Senior Data Protection Compliance Specialist
We’re on a mission to make migration easy.
We started building Marshmallow in 2017. Since then, we’ve grown from 3 to 700+ people, gained unicorn status, raised ~£140M over three funding rounds, turned profitable, insured millions of drivers and lent millions in car loans.
But we’re only just getting started. Our goal is to become one of the largest financial services providers in the world. Over the next 10 years we’ll grow exponentially, not only by scaling our existing products, but also by building new ones.
To achieve our goals we need incredibly ambitious, commercially driven people who never settle for ‘good enough’. Marshmallowers are hungry for autonomy and ownership, and would rather improve than coast. Everyone raises standards and has an impact, with a focus on collective success over self-interest.
We’ve created an environment where curious, tenacious people win and grow together. If that sounds motivating, this could be the place for you.
About the Role
We are looking for a skilled and experienced Senior Data Protection Compliance Specialist to strengthen our data protection function. Working closely with our designated Data Protection Officer (DPO) and wider Legal, Risk, Compliance and Technology teams, you will play a central role in driving and embedding a robust culture of data protection compliance across the organisation.
This is a senior hands-on role with significant scope and visibility. You will be a subject matter expert and trusted partner to the business — shaping policies, managing complex compliance workstreams, and supporting the DPO in meeting the organisation's obligations under UK GDPR and the Data Protection Act 2018. Whilst you will not hold the formal DPO designation, you will operate at a high level of autonomy and expertise.
London (hybrid, 3 days in office)
What you'll be doing
Data Protection Compliance:
Support and deputise for the DPO across day-to-day compliance activities, acting as a senior point of expertise for the business.
Lead the organisation's DPIA programme, conducting and reviewing assessments for new and changed processing activities and presenting outcomes to senior stakeholders.
Own and maintain the organisation's Record of Processing Activities (RoPA), ensuring accuracy, completeness, and regular review.
Manage the end-to-end handling of Data Subject Access Requests (DSARs) and other data subject rights requests, ensuring timely and legally compliant responses.
Lead on personal data breach management: triage, investigation, remediation tracking, and advising on ICO notification decisions in conjunction with the DPO.
Advise business functions on lawful bases for processing, consent management, data retention, and data minimisation.
Policy, Training & Governance:
Develop, maintain, and implement data protection policies, procedures, and guidance documents, keeping them current with legislative and regulatory changes.
Design and deliver engaging data protection training and awareness programmes for staff across all business areas, including tailored sessions for high-risk teams.
Support the embedding of privacy-by-design and privacy-by-default principles in new projects, products, and systems.
Third Parties & Transfers:
Review and negotiate data processing agreements (DPAs) and data sharing agreements, working closely with Legal and Procurement colleagues.
Advise on international data transfer mechanisms including IDTAs, Transfer Risk Assessments (TRAs), and Binding Corporate Rules.
Manage the organisation's supplier due diligence process from a data protection perspective.
Monitoring & Horizon Scanning:
Monitor the regulatory landscape, including ICO guidance, enforcement action, and relevant case law, and translate developments into actionable organisational recommendations.
Assist in preparing for and managing ICO audits, investigations, or engagement as required.
Your Expertise
Essential:
Substantial experience (typically 5+ years) in a data protection compliance role, with a track record of managing complex workstreams independently.
Expert knowledge of UK GDPR, the Data Protection Act 2018, and PECR, and their practical application in a business context.
Hands-on experience conducting DPIAs, managing DSARs, and handling data breach responses.
Recognised data protection qualification such as CIPP/E, BCS Practitioner Certificate in Data Protection, or equivalent.
Strong communication and influencing skills - able to engage credibly with senior stakeholders and translate complex requirements clearly.
Ability to work with significant autonomy and manage competing priorities in a fast-paced environment.
Desirable:
Experience in financial services (ideally within a fintech startup or scaleup environment).
Familiarity with cyber security frameworks (e.g. ISO 27001, NCSC guidance) and their relationship to data protection.
Exposure to EU GDPR compliance and cross-border data flow requirements.
Experience providing data protection guidance on AI, machine learning, or emerging technology.
Perks & benefits
Bonus scheme designed to reward high performance
Private medical insurance with Vitality, mental health support with Oliva
Personal learning budget and 2 dedicated L&D days a year
Monthly flexible benefits budget to spend as you choose
25 days holiday plus bank holidays
4 weeks Work From Anywhere per year
We are not in a position to offer sponsorship and/or a visa for this position.
Our process
Here's what to expect:
Intro call with our Talent team (30 mins)
Skills and experience interview with the hiring manager (1 hour)
Task-based interview (1 hour)
Values and ways of working interview (1 hour)
We review every application and will always let you know the outcome - though we're unable to provide individual feedback at application stage.
Diversity of thought
We know the best ideas come from having different perspectives in the room - and we're committed to hiring fairly, regardless of background, identity or experience. If you see yourself in this role, we'd encourage you to apply.
Recommended Jobs
EYFS SEN Teaching Assistant - Primary School in Hounslow...
Location: Hounslow, West London Contract: Full-time, Term Time Only Start Date: ASAP Salary: Competitive An inclusive primary school in Hounslow is seeking a dedicated EYFS SEN Tea…
Project Manager
Project Manager Kilnbridge Multiple Locations - Nationwide Site Based / HQ About Kilnbridge Kilnbridge is the UK’s leading structures specialist, delivering some of the country’s most …
Family Liaison Officer | Inclusive Secondary School |...
Position: Family Liaison Officer Location: Lambeth Contract: Full-Time Start Date: September Family Liaison Officer Role in an Inclusive Secondary School A caring and community-f…
Head of Social Growth
Head of Social Growth Location: London About Wonder Studios Wonder Studios is an AI-native film and content studio building an entertainment business for the AI era. Founded by award-winnin…
Accountant
Requisition ID: 99930 Job Category: Finance Location: London, London, United Kingdom Join a company that is passionately committed to the pursuit of a better world through positive chang…
History Teacher - Richmond
An exciting opportunity is available for a History Teacher to join a prestigious, "Outstanding" independent school in Richmond . This is a full-time, permanent position within a high-achieving a…
Receptionist - High-Performing Secondary School - Bromley
Receptionist – High-Performing Secondary School – Bromley Start Date: As soon as possible Contract: Full-time, Permanent Salary: Paid to scale We are looking to appoint a professional …
Inbound Customer Service Advisors
Role Overview Advisors will be working within our Bureau team. This is a seven day a week inbound call handling desk where advisors work as part of a rota system to handle client telephone calls. Bur…
Trainee Estate Agent West London
Are you great with people? Do you enjoy building relationships and have the ambition to grow your career? If so, we want you to join our team! Whether or not you have property experience, we’re looki…