Middle Compliance Specialist / Data Privacy

• Privacy Program Management: oversee the ongoing development, implementation, and maintenance of the company's comprehensive data privacy program
• Regulatory Compliance: Ensure continuous compliance with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), and other relevant national and international privacy frameworks
• Support client engagement activities in the information security, data protection, or compliance domain. Perform contracts review and ad-hoc questionnaires preparation.
• Policy & Procedure Development: review, and update internal data privacy policies, procedures, and guidelines to reflect legal requirements and best practices
• Privacy by Design/Default: Provide expert privacy advice and guidance to various business units throughout the lifecycle of processes, projects, systems, and services, promoting Privacy by Design and Default principles
• Data Protection Impact Assessments (DPIAs): Conduct and oversee Data Protection Impact Assessments (DPIAs) for new and significant changes to existing data processing activities
• Data Subject Rights: Manage and respond to Data Subject Rights (DSR) requests (e.g., access, rectification, erasure, portability) in a timely and compliant manner
• Third-Party Risk Management: Support the assessment of privacy risks associated with third-party vendors and data processors, including reviewing data processing agreements and Standard Contractual Clauses as needed
• Incident Response: Assist in data breach incident response planning and execution, including investigation, containment, and notification procedures as required by law
• Training & Awareness: Develop and deliver engaging data privacy training and awareness initiatives for the staff across the organization
• Monitoring & Reporting: Monitor compliance with internal privacy policies and external regulations, prepare regular compliance reports for management, and identify areas for improvement
• Internal Audits: provide support for internal privacy audits and assessments to identify gaps and ensure adherence to privacy standards and controls, including potentially contributing to ISO 27701 (Privacy Information Management System) audits
• Record Keeping: Maintain accurate records of data processing activities (ROPA) and other relevant privacy documentation.

• 3+ years of demonstrated experience in data privacy compliance, data protection, or a related legal/compliance role, preferably within a fast-paced or regulated industry
• In-depth knowledge and practical application experience of GDPR is essential. Familiarity with other global privacy regulations is a strong advantage
• Understanding of information security principles and their intersection with data privacy (e.g., ISO 27001 and family, SOC2 Type II)
• Relevant professional certification(s) such as CIPP/E, CIPP/M, CIPM, CDPSE, or equivalent are highly desirable and are a strong advantage
• Strong analytical, problem-solving, and critical thinking skills with the ability to interpret complex legal and regulatory requirements
• Excellent written and verbal communication skills, with the ability to articulate complex privacy concepts clearly to technical and non-technical audiences
• Proven ability to work independently, manage multiple priorities, and meet deadlines in a dynamic environment
• High level of integrity, discretion, and ethical conduct
• Excellent written and verbal communication skills in English

• Flexible working format - remote, office-based or flexible
• A competitive salary and good compensation package
• Personalized career growth
• Professional development tools (mentorship program, tech talks and trainings, centers of excellence, and more)
• Active tech communities with regular knowledge sharing
• Education reimbursement
• Memorable anniversary presents
• Corporate events and team buildings
• Other location-specific benefits

N-iX