Privacy & Compliance Officer

Role Overview

• Drive and support our global privacy and compliance efforts, with a focus on GDPR and other applicable data protection frameworks.
• Monitor and assess the impact of evolving global regulations (privacy, AI, etc.), proactively advising the business on required adaptations to policies, processes, or products.
• Maintain and continuously improve privacy governance documentation, including privacy notices, internal policies, and consent frameworks.
• Maintain and update Records of Processing Activities and lead or support Data Protection Impact Assessments where required.
• Oversee vendor due diligence reviews of third-party systems and perform risk assessments related to data processing activities.
• Review and negotiate Data Processing Agreements (DPAs) with customers and sub-processors.
• Partner with Product and Technology team to embed privacy-by-design principles into our development processes.
• Own and develop our broader compliance framework, ensuring the company meets its obligations across relevant regulatory areas including commercial, marketing, consumer protection, and industry-specific requirements.
• Advise internal stakeholders on regulatory frameworks, their developments and their practical implications for the business.
• Identify and assess compliance risks across the organisation, and design scalable controls and governance processes to address them.
• Support the maintenance and continuous improvement of ISO 27001 certification efforts, working cross-functionally to ensure audit readiness and alignment with international information security standards.
• Support the completion of enterprise customer security and compliance questionnaires.
• Develop, maintain, and deliver internal compliance training programs to foster a culture of responsibility across the organization.
• Continuously improve internal compliance processes to ensure scalable and efficient governance.

Requirements

• 3-5 years of legal experience, ideally in-house at a globally operating software or technology company.
• Strong working knowledge of GDPR; familiarity with additional privacy frameworks (especially U.S. privacy laws) is an advantage.
• Experience negotiating data processing agreements.
• A strong interest in privacy governance, regulatory developments, and building scalable compliance processes.
• Broad compliance experience beyond privacy, including familiarity with regulatory and information security frameworks.
• Ability to balance legal risk with commercial objectives in a pragmatic, solution-oriented way.
• Experience with or exposure to ISO 27001 or similar international certification frameworks is a plus.
• Clear and confident communicator, capable of translating complex regulatory obligations into practical, business-friendly guidance.
• Proficiency in English.

Benefits

• Top notch hardware equipment, and the possibility to borrow photography gears.
• A vibrant and social work culture, full of events to attend and bond with the team.
• Plenty of flexibility to keep your work and life in balance
• paid vacation, private health insurance, pension contributions, mental health and physical wellbeing support.
• Commuting options (bike leasing and public transportation discounts).
• Snacks, coffee, drinks and fruits at the office to help you get going!