377 Posti di lavoro per Data Protection in Italia

Overview

RINA is currently recruiting for a Global Data Protection & Privacy Analyst to join its office in Genoa (Italy) within the Global ESG & Compliance Division.

Mission: This role combines aspects of both Data Protection and Privacy, to ensure that RINA data handling practices are compliant with regulatory requirements and industry best practices. This role typically involves ensuring that an organization's data is protected from unauthorized access, breaches, and other security threats. The role assists in managing and protecting personal and sensitive data in compliance with privacy laws and regulations.

• Assist Data Security Audits: Assist during regular audits to ensure compliance with data protection regulations and internal policies.
• Support to Privacy Risk Assessment: Identify, assess, and mitigate potential security risks to organizational data.
• Policy Development and Enforcement: Develop and enforce RINA data protection policies, procedures, and standards.
• Incident Response: Execute protocols for responding to data breaches and security incidents.
• Training and Awareness: Educate employees on data protection best practices and policies.
• Data Governance: Support proper management and use of data within the organization.

• Regulatory Compliance: Support in developing policies ensuring compliance with privacy laws and regulations such as GDPR, CCPA, HIPAA, etc.
• Privacy Impact Assessments (PIAs): Drafting PIAs to identify and mitigate privacy risks for new projects, systems, and processes.
• Data Subject Rights Management: Assist the management of processes related to data subject rights, including access, rectification, and erasure requests.
• Privacy by Design: Verify the application of privacy by design principles in the development of RINA new products and services.
• Data Mapping and Inventory: Maintain data inventories and conduct data mapping to understand data flows within the organization.
• Third-Party Risk Management: Assess and manage privacy risks associated with third-party vendors and partners.

Bachelor’s Degree in Law

• 1-2 years of experience in data protection, privacy management, or a related field
• Strong knowledge and understanding of global data protection and privacy laws and regulations
• Good knowledge of data protection and privacy tools and technologies
• Strong analytical skills to assess and mitigate data protection and privacy risks
• Meticulous in ensuring compliance with all regulatory and policy requirements
• Excellent written and verbal communication skills to effectively communicate with both technical and non-technical stakeholders
• High level of integrity and adherence to ethical standards
• Preferred certifications include CISSP, CIPP, CIPM, CISM, CDPO, or similar
• Fluent in Italian and good working knowledge of English

• ADDRESS THE WAY - Have a big picture of different situations and reinterpret it in a perspective way
• BUILD NETWORK - Forge trust relationships, across departments, and outside the organization
• CLIENT INTIMACY - Embrace internal and external client needs, expectations, and requirements to ensure maximum satisfaction
• EARN TRUST - Take everyone's opinion into account and remain open to diversity
• MAKE EFFECTIVE DECISIONS - Structure activities according to priorities, actions, resources and constraint
• MANAGE EMOTIONS - Recognise one's and other's emotions and express and regulate one's reactions
• PIONEER CHANGE - Actively embrace change and benefit from the new circumstances
• PROMOTE SUSTAINABLE DEVELOPMENT - Promote commitment by keeping promises as a Role Model
• THINK FORWARD - Capitalise on experiences and translate them into action plans for the future

RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion.

At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99.

RINA is currently recruiting for a Global Data Protection & Privacy Analyst to join its office in Genoa (Italy) within the Global ESG & Compliance Division.

Mission: This role combines aspects of both Data Protection and Privacy, to ensure that RINA data handling practices are compliant with regulatory requirements and industry best practices. This role typically involves ensuring that an organization's data is protected from unauthorized access, breaches, and other security threats. The role assists in managing and protecting personal and sensitive data in compliance with privacy laws and regulations.

• Assist Data Security Audits: Assist during regular audits to ensure compliance with data protection regulations and internal policies.
• Support to Privacy Risk Assessment: Identify, assess, and mitigate potential security risks to organizational data.
• Policy Development and Enforcement: Develop and enforce RINA data protection policies, procedures, and standards.
• Incident Response: Execute protocols for responding to data breaches and security incidents.
• Training and Awareness: Educate employees on data protection best practices and policies.
• Data Governance: Support proper management and use of data within the organization.

• Regulatory Compliance: Support in developing policies ensuring compliance with privacy laws and regulations such as GDPR, CCPA, HIPAA, etc.
• Privacy Impact Assessments (PIAs): Drafting PIAs to identify and mitigate privacy risks for new projects, systems, and processes.
• Data Subject Rights Management: Assist the management of processes related to data subject rights, including access, rectification, and erasure requests.
• Privacy by Design: Verify the application of privacy by design principles in the development of RINA new products and services.
• Data Mapping and Inventory: Maintain data inventories and conduct data mapping to understand data flows within the organization.
• Third-Party Risk Management: Assess and manage privacy risks associated with third-party vendors and partners.

Bachelor’s Degree in Law

• 1-2 years of experience in data protection, privacy management, or a related field
• Strong knowledge and understanding of global data protection and privacy laws and regulations
• Good knowledge of data protection and privacy tools and technologies
• Strong analytical skills to assess and mitigate data protection and privacy risks
• Meticulous in ensuring compliance with all regulatory and policy requirements
• Excellent written and verbal communication skills to effectively communicate with both technical and non-technical stakeholders
• High level of integrity and adherence to ethical standards
• Preferred certifications include CISSP, CIPP, CIPM, CISM, CDPO, or similar
• Fluent in Italian and good working knowledge of English

• ADDRESS THE WAY - Have a big picture of different situations and reinterpret it in a perspective way
• BUILD NETWORK - Forge trust relationships, across departments, and outside the organization
• CLIENT INTIMACY - Embrace internal and external client needs, expectations, and requirements to ensure maximum satisfaction
• EARN TRUST - Take everyone's opinion into account and remain open to diversity
• MAKE EFFECTIVE DECISIONS - Structure activities according to priorities, actions, resources and constraint
• MANAGE EMOTIONS - Recognise one's and other's emotions and express and regulate one's reactions
• PIONEER CHANGE - Actively embrace change and benefit from the new circumstances
• PROMOTE SUSTAINABLE DEVELOPMENT - Promote commitment by keeping promises as a Role Model
• THINK FORWARD - Capitalise on experiences and translate them into action plans for the future

RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion.

At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind. We are also compliant to the Italian Law n. 68/99.

Posting Date: 1 Sept 2025

City: Genova

Location: Genova, IT, 16128

Contract Type: Permanent

Division: Global ESG & Compliance

Level of experience: Entry Level

RINA is currently recruiting for a Global Data Protection & Privacy Analyst to join its office in Genoa (Italy) within the Global ESG & Compliance Division.

This role combines aspects of both Data Protection and Privacy, to ensure that RINA data handling practices are compliant with regulatory requirements and industry best practices. This role typically involves ensuring that an organization's data is protected from unauthorized access, breaches, and other security threats. The role assist in managing and protecting personal and sensitive data in compliance with privacy laws and regulations. #LI-VB1

• Data Protection
  • Assist Data Security Audits: Assist during regular audits to ensure compliance with data protection regulations and internal policies.
  • Support to Privacy Risk Assessment: Identify, assess, and mitigate potential security risks to organizational data.
  • Policy Development and Enforcement: Develop and enforce RINA data protection policies, procedures, and standards.
  • Incident Response: Execute protocols for responding to data breaches and security incidents.
  • Training and Awareness: Educate employees on data protection best practices and policies.
  • Data Governance: Support proper management and use of data within the organization.
• Privacy Management
  • Regulatory Compliance: Support in developing policies ensuring compliance with privacy laws and regulations such as GDPR, CCPA, HIPAA, etc.
  • Privacy Impact Assessments (PIAs): Drafting PIAs to identify and mitigate privacy risks for new projects, systems, and processes.
  • Data Subject Rights Management: Assist the management of processes related to data subject rights, including access, rectification, and erasure requests.
  • Privacy by Design: Verify the application of privacy by design principles in the development of RINA new products and services.
  • Data Mapping and Inventory: Maintain data inventories and conduct data mapping to understand data flows within the organization.
  • Third-Party Risk Management: Assess and manage privacy risks associated with third-party vendors and partners.

Bachelor’s Degree in Law

• 1-2 years of experience in data protection, privacy management, or a related field
• Strong knowledge and understanding of global data protection and privacy laws and regulations
• Good knowledge of data protection and privacy tools and technologies
• Strong analytical skills to assess and mitigate data protection and privacy risks
• Meticulous in ensuring compliance with all regulatory and policy requirements
• Excellent written and verbal communication skills to effectively communicate with both technical and non-technical stakeholders
• High level of integrity and adherence to ethical standards
• Preferred certifications include CISSP, CIPP, CIPM, CISM, CDPO, or similar
• Fluent in Italian and good working knowledge of English
• ADDRESS THE WAY - Have a big picture of different situations and reinterpret it in a perspective way
• BUILD NETWORK - Forge trust relationships, across departments, and outside the organization
• CLIENT INTIMACY - Embrace internal and external client needs, expectations, and requirements to ensure maximum satisfaction
• EARN TRUST - Take everyone's opinion into account and remain open to diversity
• MAKE EFFECTIVE DECISIONS - Structure activities according to priorities, actions, resources and constraint
• MANAGE EMOTIONS - Recognise one's and other's emotions and express and regulate one's reactions
• PIONEER CHANGE - Actively embrace change and benefit from the new circumstances
• PROMOTE SUSTAINABLE DEVELOPMENT - Promote commitment by keeping promises as a Role Model
• THINK FORWARD - Capitalise on experiences and translate them into action plans for the future

RINA is a multinational company providing a wide range of services in the energy, marine, certification, infrastructure & mobility, industry, research & development sectors. Our business model covers the full process of project development, from concept to completion.

At RINA, we endeavor to create a work environment where every single person is valued and encouraged to develop new ideas. We provide equal employment opportunities and are committed to creating a workplace where everyone feels respected and safe from discrimination or harassment of any kind.We are also compliant to the Italian Law n. 68/99.

Siamo alla ricerca di una figura da inserire all'interno dell'Area “Privacy e protezione dati", dotata di consolidata conoscenza della normativa nazionale ed europea in materia di protezione dei dati personali, preferibilmente con esperienza pregressa. La risorsa supporterà attivamente il Responsabile di Area, sia nelle attività di consulenza sia nella funzione di Data Protection Officer (DPO) presso Enti pubblici e soggetti privati distribuiti sull'intero territorio nazionale.

Si richiedono:

-Possesso di Laurea (preferibilmente in ambito giuridico-economico o informatico);

-Conoscenza delladisciplina della protezione dei dati personali (preferibilmente comprovata da attestati di partecipazione a corsi di formazione/specializzazione in materia);

-Spiccate capacità relazionali per un'efficace approccio ai clienti;

-Disponibilità a trasferte di breve periodo sull'intero territorio nazionale.

L'inquadramento, la durata del rapporto e la retribuzione saranno commisurate al profilo del candidato.

Sede di lavoro:
Telese Terme (BN)

Overview

MetaDig è un’azienda italiana protagonista nello sviluppo di strategie di Digital Marketing attraverso molteplici canali di acquisizione. Grazie all’implementazione di performance marketing campaign, alla generazione di audience e database, MetaDig eleva la visibilità online delle imprese e il conversion rate. MetaDig è Leader nell’erogazione di servizi di : Lead Generation & Digital Advertising, List providing, Inbound Marketing e Comparazione online, a favore di committenti in ambito Telco, Energy, Finance, Insurance e Automotive.

Per la sede di Sesto S. Giovanni, MetaDig ricerca una / un : Legal officer, data protection & privacy law

Compito del Legal Officer è quello di consentire il corretto svolgimento delle attività aziendali in maniera trasversale: è suo compito redigere e / o verificare la contrattualistica aziendale (verso i Clienti, i Fornitori e i Consulenti), nonché fornire pareri ai vari reparti in relazione ai rischi, agli adempimenti e ai rilievi di natura legale all’interno dei singoli progetti.

In particolare, il Legal Officer si occupa delle tematiche relative alla data protection, sia all’interno dell’Azienda, sia verso Clienti e Fornitori, mostrandosi parte attiva nella progettazione dei trattamenti di dati personali e nel loro svolgimento, nonché nelle trattative commerciali che riguardino aspetti di natura legale.

Garantisce, inoltre, che la gestione dei trattamenti stessi avvenga in conformità con le normative nazionale ed europea applicabili, ricomprendendo il ruolo di Data Protection Officer.

La figura è deputata a fungere da punto di contatto primario all'interno dell'organizzazione per i dipendenti, le autorità di regolamentazione e gli enti competenti su questioni relative alla protezione dei dati.

Richiesto elevato presidio delle competenze relative a :

• Normativa sul trattamento dei dati personali, nazionale ed europea, e suoi aggiornamenti;
• Normativa applicabile al settore di competenza della Società (ad es. marketing, pubblicità, ecc) e suoi aggiornamenti;
• Capacità di riconoscere i ruoli del trattamento, nonché di progettare, dall’ideazione fino alla fase di verifica, un trattamento di dati personali in linea con la normativa e con l’interesse aziendale;
• Svolgere attività di formazione periodica delle risorse aziendali;
• Diritto dei contratti. Costituiscono un plus le competenze relative al diritto del lavoro e diritto societario.
• Formazione giuridica accertata e qualificata : Laurea in Giurisprudenza; il conseguimento di un Master (o titoli assimilabili) in materia di data protection & privacy law costituisce titolo preferenziale;
• Conoscenza degli applicativi e dei sistemi informatici basilari;
• Ottima conoscenza della lingua inglese;
• Eccellenti capacità di comunicazione verbale e scritta, con una forte attenzione ai dettagli;
• Ottime doti relazionali e capacità di lavorare bene sia in modo indipendente che come parte di un team;
• Coinvolgimento nell’implementazione del piano di sviluppo aziendale con relativa opportunità di carriera accompagnata dalla partecipazione a percorsi di formazione manageriale e specialistica.

Lavorare in Metadig significa vivere un ambiente di lavoro inclusivo, luogo di valorizzazione del talento, delle relazioni e delle ambizioni

Contratto di lavoro : Tempo pieno

Orario : Dal lunedì al venerdì

MetaDig è un’azienda italiana protagonista nello sviluppo di strategie di Digital Marketing attraverso molteplici canali di acquisizione. Grazie all’implementazione di performance marketing campaign, alla generazione di audience e database, MetaDig eleva la visibilità online delle imprese e il conversion rate. MetaDig è Leader nell’erogazione di servizi di : Lead Generation & Digital Advertising, List providing, Inbound Marketing e Comparazione online, a favore di committenti in ambito Telco, Energy, Finance, Insurance e Automotive.

Per la sede di Sesto S. Giovanni, MetaDig ricerca una / un : Legal officer, data protection & privacy law

Compito del Legal Officer è quello di consentire il corretto svolgimento delle attività aziendali in maniera trasversale: è suo compito redigere e / o verificare la contrattualistica aziendale (verso i Clienti, i Fornitori e i Consulenti), nonché fornire pareri ai vari reparti in relazione ai rischi, agli adempimenti e ai rilievi di natura legale all’interno dei singoli progetti.

In particolare, il Legal Officer si occupa delle tematiche relative alla data protection, sia all’interno dell’Azienda, sia verso Clienti e Fornitori, mostrandosi parte attiva nella progettazione dei trattamenti di dati personali e nel loro svolgimento, nonché nelle trattative commerciali che riguardino aspetti di natura legale.

Garantisce, inoltre, che la gestione dei trattamenti stessi avvenga in conformità con le normative nazionale ed europea applicabili, ricomprendendo il ruolo di Data Protection Officer.

La figura è deputata a fungere da punto di contatto primario all'interno dell'organizzazione per i dipendenti, le autorità di regolamentazione e gli enti competenti su questioni relative alla protezione dei dati.

Richiesto elevato presidio delle competenze relative a :

• Normativa sul trattamento dei dati personali, nazionale ed europea, e suoi aggiornamenti;
• Normativa applicabile al settore di competenza della Società (ad es. marketing, pubblicità, ecc) e suoi aggiornamenti;
• Capacità di riconoscere i ruoli del trattamento, nonché di progettare, dall’ideazione fino alla fase di verifica, un trattamento di dati personali in linea con la normativa e con l’interesse aziendale;
• Svolgere attività di formazione periodica delle risorse aziendali;
• Diritto dei contratti. Costituiscono un plus le competenze relative al diritto del lavoro e diritto societario.
• Formazione giuridica accertata e qualificata : Laurea in Giurisprudenza; il conseguimento di un Master (o titoli assimilabili) in materia di data protection & privacy law costituisce titolo preferenziale;
• Conoscenza degli applicativi e dei sistemi informatici basilari;
• Ottima conoscenza della lingua inglese;
• Eccellenti capacità di comunicazione verbale e scritta, con una forte attenzione ai dettagli;
• Ottime doti relazionali e capacità di lavorare bene sia in modo indipendente che come parte di un team;
• Coinvolgimento nell’implementazione del piano di sviluppo aziendale con relativa opportunità di carriera accompagnata dalla partecipazione a percorsi di formazione manageriale e specialistica.

Lavorare in Metadig significa vivere un ambiente di lavoro inclusivo, luogo di valorizzazione del talento, delle relazioni e delle ambizioni

Contratto di lavoro : Tempo pieno

Orario : Dal lunedì al venerdì

At Paymentology , we’re redefining what’s possible in the payments space. As the first truly global issuer-processor, we give banks and fintechs the technology and talent to launch and manage Mastercard, Visa, and UnionPay cards at scale - across more than 60 countries.

Our advanced, multi-cloud platform delivers real-time data, unmatched scalability, and the flexibility of shared or dedicated processing instances. It's this global reach and innovation that sets us apart.

We're looking for a Data Protection Analyst to play a key role in enhancing our data privacy framework. Your work will help protect the privacy of our customers and employees, ensuring that our Privacy practices are transparent and secure.

In addition, you will get involved with implementing the Privacy and AI tools that support the privacy governance workflows. Your day-to-day work will involve collaborating with cross-functional teams and making recommendations to improve our privacy and governance practices.

What you get to do : :

Data Privacy Framework

• Strengthen Paymentology’s data privacy risk framework, implementing robust policies and procedures aligned with the GDPR, and other global privacy regulations and best practices. Work closely with global cross-functional stakeholders to support team projects and goals.

Privacy Management System

• Support the implementation of our new Privacy Management System, working directly with the vendor and internal stakeholders to configure system settings, create assessment templates and establish efficient process workflows, documentation, and reporting.

Data Mapping & Governance

• Work closely with designated teams to conduct comprehensive data mapping exercises across the company to identify personal data flows, establishing data governance structures and control mechanisms.
• Run the Data Protection Impact Assessments (DPIAs) and Records of Processing Activities (RoPA), and AI Risk Governance activities, and support supplier assessments, based on privacy risks. Conduct re-assessments of personal data processing activities based on risk.

Regulatory Compliance Management

• Ensure adherence to GDPR and other relevant global data protection regulations, monitoring regulatory developments and implementing necessary changes to maintain compliance.

Privacy by Design and by Default

• Provide advice and guidance to the business on data protection, privacy by design and AI-related questions and risks. Collaborate with cross-functional teams such as Procurement, Information Security, Legal and Compliance to balance privacy and business objectives. Support the review and assessment of Data Protection Agreements (DPAs).

Controls Testing & Improvement

• Perform ongoing assessments of privacy controls, identifying areas for improvement and implementing corrective measures to strengthen data protection practices. Maintain comprehensive documentation of findings and prepare reports for senior management.
• Act as key point of contact for reporting and handling of personal data incidents, implementing effective response and coordinating remediation efforts to minimise impact and avoid reoccurrence.

Data Subject Rights Management

• Manage the processing of Data Subject Access Requests (DSARs), such as erasure, rectification, portability, and ensure timely and compliant responses.
• Develop and deliver privacy training, raising awareness of data protection responsibilities across the organisation.

What you can look forward to : :

At Paymentology , it’s not just about building great payment technology, it’s about building a company where people feel they belong and their work matters. You’ll be part of a diverse, global team that’s genuinely committed to making a positive impact through what we do. Whether you’re working across time zones or getting involved in initiatives that support local communities, you’ll find real purpose in your work - and the freedom to grow in a supportive, forward-thinking environment.

Travel :

What it takes to succeed :

• Minimum of 3 - 5 years of experience in data privacy, compliance, or risk management roles, ideally within the payments industry or similarly regulated environments.
• Strong understanding of global data protection regulations, particularly GDPR, EU AI Act (or equivalent regulations), privacy by design principles and their practical application in business processes and systems.
• Experience with implementing and administering privacy management frameworks and tools, e.g. OneTrust or similar.
• Proven track record in conducting data mapping exercises, DPIAs, and maintaining Records of Processing Activities (RoPA).
• Strong analytical skills with the ability to assess complex privacy risks and develop effective mitigation strategies.
• Excellent verbal and written communication skills in English.
• Proficiency in using Microsoft Office suite, with strong skills in Excel and PowerPoint.
• Strong stakeholder management skills to address issues and reach consensus in a complex and ambiguous environment.
• Ability to translate complex regulatory requirements into practical operational controls.
• Effective organizational and project management skills.

Preferred Qualifications :

• Globally recognized privacy certifications (e.g., IAPP CIPP / E, CIPM, or equivalent).
• Experience with privacy management platforms similar to OneTrust.
• Familiarity with information security standards such as ISO 27001.
• Experience working in a global organization with multi-jurisdictional privacy requirements.
• Background in financial services, payments, or fintech industries.

Labor Project srl, società dinamica di consulenza e formazione fondata nel 2003 operante in ambito nazionale ed internazionale, “Boutique” nei settori Privacy e Data Protection, Artificial Intelligence, ESG, Compliance 231/01, in ottica di sviluppo ricerca di un Data Protection Analyst.

Offriamo supporto strategico e operativo a multinazionali, PMI e pubblica amministrazione, con un forte impegno nell'innovazione e nell'implementazione di soluzioni personalizzate per garantire elevati livelli di compliance.

REQUISITI:

Titolo di laurea in Giurisprudenza – Scienze Politiche o materie informatico - giuridiche

Esperienza biennale maturata presso società di consulenza oppure in contesti corporate o studi legali con focus sulla consulenza aziendale e in materia di protezione dei dati.

In particolare, saranno considerati titoli preferenziali le seguenti esperienze e competenze:

• Partecipazione a master e/o corsi di formazione in materia di protezione dei dati
• Conoscenza di altre normative internazionali sulla protezione dei dati e della European Digital Strategy.
• Conoscenza del Legal English e anche di altre lingue
• Esperienza nell’utilizzo di gestionali e/o applicativi di ricerca normativa Privacy (es. OneTrust, Privacy Encoder, DataGuidance, ecc.)

HARD SKILLS:

• Conoscenza approfondita del GDPR e delle normative nazionali in materia di protezione dei dati
• Capacità di condurre audit ed effettuare analisi dei rischi.
• Familiarità con tecnologie di protezione dei dati
• Ottima padronanza dell'inglese (livello richiesto B2 / C1)
• Ottimo utilizzo del pacchetto Office (in particolare Word, PowerPoint, Outlook, Teams)
• Ottima capacità di ricerca giurisprudenziale e di elaborazione giuridica

SOFT SKILLS:

• Eccellenti capacità di comunicazione e presentazione
• Problem solving e orientamento ai risultati
• Attitudine a lavorare in team
• Capacità di gestire situazioni complesse e di negoziazione con stakeholder diversi:
  

PERCORSO DI INSERIMENTO PREVISTO:

La risorsa verrà inserita in un gruppo coordinato da una figura Senior per affiancamento al fine di contribuire alla gestione di attività con complessità crescente e per permettere di seguire clienti in autonomia.

PRINCIPALI ATTIVITA’:

• Affiancamento ai Titolari e Responsabili del trattamento (in presenza e da remoto) nell’adempimento delle prescrizioni normative derivanti dal GDPR e delle principali normative nazionali ed internazionali sulla protezione dei dati. Ad esempio:
  
• Redazione informative, nomine a responsabile, accordi sindacali, registri dei trattamenti e relative analisi dei rischi, ecc.
• Verifica Sito Internet e analisi misure di sicurezza informatiche
• Elaborazione di Data Transfer Agreement (DTA) e Data Privacy Impact Assessment (DPIA), Legitimate interest assessment (LIA)
• Sviluppo ed implementazione di politiche e procedure di protezione dati
• Monitoraggio ed effettuazione di audit e risk assesment sulla conformità aziendale privacy
• Docenza in presenza e da remoto in materia di Privacy
• Supporto ai clienti nella redazione della documentazione Privacy in caso di data breach, inclusa la gestione delle segnalazioni
• Inserimento in Team DPO

COSA OFFRIAMO:

• Partecipazione a progetti complessi ed innovativi
• Ambiente dinamico e meritocratico
• Costante affiancamento e condivisione
• Piani di crescita professionale
• Corsi di formazione e certificazioni
• Dopo periodo di inserimento:
  Smart working e/o possibilità di orario flessibile
• Sistema di Welfare&Benefits (se inquadramento con CCNL)

Tipologia contrattuale:
in dipendenza del profilo del candidato e di eventuali competenze specifiche già acquisite:
contratto di collaborazione con P.IVA (se iscritto/a all’albo degli Avvocati) o assunzione CCNL Commercio, quattordici mensilità.

Luogo di Lavoro:
in dipendenza della provenienza geografica di domicilio, Milano (zona Stazione Centrale) o Cantù (Como). Per tutti i neoassunti è comunque previsto un inserimento iniziale per onboarding presso headquarter di Cantù (CO).

Altro:
Il candidato dovrà essere automunito/a con disponibilità a trasferte su sede clienti.

I Suoi dati saranno trattati per la selezione del personale (esecuzione misure precontrattuali) da soggetti, anche esterni, coinvolti nella selezione del Titolare, compresi fornitori del sistema informativo del Titolare del trattamento Labor Project S.R.L., con sede legale in Via Brianza n. 65, 22063 Cantù (CO), nella persona dell’Amministratore Delegato, contatti:
Tel. , e-mail, a cui potrà rivolgersi per esercitare i Suoi diritti (artt. 15-22 del GDPR), compreso eventuale reclamo al Garante Privacy. I dati saranno conservati massimo 24 mesi, non saranno diffusi. Informativa completa (art. 13 GDPR) disponibile ai recapiti sopra indicati o al link

Copia della stessa sarà fornita al primo contatto utile successivo all’invio del curriculum (in sede di colloquio).

At Paymentology , we’re redefining what’s possible in the payments space. As the first truly global issuer-processor, we give banks and fintechs the technology and talent to launch and manage Mastercard, Visa, and UnionPay cards at scale - across more than 60 countries.

Our advanced, multi-cloud platform delivers real-time data, unmatched scalability, and the flexibility of shared or dedicated processing instances. It's this global reach and innovation that sets us apart.

We're looking for a Data Protection Analyst to play a key role in enhancing our data privacy framework. Your work will help protect the privacy of our customers and employees, ensuring that our Privacy practices are transparent and secure.

In addition, you will get involved with implementing the Privacy and AI tools that support the privacy governance workflows. Your day-to-day work will involve collaborating with cross-functional teams and making recommendations to improve our privacy and governance practices.

What you get to do : :

Data Privacy Framework

• Strengthen Paymentology’s data privacy risk framework, implementing robust policies and procedures aligned with the GDPR, and other global privacy regulations and best practices. Work closely with global cross-functional stakeholders to support team projects and goals.

Privacy Management System

• Support the implementation of our new Privacy Management System, working directly with the vendor and internal stakeholders to configure system settings, create assessment templates and establish efficient process workflows, documentation, and reporting.

Data Mapping & Governance

• Work closely with designated teams to conduct comprehensive data mapping exercises across the company to identify personal data flows, establishing data governance structures and control mechanisms.
• Run the Data Protection Impact Assessments (DPIAs) and Records of Processing Activities (RoPA), and AI Risk Governance activities, and support supplier assessments, based on privacy risks. Conduct re-assessments of personal data processing activities based on risk.

Regulatory Compliance Management

• Ensure adherence to GDPR and other relevant global data protection regulations, monitoring regulatory developments and implementing necessary changes to maintain compliance.

Privacy by Design and by Default

• Provide advice and guidance to the business on data protection, privacy by design and AI-related questions and risks. Collaborate with cross-functional teams such as Procurement, Information Security, Legal and Compliance to balance privacy and business objectives. Support the review and assessment of Data Protection Agreements (DPAs).

Controls Testing & Improvement

• Perform ongoing assessments of privacy controls, identifying areas for improvement and implementing corrective measures to strengthen data protection practices. Maintain comprehensive documentation of findings and prepare reports for senior management.
• Act as key point of contact for reporting and handling of personal data incidents, implementing effective response and coordinating remediation efforts to minimise impact and avoid reoccurrence.

Data Subject Rights Management

• Manage the processing of Data Subject Access Requests (DSARs), such as erasure, rectification, portability, and ensure timely and compliant responses.
• Develop and deliver privacy training, raising awareness of data protection responsibilities across the organisation.

What you can look forward to : :

At Paymentology , it’s not just about building great payment technology, it’s about building a company where people feel they belong and their work matters. You’ll be part of a diverse, global team that’s genuinely committed to making a positive impact through what we do. Whether you’re working across time zones or getting involved in initiatives that support local communities, you’ll find real purpose in your work - and the freedom to grow in a supportive, forward-thinking environment.

Travel :

What it takes to succeed :

• Minimum of 3 - 5 years of experience in data privacy, compliance, or risk management roles, ideally within the payments industry or similarly regulated environments.
• Strong understanding of global data protection regulations, particularly GDPR, EU AI Act (or equivalent regulations), privacy by design principles and their practical application in business processes and systems.
• Experience with implementing and administering privacy management frameworks and tools, e.g. OneTrust or similar.
• Proven track record in conducting data mapping exercises, DPIAs, and maintaining Records of Processing Activities (RoPA).
• Strong analytical skills with the ability to assess complex privacy risks and develop effective mitigation strategies.
• Excellent verbal and written communication skills in English.
• Proficiency in using Microsoft Office suite, with strong skills in Excel and PowerPoint.
• Strong stakeholder management skills to address issues and reach consensus in a complex and ambiguous environment.
• Ability to translate complex regulatory requirements into practical operational controls.
• Effective organizational and project management skills.

Preferred Qualifications :

• Globally recognized privacy certifications (e.g., IAPP CIPP / E, CIPM, or equivalent).
• Experience with privacy management platforms similar to OneTrust.
• Familiarity with information security standards such as ISO 27001.
• Experience working in a global organization with multi-jurisdictional privacy requirements.
• Background in financial services, payments, or fintech industries.