Data Protection Manager

Data Protection & Compliance Manager | GDPR, PECR & Privacy Frameworks | Greenfield FinTech Build | US + EU Data Strategy

• UK-Remote - (optional London office)
• £60k-£75k + Bonus

This is an opportunity to join the technology and product team of a globally trusted media brand that has recently expanded into the financial comparison space (think CompareTheMarket or MoneySupermarket ). The platform is live and growing quickly , particularly across the US market.

What the organisation doesn’t yet have is a formal Privacy & Data Protection function . This role exists to establish and lead that function — setting standards, defining frameworks, and building a scalable approach across multiple regions.

You’ll work closely with Product, Engineering and Marketing to ensure the platform’s data practices are compliant, transparent and grounded in practical, real-world execution.

The Role

You’ll be responsible for designing and running the Privacy & Data Protection framework across multiple international markets, with a heavier operational focus on US data regulation and consent management , while maintaining appropriate GDPR/PECR compliance across the UK & EU markets.

Your day-to-day will involve:

• Design, implement and own the Data Protection & Privacy Framework (policies, workflows, governance, reporting).
• Lead and manage DPIAs, DSARs, incident triage, data mapping, and processor/vendor reviews end-to-end.
• Audit and document data flows across product, marketing automation, analytics, tracking and ad-tech.
• Review and optimise cookie/consent behaviour , including identifying 1st/3rd party trackers and regional consent logic differences.
• Maintain and improve privacy tooling (e.g., OneTrust or similar CMP).
• Ensure compliance with:
• GDPR & PECR obligations (e.g., unsubscribe/opt-out hygiene, Article 30).
• US State-level legislation (e.g., CCPA/CPRA) — especially UI/consent design exceptions.
• ASA / CMA requirements for advertising fairness and price transparency.
• Partner cross-functionally to embed privacy-by-design in new products and features.
• Train teams and act as the primary internal point of contact for privacy matters.
• You will initially operate as the function , with the autonomy to shape and mature it over time.

What They’re Looking For (Non-Negotiables)

• Proven experience in a Data Protection / Privacy Management role within a digital, product-led or data-driven organisation.
• Hands-on ownership of DPIAs, DSARs, incident response and privacy workflow design.
• Demonstrated experience building or establishing privacy frameworks (not just “supporting” them).
• Ability to interpret legislation, assess practical implications, prioritise risks, and implement real changes .
• Comfortable working with cookie & tracking behaviour , consent logic and data flow mapping.

Nice to Haves

• Experience in comparison, fintech, or other high-traffic / data-rich environments.
• Exposure to ISO 27001 / SOC 2 frameworks.
• Experience supporting or working alongside security or DevOps teams.

Why Join / Projects

• Greenfield ownership: You are defining the privacy foundation, not inheriting one.
• Work directly with senior leadership and have real influence on product direction.
• A modern, practical approach to compliance (no checkbox theatre).
• A genuinely collaborative environment that values clarity, autonomy and progress.

Employee Benefits

• 10% performance bonus
• 100% remote (UK-based) – optional London office
• Private health cover
• Unlimited holiday
• Generous corporate benefits package

Data Protection & Compliance Manager | GDPR, PECR & Privacy Frameworks | Greenfield FinTech Build | US + EU Data Strategy