Global Privacy Operations Manager

What you'll do

• Partner closely with business stakeholders across functions including product, engineering, compliance, legal, and operations to provide practical privacy guidance and ensure alignment with Trustly's privacy standards.

• Drive and manage improvement programmes within the privacy operations function, taking ownership of delivery from scoping through to implementation.

• Own and continuously improve the operational processes underpinning Trustly's privacy framework, such as data subject rights request management, data breach response, and records of processing activities.

• Support the completion and review of Data Protection Impact Assessments and Transfer Impact Assessments, working closely with product, engineering, and commercial teams to embed privacy by design at the outset of new initiatives.

• Conduct and coordinate privacy-related compliance control checks across the business, with particular focus on Trustly's obligations as a regulated financial institution, including controls relevant to payment services regulation, financial crime, and data sharing with third-party providers.

• Support the Deputy DPO in the day-to-day delivery of Trustly's global privacy operations, ensuring that the privacy programme runs efficiently and consistently across all business lines and jurisdictions.

• Contribute to the identification and management of privacy risks across the organisation, escalating issues appropriately and supporting the preparation of clear risk reporting for senior stakeholders.

• Help develop and maintain privacy documentation, training materials, and awareness resources for Trustly's global workforce.

• Monitor developments in applicable data protection law and regulatory guidance, including UK GDPR, EU GDPR, and relevant US privacy legislation, and flag implications for Trustly's operations.

• Support the Deputy DPO and Global DPO in managing engagements with data protection authorities and responding to regulatory enquiries in a timely and well-organised manner.

Who you are

• A minimum of 5 to 7 years of hands-on experience in privacy and data protection, with a demonstrable focus on privacy operations rather than purely legal advisory work.

• Strong working knowledge of UK GDPR and EU GDPR, with familiarity with US privacy laws (including CCPA/CPRA) considered a significant advantage.

• Experience working in or with the FinTech or payments sector is strongly preferred; an understanding of the data protection considerations specific to regulated financial institutions will be highly valued.

• A legal qualification (such as a law degree or solicitor/barrister qualification) is a desirable background for this role, though it is not a strict requirement - what matters most is a thorough understanding of legal requirements, practical privacy expertise and operational capability.

• Demonstrable experience managing large-scale improvement programmes or projects within a privacy or compliance context, with the ability to take ownership of workstreams and drive them to completion.

• A track record of partnering closely with business stakeholders and translating complex regulatory requirements into clear, workable guidance and processes.

• Relevant professional qualifications such as CIPP/E, CIPM, or CIPT are desirable.

• A natural problem-solver who approaches challenges analytically, pragmatically, and with confidence.

• A genuine growth mindset - you are curious, keen to develop your expertise, open to feedback, and energised by working in an environment where there is always more to learn and improve.

• You are proactive, solutions-oriented, and energised by the challenge of building something meaningful - you do not wait to be told what needs to be done.

• You hold a recognised data protection qualification (such as CIPP/E, CIPM, or equivalent). 

• Willingness to work flexible hours to collaborate with global privacy team members across different time zones and travel occasionally for meetings.