Senior Compliance & Privacy Counsel (GRC)

Are you experienced in navigating complex privacy and compliance topics in an international environment? Do you enjoy combining legal expertise with technology, information security, and strategic stakeholder collaboration? If so, we’d love to welcome you as our new: Senior Compliance & Privacy Counsel (GRC)

Department: Security, Risk & Compliance (GRC)
Location: Sofia, Bulgaria
Travel: Regular business travel to Germany (approx. once per quarter)
Reporting Line: Direct report to the Global Chief Compliance Officer / Global Head of GRC
Team Size: Part of an international GRC team of approx. 10 professionals
Seniority Level: Senior

THE BLUEPRINT:

We are looking for an experienced Senior Compliance & Privacy Counsel to strengthen our global Governance, Risk & Compliance (GRC) function. The role combines data protection and privacy law with broader compliance and information security–related legal topics in a highly international environment.

The position is based in Sofia and requires very close, continuous collaboration with the headquarters in Germany, as well as interaction with global stakeholders across Europe, the US, and Asia.

Please note: The role is strictly focused on Data Privacy and Compliance. General corporate legal matters are handled by a separate, dedicated Legal Department.

YOUR AREAS OF IMPACT:

Privacy Counsel (Primary Focus)

• Drive legal ownership and the continuous development of the global Data Protection Management System
• Provide legal support and guidance to the Global Data Protection Managers (non-legal roles)
• Coordinate closely with headquarters on privacy governance, escalation, and strategic alignment
• Advise stakeholders on global data protection requirements across multiple jurisdictions (EU, US, Asia, etc.)
• Assess privacy risks and define mitigation measures in cooperation with technical and organizational stakeholders

Compliance Counsel (Additional Focus)

• Advise on information security and technology-related regulatory requirements, including but not limited to NIS2, DORA, and related frameworks
• Maintain and further develop the legal and regulatory register
• Counsel senior management and business leaders on compliance-related legal obligations within the GRC scope
• Contribute to contract negotiations with large enterprise customers (occasionally), particularly on data protection and information security topics
• Act as a legal advisor to Sales and customer-facing teams on privacy and information security matters

General Compliance Responsibilities

• Handle general compliance inquiries within the defined scope
• Draft and review responses to compliance-related internal and external requests
• Contribute to the operation and ongoing development of the group compliance management system and compliance tools

YOU:

• Academic background: A degree in Law (LL.B. required; Master of Laws/LL.M. is a distinct advantage); Jurisdiction is open
• Experience: 10 years of professional experience in privacy, compliance, or regulatory legal roles, ideally in an international corporate environment
• Skill set: Strong expertise in data protection law and solid understanding of information security–related regulations
• Languages: Fluent German and English (C1 level or higher, negotiation-level proficiency)
• Work-style: Ability to work independently while collaborating closely with headquarters and senior stakeholders

WE:

• 280+ new teammates in Bulgaria in a casual setting promoting cooperation and work-life balance
• Flat hierarchies in a state-of-the-art tech setting, close mentorship and shadowing paced with your own professional agenda
• Hybrid working model, 25 days off (up to 30 days off after 5 yrs), Birthday leave, Christmas bonus, additional health and dental insurance, 3 additional self-care days off, food vouchers, sports plan, referral bonus, team events, corporate discounts, transport and Internet expenses covered, internal trainings, LinkedIn Learning access, professional conferences etc.