Senior Counsel - Privacy, AI and Data Responsibility

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build asustainableeconomy where everyone can prosper. We support a wide range of digital payments choices, making transactionssecure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Senior Counsel - Privacy, AI and Data Responsibility Overview

Mastercard is committed to balancing innovation while protecting individual privacy and has embraced privacy and data protection as core to the successful execution of its business strategy. As part of that commitment Mastercard has established a world-class privacy program and is currently adding talent to its global team.

The Senior Counsel - Senior Counsel - Privacy, AI and Data Responsibility will support both the strategy and the daily operations of the Europe Data Protection Office (“DPO Office”) and Privacy, AI and Data Responsibility team. The position will report to the Head of the DPO Office, will be a member of the Privacy, AI and Data Responsibility team as well as a member of the Law department team.

Role
The Senior Counsel - Privacy, AI and Data Responsibility will be part of the DPO Office and ensure privacy compliance is built into Mastercard data-driven products. The position requires the ability to understand new and complex data-related and privacy & data protection laws as well as new technologies, oversight the handling of privacy rights and assess end-to-end consent management requirements (e.g. identity management, data sharing regulations, open banking, etc.). This role will be responsible for enabling consumer transparency and control related to individual’s rights beyond GDPR globally. The Senior Counsel must have excellent understanding of individual rights, data portability and consent requirements, whilst having a process driven attitude and ease to communicate with stakeholders globally written and verbally both internally and externally.

Activities include:
• Ensure that Mastercard complies with all global, regional and local privacy and data related laws – including the EEA GDPR, UK Data Protection Act, EDPB recommendations and related jurisprudence, as well as EEA and UK Mastercard’s Binding Corporate Rules (“BCRs”).
• Develop and refine Mastercard requirements and needs across the organization for consumer transparency, privacy rights and consent management, taking into account product, platform and regulatory needs in key geographies
• Advise on and identify legal, business and technical infrastructure requirements and controls to enable privacy compliance; work with legal, business, technical teams as well as coordinate with external counsel to ensure implementation and timely compliance
• Work internally and externally with associations and working groups to socialize the product capabilities being developed to ensure product capabilities resonate with the market, are clear and understandable to the consumer and meet the needs and requirements of potential customers
• Help manage the day-to-day operations of the Global Privacy Program and DPO Office, and ensure individuals’ and regulators’ privacy expectations are met, in particular, by managing global data subject requests and complaints.
• Advise on and identify legal, business and technical infrastructure requirements and controls to enable privacy compliance; work with legal, business, technical teams as well as coordinate with external counsel to ensure implementation and timely compliance
• Management and assist with communications with data subjects, regulators, customers, partners and vendors to explain Mastercard’s approach to privacy rights and consent management and ensure compliance with global privacy and data protection laws
• Assist the team to conduct data protection impact assessments where required, and to identify and implement privacy controls and safeguards to remediate risks
• Support the DPO office in handling government data requests and personal data breach assessments and notifications
• Assist the Global Privacy compliance team in their maintenance and oversight of policies, procedures, wordings and notices in accordance with legal, compliance and regulatory requirements.
• Coordinate and enable compliance assurance and monitoring activities, including reporting and analytics pertaining to data-related and privacy and data protection laws
• Engage with the organization to assist in training employees on privacy and data protection requirements and raise employee awareness about privacy and data protection developments.

All About You

• Law degree required; specialization in privacy
• Membership to a Bar (if permitted by law)
• Additional qualifications e.g. Master of Laws degree, IT certifications, CIPM, CIPP/US, CIPP/E, considered as an asset
• Experience, and track record dealing with international privacy laws including the GDPR, CCPA, and other regulatory frameworks
• Expertise in handling data subjects’ requests and complaints
• Relevant experience in identity management, digital identity, open banking, or payments industry a plus

The ideal candidate for this position should have:

• Legal and analytical mindset
• Pro-active approach and solution driven attitude to privacy compliance to problem-solving; ability to operationalize privacy requirements in a practical manner
• Understanding of complex data systems in order to identify data compliance requirements including Ability to familiarize with new privacy and data driven laws and requirements quickly
• Experience with and excellent understanding of individuals’ data privacy rights and expectations
• Ability to collaborate with various types of stakeholders (business, lawyers, third parties such as customers and vendors and regulators)
• Superior time management, planning, and organizational skills
• Aptitude to design and help implement privacy and data driven controls, and ability to quickly get familiar with new tools (Archer, Open Pages, OneTrust)
• Familiarity with technical documentation and capacity to develop functional requirements from new business ideas and emerging legal concepts
• Exceptional interpersonal skills with proven experience in relationship building and partnering. Must work well in both team and individual settings
• Familiarity with the financial services industry and identity management industry, a plus
• Ability to motivate and influence other professionals

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.