Download PDF

Sara Magdalena Goldberger

    Business Analyst GRC, Privacy & Cybersecurity

    Work Experience

    Aug. 2022Present

    Business Analyst GDPR - IT & Cybersecurity

    HCL Technologies
    • Analyze Transfer Impact Agreements, Binding Corporate Rules and Standard Contractual Clauses ensuring that the transfer mechanism is effectively guaranteeing an adequate level of data protection in the third country and is not undermined by the transfer in practice or local legislation.
    • Work within the Cybersecurity function with a focus towards strengthening privacy controls within systems/applications deployed in the organization
    • Liaise with business and project stakeholders to elicit, analyse, communicate and validate data privacy requirements as a result of changes to business processes and information systems.
    • Collaborate with legal compliance team on DPIA for high risk processing activities
    • Ensure privacy by design by liaising and collaborating with stakeholders 
    • Analyse privacy gaps in projects/systems & applications and work with the technical project teams to bring them to closure
    • Support Legal, Compliance, Information Security and the DPO in performing due diligence and contracting with new 3rd parties.
    Oct. 2021Present

    Business Analyst Governance, Regulation, Compliance

    HCL Technologies

    Global manufacturing company

    • Managing Privacy transformation in a global digital transformation programme
    • Ensuring global compliance across multiple jurisdictions regarding Data Subject Access, DSR
    • Manage the Data Subject Access Request process
    Aug. 2021Present

    Board Advisory - Privacy

    BrightAct creates thoughtful technology from user-driven innovation rooted in the sustainable development goals. We are a platform supplier for Governments and NGOs with apps for inhabitants. By streamlining and gathering support for victims of domestic violence. Our aim is to bridge the gap between stakeholders, globally.
    July 2020Oct. 2021

    Business Analyst Governance, Regulation, Compliance

    HCL Technologies

    Global extraction and mining company 

    • Set up and review compliance in relation to remediation of unstructured data, data at rest and data in motion 
    • Provide guidance towards GRC risk within the wider GRC community
    • Ensured close collaboration and awareness/oversight between DPO, CISO senior management, and respective stakeholders
    • Identity and Access Management, IAM
    • Ideate and strategize data remediation mechanisms and processes
      • Complete revision of the standard process - resulting in a streamlined process 
      • Established a Privacy Remediation Working Group
    • Close collaboration with Global Privacy Office and Information Security team, to adapt to the requirements of a complex business environment with diverse expectations 
    • Collaborate with Technical support and Offshore Operations team:
      • Day to day remediation operation review and updates
      • Assist in KPI management and reporting
    Aug. 2020Dec. 2020

    Expert Evaluator

    European Commission

    Evaluated European Wide proposals in the range of EUR 2 - 5 million.

    Subject: Digital Security and privacy for citizens and Small and Medium Enterprises and Micro Enterprises.

    March 2020June 2020

    Business Analyst Digital Transformation, GRC & Privacy

    HCL Technologies

    Global Private Bank

    • Supporting a global private bank in Digital Transformation ensuring regulatory compliance. Automating Governance, Regulations, and Compliance (GRC) and privacy controls.
    • Business analysis.
    • Securing IT operations.
    • Regulatory framework analysis: GDPR; CCPA, NIST, ISO27000, NIS Directive. Develop plans and controls for prevention, detection, response, and mitigation.
    • Set in place global IT audit processes, and global GRC programme.
    Sept. 2019June 2020

    Business Analyst Cybersecurity, GRC, Privacy

    HCL Technologies

    Working in the crossroads of regulations, legislations, technology, and change, analyze and understand complex Information Security issues (on technology, organizational, and process-level) and IS mitigating measures for those issues.

    • Assess risks, using recognized sources of threat intelligence as well as risk impact assessments
    • Assess complex cybersecurity programmes, covering people, physical, process, and technology aspects
    • Advice on and, where required, manage the transformation and improvement of organizations’ cyber security programmes
    • Advice on and implement performance management and assurance frameworks for cybersecurity
    • Analyze business processes and set in place streamlined, safe and secure, business
    March 2019Sept. 2019

    Change Management & Strategic Communications Manager

    HCL Technologies

    Creating and executing change management and deployment strategies for multiple IT initiatives on a global basis.

    Contributing to the design and development of change management and communication deliverables, including the case for change, stakeholder analysis, change impact assessment, communication strategy/plan, leadership action plan, training roadmap, etc.

    Engaging key stakeholders to develop change management methods, tools, and templates for project teams, leveraging change management best practices and lessons learned

    Planning and conduct change management activities along with executing business strategies.

    Customizing and create efficient tools and outputs and deliverables to drive awareness, progress, and success of the initiative.


    • Change communications around new global service desk & Windows10 migration
      • Video - 11 languages
      • SharePoint site
      • branding
      • emails to all staff - 30 languages
      • training, internal articles
      • management presentations
      • quick start guide
    Dec. 2018March 2019

    GDPR Business Analyst — Contract

    University of Oxford

    Setting in place a compliance programme of various business units and departments as outlined in the GDPR regulation.

    • GDPR Business analysis and Process development 
    • GDPR Communications 
    • Day — to Day advice on GDPR related matters
    • Risk management 
    • Rewrite cookie policy of UO's donor relations
    • Process re-engineering 
    • Stakeholder management 
    • Website development 
      • topology
      • content development
    • Contract review and update concerning data transfers — national and international
    • Review and update Records of Processing Activities for the University of Oxford donor relations
    • Responsible for delivery of Marketing Consent Management; Data Retention - Discovery; Cookies
    • Responsible for supporting the design/implementation of all amended business processes
    • Supported training and testing processes as required
    • Responsible for University and Collegiate wide quality control of all donor relations: forms, emails, web pages...
    June 2018 Aug. 2018

    Global Change Communications Manager BI, SAP and GDPR — Contract

    HEINEKEN International

    Defined and communicated information management architectures, road-maps, and patterns that support adherence and compliance to GDPR and BCR principles. My intervention helped Heineken shorten its internal sales process from 10 days to 1 hour. It also completely digitialised the process. 

    Based on system analysis, I communicated technical standards and guidelines of cross-functional solutions like ERP, MDM, and BI applications. 


    • create change road-maps and data architectures
    • minimize resistance and speed up adoption
    • streamlined and shortened internal sales process, from 10 days to 1 hour.
    • produced slim-lined sales and marketing process
    • stakeholder & project management
    • budgeting
    • timing
    • train and educate managers
    • GDPR project responsible
    Mar. 2018June 2018

    Global Change and Business Readiness Communications Manager IT — Contract


    Responsible for the global launch of employee portal based on SharePoint. Aims to simplify collaboration and productivity. Shell employees will receive a superior work environment. Change from a 10 year IT environment to state-of-the-art technology. Global matrix organization. 

    • Global IT Change Communications  - launching a global SharePoint portal
    • Change impact analysis
    • Solving identified risks either through personal intervention or via technical specialist intervention
    • Stakeholder management of a global and diverse large group of stakeholders numbering 10.000 plus
    • Creating communications, training and engagement packs
    • Setting in place the corporate SharePoint topology
    • Business Readiness 
      • Ensuring that IT is ready to deliver
      • Ensuring that all stakeholders are ready for the change
      • Ensuring project delivery
    Jan. 2016Dec. 2019

    Board Member

    Cyber Rescue Alliance

    Cyber Rescue Alliance is a business assistance alliance. We help our Members reduce the harm caused by cyber-attacks. We help Members respond to the shock of a successful cyberattack, to:

    • Make decisions that reduce damages, rather than exacerbate them

    • Select pre-qualified providers, rather than scramble to find specialist responders

    • Leverage our pre-agreed contracts, rather than be distressed buyers

    • Continue with their core business, rather than be swamped by attack response

    • Business development


    • Established the Organisation as a Thought leader on Social Media
    • Creation and distribution of digital content
    • Public and Media Relations - the organization is now considered a thought leader in its area

    Jan. 2017Apr. 2017

    Change Project Communications Manager — Contract


    Global change communications manager on a project to minimise the number of applications within Novartis. The project is also responsible for server virtualisation and minimising the number of server halls around the globe.


    • Set in place processes for global change communications. The first time this global programme has a process that supports the programme and project managers in their work, it enhances the quality of communications that leave the programmes.
    • Developed change management processes
    • Identified and set in place sign-off process, timing and decision-makers in the organisation. 
    • Trained managers and users in this process and its tools
    • Developed a set of questions which helps the programme managers to identify which tool and channels to use for which message and how messages can be curated across channels and tools. 
    May 2015Sept 2016

    Global Executive Communications Lead – Group Operations and Technology

    Zurich Insurance Company

    Responsible for integrated communications plan covering employee engagement and communications, outreach, media relations, etc. Work areas are IT management, Data and Analytics, Executive CIO Communications.

    • Developing and coordinating integrated, forward-looking internal/external strategic communications plan, working closely with Marketing & Communications colleagues, agreeing on clear RACIs (roles & responsibilities) for all activities, focusing on business outcomes

    • Working directly with Chief Operations & Technology Officer and the GOT Leadership Team to support the delivery of strategic priorities, prioritized business projects/initiatives
    • Relationship and stakeholder management and strategic business partnering to identify and prioritize communication needs and requirements within the functions; prioritize and meet  communication needs with limited, shared resources

    • Working with Employee Communications to ensure resource support, collaborating closely with and across Centers of Expertise and services experts

    • Lead 5 Communications Business Partners

    • Sit on the GOT Leadership Team, Corporate Board -2

    Jan 2012May 2015

    Senior Policy Advisor

    European Parliament

    Responsible for legislative and policy development within IT,  justice and home affairs, and Cybersecurity.

    • Draft legislative amendments

    • Analyze legislative proposals

    • Secured speaking engagements for Member of Parliament

    • Secured a recurring column in the international press on "The Digital Citizen"

    • Curate column into events in Brussels and Sweden in co-operation with  world's largest PR agency, Edelman

    • Interact with policy media commentators and journalists

    • Lecturer for Erasmus University College on Corporate Communications and Public Affairs

    Apr 2008Aug 2011

    International Public Relations Manager

    • Support the VP of International Relations to formulate global integrated communications
    • Developed a  global ThinkThank on Smart Cities
    • Identify, select and manage strategic partners, agencies, and external resources
    • Liaise with internal stakeholders to ensure execution and integration of programmes and strategies
    Jan 2008Mar 2008

    Senior Change Communications Manager Global IT infrastructure - Contract

    Philips International
    • Support Head of Communications to formulate global change communications
    • Select and manage agencies and resources of the communications team to ensure that the most appropriate and efficient measures are available to Philips IT
    • Liaise with other communications managers within Philips IT to ensure integrations of programmes and strategies
    • Co-ordinate planning and budget
    • Co-ordinate content creation for online information
    Jul 2006Sep 2007

    PR & Communications Manager

    AeroSpace and Defence Industries Association
    • Develop integrated  PR and communication strategies and measures, campaigns, and tactics to identified organizational objectives
    • Identify strategic partners
    • Identify, pitch, and lead story development
    • Manage day-to-day relationships with industry, press, and opinion leaders
    • Work with human resources executives to create and implement effective internal communications
    • Review agency performance and negotiate new contracts where necessary
    • Manage the organisation’s Intranet and public website


    1. Swedish – Native speaker

    2. English – Near native speaker

    3. French – Fluent

    4. German – Intermediate

    5. Norwegian – Basic

    6. Dutch – Read and understand

    7. Danish – Read and understand



    Bachelor of Arts

    Lunds Universitet

    Political Science, Communications, Public Affairs


    Certified Privacy Professional EU — CIPP/E, GDPR
    Certified International Privacy Manager, CIPM
    Privacy and NIS technologies
    Impact and Risk analysis, management and mitigation
    Stakeholder management
    End-to-End Change Management
    Business readiness


    CIPP/E - Certified International Privacy Professional EU

    CIPM - Certified International Privacy Manager

    Blockahain Hyperledger Technologies

    Certified Gaming Theories