Loading...
Data Privacy Analyst
Tracking Code
E25-098
Job Location
Business Centre "Labirint" 5th Floor Liulin 10 District, Sofia, Sofia,
Job Level
Mid Career
Category
Information Technology / Information Systems
Position Type
Full-Time/Regular
Job Purpose
To manage a high-quality readiness to data protection & information governance, Subject Access Requests, third party risk management, and Data Protection enquiries from the council upholding our statutory obligations. The data privacy analyst will assist the compliance activities of the Data Protection Officer, supporting data privacy regulations and apply them in a practical manner.
This role reports to the Data Protection Officer and will support aspects of corporate Data Privacy Compliance programs including managing redlined addendum, contracts, and other activities required by the Data Protection Officer.
Key Responsibilities
• Support the DPO/Manager, Data Privacy Programs as required in the delivery of the Data Protection Program
• Identify, analyze, and document risks to individuals’ privacy arising from data processing activities
• Handle and assist the data subject access right requests, ensuring compliance data subject access right.
• Support to conduct Data Protection Impact Assessments (DPIAs) for projects, systems, and third-party vendors.
• Lead or assist in investigating, documenting, and reporting data breaches to authorities and affected parties as required.
• Assist to generate reports for management on the organization’s compliance status and areas for improvement.
• Monitor third-party compliance with data protection requirements.
• Review and evaluate data privacy agreements with vendors, partners, and service providers.
• Review and support the customer infosec questionnaire in the data protection topics.
• Support the creation as well as the implementation of the records regarding the processing activities
• Support documentation and evaluation of data processing activities
• Work closely with Sales, Product, and other teams to improve data privacy protections and ensure end-to-end data privacy compliance.
• Maintain records to support the data protection and audits where necessary
• Participate in the implementation and embedding the data governance organizational model
• Manage the compliance tools and systems for data security and compliance
• Support the educating team-members and other employees about data protection regulation
• Collaborate closely with global teams including Sales, Legal, Engineering, and Product to ensure privacy-by-design principles are applied
• Assist in selecting, managing, and optimizing compliance tools and systems used for data privacy and security oversight
• Contribute to internal privacy tooling and automation initiatives where feasible.
• Support project management responsibilities as needed, particularly in coordinating multi-department privacy initiatives or vendor assessments
Qualifications
• CIPP/E certification or other data privacy certifications (e.g., CIPM, CIPT) are a strong plus
• 2–5 years of experience in privacy, compliance, or project management within a legal, tech, or IT-related function
• Exceptional skills in business applications including Word, Excel, Smartsheet, SharePoint, and similar collaboration tools—are a must.
• Familiarity with privacy management platforms—OneTrust is highly recommended; Purview is a plus but not mandatory
• Strong understanding of the EU General Data Protection Regulation (GDPR) is a must; knowledge of CCPA, UK GDPR, and other global privacy laws is beneficial
• Prior experience working in a global technology company, especially in a SaaS or AI-driven environment, is a plus
• Basic knowledge of technical and cybersecurity regulations such as DORA, NIS2, or AI regulatory frameworks is a plus
• Ability to draft clear, professional SOPs, process documentation, and training materials for internal use across departments
• Strong analytical skills and attention to detail, with the ability to work independently and manage competing priorities
• Comfortable interacting with both technical and non-technical stakeholders; able to translate complex privacy concepts into practical guidance
• Proactive, self-starter mindset with a high degree of accountability and adaptability in a fast-paced, lean team environment
• Exceptional communication skills in English (written and verbal)
Required Experience
• See Qualifications section
• Experience with privacy and risk management tools (Skills in OneTrust beneficial)
• at least 2 3 years of practical experience related to GDPR
While the job description describes what is anticipated as the requirements of the position, the job requirements are subject to change based upon any changing needs and requirements of the business.
This position is located at Business Centre "Labirint" 5th Floor Liulin 10 District, Sofia, Sofia. View the Google Map in full screen.