Description
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Specialist, Legal Services Specialist, Legal Services - Privacy and Data Protection ServicesThe GBSC (Global Business Services Center) is the shared services organization for Mastercard. Consistent with the One LFI model, GBSC is partnering with the Law, Franchise and Integrity team to build a legal shared services function. The GBSC team is predominantly co-located in a collaborative working environment in the heart of the Mastercard Technology Operations headquartered in St. Louis, MO. Select regional hubs exist to provide additional scale and agility. The GBSC provides services to all regions and all business units spanning 50 countries.
The Specialist, Legal Services - Privacy and Data Protection Services will be part of a team of privacy legal specialists within the broader GBSC Legal Services team. This position will support Mastercard's integrated approach to privacy and data protection and be accountable for Mastercard is responsible for global operational execution, governance, and reporting of Data Subject Access Requests (DSARs) across Mastercard's consumer, employee, and acquired‑entity landscape. This role acts as a trusted operational lead partnering with Privacy Counsel, Product, Risk, and Audit teams to ensure DSARs are handled accurately, on time, and in a manner defensible to regulators and auditors.
The role operates with high autonomy, manages complex and escalated requests, and drives operational consistency and control across regions and request channels.
• Does the pursuit of excellence appeal to you?
• Are you committed to customer service?
• Do you enjoy solving legal and business problems?
• Are you passionate about identifying and implementing process improvements?
If so, keep reading as this might be the perfect role for you.
Key Responsibilities
DSAR Operational Oversight
Manage end‑to‑end processing of consumer, employee, candidate, and Attorney‑on‑Behalf (AOB) DSARs across all intake channels (MyData, Privacy mailbox, AOB portal).
Handle complex, repeat, or escalated DSARs, including complaint‑based and regulator‑sensitive cases.
Ensure consistent application of:
Global DSAR standards and procedures
Regional regulatory requirements (e.g., GDPR, CCPA/CPRA, LGPD)
Governance, Metrics & Reporting
Own preparation and validation of quarterly and ad‑hoc DSAR metrics for leadership, Privacy, Risk, and Audit stakeholders.
Reconcile DSAR data across MyData, Tableau dashboards, and manual trackers, ensuring accuracy and traceability.
Monitor SLA adherence and proactively flag trends, outliers, or emerging compliance risks.
Audit & Risk Support
Serve as the primary operational contact for DSAR‑related audits, risk reviews, and compliance assessments.
Provide documented evidence, process explanations, and operational artifacts to support audit and regulatory inquiries.
Track and support closure of DSAR‑related audit observations and remediation actions.
Process & Documentation Management
Maintain and continuously improve:
DSAR operational procedures
Product‑specific DSAR playbooks
Knowledge‑transfer and handover documentation
Identify operational gaps and propose process efficiency and control improvements.
Cross‑Functional Collaboration
Partner closely with:
Privacy & Data Protection Counsel
Product and Platform teams
Risk Management and Internal Audit
Translate privacy policy and legal guidance into clear, executable operational steps.
Required Qualifications
3–5 years of experience in privacy operations, regulatory compliance, data protection operations, or legal operations.
Direct hands‑on experience managing DSARs or equivalent regulatory request workflows.
Strong experience preparing metrics, dashboards, and audit‑ready documentation.
Proven ability to manage multiple stakeholders across Legal, Product, Risk, and Operations.
Excellent written communication skills with the ability to explain complex processes clearly.
Preferred Qualifications
Experience supporting DSARs at global scale or across multiple legal jurisdictions.
Familiarity with DSAR tooling and platforms (e.g., MyData, AOB workflows, trackers).
Prior experience supporting internal or external audits in a privacy or compliance context.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Apply on company website
Find Connections via Linkedin
