    Work Experience

    Sept. 2019Present

    Business Analyst Privacy, GRC, Privacy & Cybersecurity

    HCL Technologies
    • Manage and Lead [Global] Digital Transformation ensuring regulatory compliance
    • Advisory at and co-operation with all corporate levels - up to C-level
    • Regulatory framework analysis, e.g., GDPR; CCPA, NIST, ISO27000, NIS2 Directive, etc.
    • Develop plans and controls for prevention, detection, response, and mitigation
    • Automating Governance, Regulations and Compliance (GRC), privacy and data management controls
    • Support the development of new digital strategies, capabilities, and competitive differentiators 
    • Support the design and implementation of data platform architectures in the cloud and on premise
    • Support the implementation of data integration processes
    • Work within the Cybersecurity function focusing on strengthening privacy controls within systems/applications deployed in the organization
    • Liaise with relevant stakeholders to elicit, analyse, communicate and validate data management requirements as a result of changes to business processes and information systems.
    • Collaborate with legal advisory team for high risk processing activities
    • Ensure privacy by design by liaising and collaborating with stakeholders 
    • Analyse privacy gaps in projects/systems & applications and work with the technical project teams to bring them to closure
    • Set up and review compliance in relation to re-mediation of unstructured data, data at rest and data in motion 
    • Engage with internal and external stakeholders, working closely with client teams, and synthesising findings into holistic and convincing concepts, determine recommendations, and define seamless story lines
    • Provide coaching in privacy & GRC within the wider corporate GRC community
    Aug. 2021Present

    Board Advisory - Privacy

    BrightAct - supporting those wanting to leave abusive relations
    By streamlining and gathering support for victims of domestic violence to start new a life, BrightAct creates thoughtful technology from user-driven innovation rooted in sustainable development goals. We are a platform supplier for Governments and NGOs. Our aim is to bridge the gap between stakeholders, globally.
    March 2019Sept. 2019

    Change Management & Strategic Communications Manager

    HCL Technologies

    Creating and executing change management and deployment strategies for multiple IT initiatives on a global basis.

    Contributing to the design and development of change management and communication deliverables, including the case for change, stakeholder analysis, change impact assessment, communication strategy/plan, leadership action plan, training roadmap, etc.

    Engaging key stakeholders to develop change management methods, tools, and templates for project teams, aligning change management best practices and lessons learned

    Planning and conduct change management activities along with executing business strategies.

    Customizing and create efficient tools and outputs and deliverables to drive awareness, progress, and success of the initiative.


    • Change communications around new global service desk & Windows10 migration
      • Video - 11 languages
      • SharePoint site
      • branding
      • emails to all staff - 30 languages
      • training, internal articles
      • management presentations
      • quick start guide
    Dec. 2018March 2019

    GDPR Business Analyst — Contract

    University of Oxford

    Setting in place a compliance programme of various business units and departments as outlined in the GDPR regulation.

    • GDPR Business analysis and Process development 
    • GDPR Communications 
    • Day — to Day advice on GDPR related matters
    • Risk management 
    • Rewrite cookie policy of UO's donor relations
    • Process re-engineering 
    • Stakeholder management 
    • Website development 
      • topology
      • content development
    • Contract review and update concerning data transfers — national and international
    • Review and update Records of Processing Activities for the University of Oxford donor relations
    • Responsible for delivery of Marketing Consent Management; Data Retention - Discovery; Cookies
    • Responsible for supporting the design/implementation of all amended business processes
    • Supported training and testing processes as required
    • Responsible for University and Collegiate wide quality control of all donor relations: forms, emails, web pages...
    June 2018 Aug. 2018

    Global Change Communications Manager BI, SAP and GDPR — Contract

    HEINEKEN International

    Defined and communicated information management architectures, road-maps, and patterns that support adherence and compliance to GDPR and BCR principles. My intervention helped Heineken shorten its internal sales process from 10 days to 1 hour. It also completely digitalised the process. 

    Based on system analysis, I communicated technical standards and guidelines of cross-functional solutions like ERP, MDM, and BI applications. 


    • create change road-maps and data architectures
    • minimize resistance and speed up adoption
    • streamlined and shortened internal sales process, from 10 days to 1 hour.
    • produced slim-lined sales and marketing process
    • stakeholder & project management
    • budgeting
    • timing
    • train and educate managers
    • GDPR project responsible
    Mar. 2018June 2018

    Global Change and Business Readiness Communications Manager IT — Contract


    Responsible for the global launch of employee portal based on SharePoint. Aims to simplify collaboration and productivity. Shell employees will receive a superior work environment. Change from a 10 year IT environment to state-of-the-art technology. Global matrix organization. 

    • Global IT Change Communications  - launching a global SharePoint portal
    • Change impact analysis
    • Solving identified risks either through personal intervention or via technical specialist intervention
    • Stakeholder management of a global and diverse large group of stakeholders numbering 10.000 plus
    • Creating communications, training and engagement packs
    • Setting in place the corporate SharePoint topology
    • Business Readiness 
      • Ensuring that IT is ready to deliver
      • Ensuring that all stakeholders are ready for the change
      • Ensuring project delivery
    Jan. 2016Dec. 2019

    Board Member

    Cyber Rescue Alliance

    Cyber Rescue Alliance is a business assistance alliance. We help our Members reduce the harm caused by cyber-attacks. We help Members respond to the shock of a successful cyberattack, to:

    • Make decisions that reduce damages, rather than exacerbate them

    • Select pre-qualified providers, rather than scramble to find specialist responders

    • Leverage our pre-agreed contracts, rather than be distressed buyers

    • Continue with their core business, rather than be swamped by attack response

    • Business development


    • Established the Organisation as a Thought leader on Social Media
    • Creation and distribution of digital content
    • Public and Media Relations - the organization is now considered a thought leader in its area
    Jan. 2017Apr. 2017

    Change Project Communications Manager — Contract


    Global change communications manager on a project to minimise the number of applications within Novartis. The project is also responsible for server virtualisation and minimising the number of server halls around the globe.


    • Set in place processes for global change communications. The first time this global programme has a process that supports the programme and project managers in their work, it enhances the quality of communications that leave the programmes.
    • Developed change management processes
    • Identified and set in place sign-off process, timing and decision-makers in the organisation. 
    • Trained managers and users in this process and its tools
    • Developed a set of questions which helps the programme managers to identify which tool and channels to use for which message and how messages can be curated across channels and tools. 
    May 2015Sept 2016

    Global Executive Communications Lead – Group Operations and Technology

    Zurich Insurance Company

    Responsible for integrated communications plan covering employee engagement and communications, outreach, media relations, etc. Work areas are IT management, Data and Analytics, Executive CIO Communications.

    • Developing and coordinating integrated, forward-looking internal/external strategic communications plan, working closely with Marketing & Communications colleagues, agreeing on clear RACIs (roles & responsibilities) for all activities, focusing on business outcomes

    • Working directly with Chief Operations & Technology Officer and the GOT Leadership Team to support the delivery of strategic priorities, prioritized business projects/initiatives
    • Relationship and stakeholder management and strategic business partnering to identify and prioritize communication needs and requirements within the functions; prioritize and meet  communication needs with limited, shared resources

    • Working with Employee Communications to ensure resource support, collaborating closely with and across Centers of Expertise and services experts

    • Lead 5 Communications Business Partners

    • Sit on the GOT Leadership Team, Corporate Board -2

    Jan 2012May 2015

    Senior Policy Advisor

    European Parliament

    Responsible for legislative and policy development within IT,  justice and home affairs, and Cybersecurity.

    • Draft legislative amendments

    • Analyze legislative proposals

    • Secured speaking engagements for Member of Parliament

    • Secured a recurring column in the international press on "The Digital Citizen"

    • Curate column into events in Brussels and Sweden in co-operation with  world's largest PR agency, Edelman

    • Interact with policy media commentators and journalists

    • Lecturer for Erasmus University College on Corporate Communications and Public Affairs

    Apr 2008Aug 2011

    International Public Relations Manager

    • Support the VP of International Relations to formulate global integrated communications
    • Developed a  global ThinkThank on Smart Cities
    • Identify, select and manage strategic partners, agencies, and external resources
    • Liaise with internal stakeholders to ensure execution and integration of programmes and strategies
    Jan 2008Mar 2008

    Senior Change Communications Manager Global IT infrastructure - Contract

    Philips International
    • Support Head of Communications to formulate global change communications
    • Select and manage agencies and resources of the communications team to ensure that the most appropriate and efficient measures are available to Philips IT
    • Liaise with other communications managers within Philips IT to ensure integrations of programmes and strategies
    • Co-ordinate planning and budget
    • Co-ordinate content creation for online information
    Jul 2006Sep 2007

    PR & Communications Manager

    AeroSpace and Defence Industries Association
    • Develop integrated  PR and communication strategies and measures, campaigns, and tactics to identified organizational objectives
    • Identify strategic partners
    • Identify, pitch, and lead story development
    • Manage day-to-day relationships with industry, press, and opinion leaders
    • Work with human resources executives to create and implement effective internal communications
    • Review agency performance and negotiate new contracts where necessary
    • Manage the organisation’s Intranet and public website


    1. Swedish – Native speaker

    2. English – Near native speaker

    3. French – Fluent

    4. German – Intermediate

    5. Norwegian – Basic

    6. Dutch – Read and understand

    7. Danish – Read and understand



    Functional Business Process Analysis
    Certified Privacy Professional EU — CIPP/E, GDPR
    Certified International Privacy Manager, CIPM
    Privacy, GRC and NIS technologies
    Impact and Risk analysis, management and mitigation
    Stakeholder management
    End-to-End Change Management
    Business readiness


    CIPP/E - Certified International Privacy Professional EU

    CIPM - Certified International Privacy Manager

    Blockahain Hyperledger Technologies

    Certified Gaming Theories