The opportunity

The Head of the Data Management Office leads the enterprise function that centralizes the implementation of GDPR compliance for Worldline. Positioned at the corporate level, the role maintains an end-to-end view of data processing across business units and geographies, enabling standardized controls, risk-based decision making, and clear escalation paths for complex compliance challenges.

The role works in close partnership with privacy specialists, legal counsel, security officers, and business risk managers. It also collaborates extensively with Product, Delivery, HR, Procurement, and client-facing teams to ensure that compliance strategies are both legally robust and operationally practical.

The Head of DMO reports to the Head of 1st Line Security Merchant Services and drives the offshore strategy for Global Competence Centers (GCCs), operationalizing data access controls and making risk-based decisions aligned with the organization’s risk appetite and applicable regulations.

Day-to-day responsibilities

• Conduct comprehensive risk evaluations focused on data access patterns, processing requirements, and the scope of work within Global Competence Centers (GCCs).
• Develop and recommend appropriate technical and organizational controls to address identified compliance gaps and data protection challenges to respective stakeholders in the EU and India.
• Maintain an enterprise-level, comprehensive view of data processing activities across business units and geographies.
• Continuously advise on emerging regulatory developments and assess their impact on GCC operations.
• Collaborate with cross-functional teams (data protection, legal, IT security, business risk, customer& regulator-facing teams ) to ensure strategies are legally sound and operationally viable.
• Provide expert guidance to business functions on optimal approaches for transitioning work to GCCs while maintaining compliance.

Who are we looking for

• 10+ years in data protection, privacy, and information security compliance, including 5+ years leading enterprise-level programs.
• Bachelor’s/Master’s in Computer Science, Information Security, Law, or related field.
• Proven track record designing and operationalizing GDPR / Regulatory compliance in complex, multinational environments (preferably payments/financial services).
• Hands-on experience with cross-border data processing and transfer mechanisms in collaboration with cross-functional teams in Europe and India. Understanding of SCCs, Schrems II implications, DTIA, vendor/outsourcing governance.
• Direct experience enabling Global Competence Centers or similar offshore/nearshore delivery models in alignment with EU regulatory requirements.
• Ability to author and defend risk-based decisions, risk acceptances/exceptions, and escalation paths aligned to a clearly defined risk appetite.
• Expertise in GDPR (Art. 5–32), ePrivacy, UK GDPR, and relevant EU guidance (EDPB, CNIL, etc.).
• Good understanding of European case law and regulator positions on remote data access, international data transfers to India, and pseudonymization.
• Good Knowledge of payment regulations (PCI DSS, PSD2, EBA Outsourcing, SOC 2), Information security standards like ISO27001, and offshore data protection laws (e.g., India’s DPDP Act, RBI rules), operationalized alongside GDPR in offshore operations.
• Exceptional communication skills to advise senior executives, negotiate with clients, and coordinate cross functional teams (Legal, Security, Product, HR, Procurement, Compliance & sales team).
• Experience interfacing with regulators and auditors; ability to prepare defensible documentation and audit evidence.
• Certifications considered a strong plus: IAPP CIPP/E (strongly preferred), CIPM or CIPT, and ISO/IEC 27001 Lead Implementer or Lead Auditor.

Perks & Benefits

• Hybrid Working Policy
• Gift vouchers on the occasion of Christmas/Easter Holidays
• Private medical services
• 21 vacation days/year
• Referral bonuses for new hires recommended by you
• WFH & Flexible Working Hours
• Full access to the “Learning” platform