HQ - Data Privacy & Protection Associate

📋 Description

• • Own the end-to-end lifecycle of Data Subject Access Requests (DSARs) across Job&Talent’s global footprint, ensuring every request from workers, clients, or partners is handled within the statutory 30-day window while maintaining meticulous audit trails and quality checks that exceed GDPR/CCPA expectations.
• • Partner directly with the Data Protection Officer to design, document, and continuously improve a scalable privacy program that can flex from 10 to 50 markets without re-engineering; this includes drafting policies, playbooks, and training collateral that turn complex legal jargon into clear, actionable guidance for Product, Engineering, Sales, and Operations teams.
• • Maintain the Record of Processing Activities (ROPA) as the single source of truth: map new data flows triggered by product launches, sunset obsolete entries, and automate delta reports so leadership sees compliance status in real time.
• • Lead Third-Party Impact Assessments (TIAs) for every new vendor or system integration—review DPIAs, security questionnaires, SCCs, and DPAs; negotiate contractual clauses that reduce risk and protect the rights of 500k+ workers on the platform.
• • Act as first responder during privacy incidents: triage alerts from Security, coordinate containment, draft breach notifications for supervisory authorities within 72 hours, and run post-mortems that feed directly into engineering sprints.
• • Drive “privacy by design” reviews for new features—sit with Product Managers in discovery sessions, flag high-risk processing, propose data-minimisation techniques, and sign off on release gates so compliance never becomes a bottleneck.
• • Operate OneTrust as the command center for the privacy program: configure workflows, dashboards, and risk-scoring algorithms; train regional champions and run quarterly health checks to keep the platform aligned with evolving regulations.
• • Translate regulatory change into business opportunity—monitor EDPB guidelines, US state laws, and upcoming AI acts, then brief executives on strategic implications and recommended actions that keep Job&Talent ahead of the curve.
• • Collaborate with Legal, InfoSec, HR, and Finance during contract negotiations—redline vendor agreements, update data-transfer mechanisms, and ensure every clause supports both compliance and commercial agility.
• • Champion a culture of privacy awareness: design micro-learning modules, host “lunch & learn” sessions, and create Slack bots that nudge employees toward secure behaviors, turning compliance into a shared company value rather than a checklist exercise.