Compliance Manager - Third Party Management

Madrid

EUR 50.000 - 70.000

Your Growth

You will be part of McKinsey’s Ethics and Compliance (E&C) function, based in one of our core hubs in Europe.

The E&C function’s mission is to manage risks to our firm, clients, and people, while enabling client impact and innovation. It is a globally integrated team within the second line of defense. Our program ensures misconduct is not tolerated through policies, procedures, training, monitoring, and consequence management, integrated into our operations.

This role works within the Privacy Compliance team, responsible for maintaining McKinsey’s Data Privacy Management Program alongside the Privacy Legal team.

You will report to the Director of Compliance – Privacy.

Your Impact

Your primary responsibility will be managing our third-party privacy management program. You will collaborate closely with the Director of Compliance – Privacy, Cybersecurity, Procurement, and Legal to enhance and maintain an efficient approach to third-party reviews from a privacy compliance perspective.

You will provide updates and seek input from the Director on milestones, challenges, and decisions to align with Ethics & Compliance priorities. You may also manage other team members.

Key responsibilities include:

• Policy and Procedure Management: Review and update policies to reflect current processes and compliance requirements.
• Framework Development: Drive the firm’s approach to managing global regulatory obligations systematically and efficiently.
• Enhancement Plans: Develop plans for third-party management, including awareness campaigns, controls, monitoring, and escalation processes.
• Compliance Reporting: Prepare and deliver reports on privacy risks and remediation plans for leadership.
• Due Diligence Execution: Conduct and improve third-party privacy risk reviews and fulfillments.
• Vendor Management: Collaborate with third parties to review privacy compliance and mitigate risks.
• Contract Management: Work with Legal to update privacy requirements in contracts.
• Training Development: Create and deliver privacy compliance training.
• Control Monitoring: Review and update management controls and monitor adherence.
• Reporting: Provide regular updates to leadership on initiatives and compliance status.
• Problem Solving: Resolve issues proactively and escalate when necessary.
• Primary Contact: Serve as the main contact for privacy compliance questions.
• Independent Management: Manage tasks proactively, consulting with leaders on complex issues.
• Partnership Development: Collaborate with Legal and Risk functions to understand legal obligations.
• Strategy Initiatives: Participate in privacy strategy development and KPI execution.
• Support: Assist with other privacy-related matters as needed.

You will contribute to the broader E&C function, engage in region-specific initiatives, and collaborate across functions to uphold our integrity and lawful practices.

Your qualifications and skills

• Bachelor's degree required; advanced degrees or certifications (e.g., JD, CPA) preferred.
• At least 5 years of experience in data privacy, with knowledge of global privacy laws.
• Privacy certifications such as CIPP, CIPM, CIPT are a plus.
• Over 3 years’ experience in strategy, management consulting, or similar roles with project management skills.
• Ability to learn local legal differences across countries.
• Entrepreneurial mindset to resolve ambiguous problems.
• Excellent communication skills in English, adaptable for different audiences.
• Ability to build trust-based relationships and influence stakeholders.
• Strong organizational and project management skills.
• Discretion in handling confidential information.
• Fosters an inclusive and collaborative environment.
• Passion for people development and leading global teams.
• Experience with tools like OneTrust or Auditboard is a plus.