Data Protection Analyst Bucharest

Data Protection Analyst
Bucureşti
Bucharest, Bucharest, Romania

At Paymentology, we’re redefining what’s possible in the payments space. As the first truly global
- processor, we give banks and fintechs the technology and talent to launch and manage Mastercard, Visa, and Union
Pay cards at scale - across more than 60 countries.

Our advanced,
- cloud platform delivers
- time data, unmatched scalability, and the flexibility of shared or dedicated processing instances. It's this global reach and innovation that sets us apart.

We're looking for a Data Protection Analyst to play a key role in enhancing our data privacy framework. Your work will help protect the privacy of our customers and employees, ensuring that our Privacy practices are transparent and secure.

In addition, you will get involved with implementing the Privacy and AI tools that support the privacy governance workflows. Your
-
- day work will involve collaborating with
- functional teams and making recommendations to improve our privacy and governance practices.

Data Privacy Framework

• Strengthen Paymentology’s data privacy risk framework, implementing robust policies and procedures aligned with the GDPR, and other global privacy regulations and best practices. Work closely with global
  - functional stakeholders to support team projects and goals.

Privacy Management System

• Support the implementation of our new Privacy Management System, working directly with the vendor and internal stakeholders to configure system settings, create assessment templates and establish efficient process workflows, documentation, and reporting.

Data Mapping & Governance

• Work closely with designated teams to conduct comprehensive data mapping exercises across the company to identify personal data flows, establishing data governance structures and control mechanisms.

Risk Assessment & Compliance

• Run the Data Protection Impact Assessments (DPIAs) and Records of Processing Activities (Ro
  PA), and AI Risk Governance activities, and support supplier assessments, based on privacy risks. Conduct
  - assessments of personal data processing activities based on risk.

Regulatory Compliance Management

• Ensure adherence to GDPR and other relevant global data protection regulations, monitoring regulatory developments and implementing necessary changes to maintain compliance.

Privacy by Design and by Default

• Provide advice and guidance to the business on data protection, privacy by design and AI-related questions and risks. Collaborate with
  - functional teams such as Procurement, Information Security, Legal and Compliance to balance privacy and business objectives. Support the review and assessment of Data Protection Agreements (DPAs).

Controls Testing & Improvement

• Perform ongoing assessments of privacy controls, identifying areas for improvement and implementing corrective measures to strengthen data protection practices. Maintain comprehensive documentation of findings and prepare reports for senior management.

Incident Management

• Act as key point of contact for reporting and handling of personal data incidents, implementing effective response and coordinating remediation efforts to minimise impact and avoid reoccurrence.

Data Subject Rights Management

• Manage the processing of Data Subject Access Requests (DSARs), such as erasure, rectification, portability, and ensure timely and compliant responses.

Training & Awareness

• Develop and deliver privacy training, raising awareness of data protection responsibilities across the organisation.  

At Paymentology, it’s not just about building great payment technology, it’s about building a company where people feel they belong and their work matters. You’ll be part of a diverse, global team that’s genuinely committed to making a positive impact through what we do. Whether you’re working across time zones or getting involved in initiatives that support local communities, you’ll find real purpose in your work - and the freedom to grow in a supportive,
- thinking environment.

What it takes to succeed:

• Minimum of 3 - 5 years of experience in data privacy, compliance, or risk management roles, ideally within the payments industry or similarly regulated environments.
• Strong understanding of global data protection regulations, particularly GDPR, EU AI Act (or equivalent regulations), privacy by design principles and their practical application in business processes and systems.
• Experience with implementing and administering privacy management frameworks and tools, e. g. One
  Trust or similar.
• Proven track record in conducting data mapping exercises, DPIAs, and maintaining Records of Processing Activities (Ro
  PA).
• Strong analytical skills with the ability to assess complex privacy risks and develop effective mitigation strategies.
• Excellent verbal and written communication skills in English.
• Proficiency in using Microsoft Office suite, with strong skills in Excel and Power
  Point.
• Strong stakeholder management skills to address issues and reach consensus in a complex and ambiguous environment.
• Ability to translate complex regulatory requirements into practical operational controls.
• Effective organizational and project management skills.

Preferred Qualifications:

• Globally recognized privacy certifications (e. g. , IAPP CIPP/E, CIPM, or equivalent).
• Experience with privacy management platforms similar to One
  Trust.
• Familiarity with information security standards such as ISO 27001.
• Experience working in a global organization with
  - jurisdictional privacy requirements.
• Background in financial services, payments, or fintech industries.