Privacy Operations Analyst

What’s the role?

As a Privacy Operations Analyst at TravelPerk, you will be instrumental in building, simplifying, and scaling our privacy program while driving our privacy operations strategy. You’ll streamline the complexities of privacy, AI, cybersecurity, and data governance regulation into practical, actionable guidelines that ensure effective risk management and continuous improvement of our privacy program. You will leverage cutting-edge technology to create user-friendly automated workflows that drive innovation and maintain product development velocity, all while ensuring the protection of personal data and regulatory compliance.

Additionally, you will have the opportunity to help shape and develop a world class privacy function. You will report to the Legal Manager, Privacy and also collaborate closely with the Privacy Counsel & DPO.

What will you be doing?

• Assist in the development and execution of policies, procedures, and controls to ensure compliance with GDPR, CCPA, EU AI Act, and other relevant regulations. 
• Review and update the ROPA to reflect evolving requirements and data processing activities.
• Work with Data, Engineering, and Security teams to implement privacy governance protocols, acquire governance tools, and integrate privacy-enhancing technologies (PET).
• Develop and automate privacy processes, including Data Protection Impact Assessments (DPIAs), consent lifecycle management, and adherence to data retention policies. Respond efficiently to data subject requests and coordinate responses to privacy and AI incidents.
• Track and report privacy metrics, trends, and risks. Develop and implement training, communication strategies, and resources like TravelPerk’s Trust Center to share privacy knowledge and strengthen the privacy culture within and outside the organization.

What capabilities will help you succeed?

You’ll have a solid background in privacy, data protection, and risk management, combined with a passion for developing innovative solutions to implement privacy requirements effectively in a fast-paced, technology-driven organisation.  

During our interview process, we’ll also look for your ability to demonstrate specific competencies which derive from TravelPerk’s values, as outlined in the table below. The winning candidate will have particularly brilliant responses ready in relation to the Seven Star Service attributes.

Essentials

• Experience driving operational initiatives within a global privacy team in a technology environment.
• Experience working with fast-paced engineering/product development teams.
• Solid knowledge of global privacy, cybersecurity and AI regulations, such as GDPR, CCPA, EU AI Act, NIS2, DORA, and other regional laws in those fields.
• Familiarity with privacy and AI frameworks and standards, such as ISO 27701, 23894 and 42001, NIST Privacy and AI Risk Management frameworks, and Privacy by Design (PbD) principles.
• Proficiency in privacy management tools and technologies. Familiarity with data governance tools, consent management platforms, and privacy-enhancing technologies (PETs) is desirable.
• Strong understanding of data management principles, including data discovery, mapping, retention, and deletion.
• Strong analytical skills for assessing privacy risks and experience supporting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs).
• Experience managing privacy-related projects, including coordinating tasks, setting timelines, and ensuring deliverables are met on schedule. Project management certifications or experience with project management methodologies such as Agile or Scrum may be advantageous.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Strong analytical and problem-solving abilities, with a keen attention to detail.
• Relevant privacy certifications, such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or Certified Information Privacy Technologist (CIPT), are desirable.

It is not necessary for you to hold a legal (or any other) degree in order to apply for this position (though of course it is not harmful to your prospects if you do have a degree!). We are interested in your practical abilities, not your “book smarts”.

To all candidates: we encourage individuals who possess a genuine passion for learning and growth, even if they do not meet every requirement listed, to apply for this role. We firmly believe in providing opportunities for motivated individuals to expand their skills and thrive within our team.

Where will the role take you?

At TravelPerk, we believe in the importance of growth and development for our team members, ensuring high levels of personal satisfaction. Talented and driven individuals can expect an employee value proposition that offers continual advancement. In this role, you will gain exceptional experience working in a fast-scaling, global tech (specifically SaaS) business. You'll develop tools and techniques to deliver legal capability at scale, exceeding stakeholder expectations and driving tangible business outcomes.

Promotion opportunities include advancing from Privacy Operations Analyst to Senior Privacy Operations Analyst.  We are not hiring in this layer currently, and do not expect to hire “over your head”; instead, we are looking for you to grow and scale capability in your areas of expertise.  To successfully advance to the next tier, it is crucial to focus on two key aspects: establishing a robust supply chain that prioritises privacy-centric insights for product improvement, and adaptability to swiftly address and offer scalable, business-driven solutions in the face of an ever-evolving regulatory landscape.

We offer you the freedom to achieve the best outcomes for your customers without micromanagement or excessive bureaucracy. Join us as we revolutionise privacy practices in the travel industry and shape the future of data protection!