Counsel – Privacy & Data Protection

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Mastercard’s global Commercial and New Payment Flows (CNPF) Privacy team is seeking a Privacy Counsel to support its money transfer solutions. These products enable fast, secure, and seamless domestic and cross border payments, helping individuals and businesses move funds efficiently across a wide range of use cases. The role provides hands on legal support to CNPF products and services, advising on privacy, AI, and data protection across the full product lifecycle. This includes contributing to the design and launch of new payment solutions, analysing data flows, tracking regulatory developments, and negotiating data protection terms in commercial agreements. The Counsel will help ensure that solutions align with global privacy, AI, and data governance requirements. The successful candidate will operate comfortably at both strategic and operational levels, offering clear, practical advice that supports innovation while managing risk. A strong understanding of digital payments, financial services technologies, and data driven systems is essential, along with experience embedding Privacy by Design into products and processes. Working closely with product, engineering, and business teams, the Counsel will play a key role in enabling innovation in domestic and cross border payments while maintaining a robust and scalable privacy framework. This position is based in London and reports to the Senior Managing Counsel, Privacy, AI & Data Responsibility, in Belgium.

Core Responsibilities

• Provide day to day privacy support to business teams, handling product queries and operational issues, and escalating complex matters where needed.
• Support the CNPF privacy team, including Move (Mastercard Send and Cross Border Services), by preparing guidance, assessments, and initial reviews for product initiatives and market expansion.
• Advise across the broader CNPF space (including B2B payments and SME solutions) on data use, AI enabled products, data flows, and controller/processor roles in multi party ecosystems.
• Embed Privacy by Design into the product lifecycle through initial impact assessments, risk screenings, and alignment with Mastercard’s privacy and AI governance frameworks.
• Assist with responses to government data requests, RFIs, and CDD inquiries by gathering inputs, preparing drafts, and ensuring compliance with internal and legal requirements.
• Support contracting by drafting and reviewing standard data protection terms, preparing for negotiations, and escalating higher risk issues.
• Monitor regulatory developments and contribute to legal scans, providing clear, practical summaries of key impacts.
• Help build privacy awareness across the business, including developing training materials and supporting capability building efforts.
• Collaborate across teams to ensure consistent application of privacy requirements and effective follow through on actions.

All About You

• Qualified lawyer with a strong academic foundation and solid legal training. Additional certifications (e.g., IAPP) are a plus.
• Keen interest in global data privacy developments and a working knowledge of privacy and data protection frameworks (e.g., GDPR; familiarity with others like CCPA is helpful but can be learned on the job) with some practical experience applying them, previous inhouse or technology/privacy exposure is beneficial.
• Familiarity with financial services, payments, or digital products is preferred, or a strong willingness to learn about these sectors.
• Experience with privacy platforms such as OneTrust is an advantage.
• Curiosity about digital technologies and an interest in how they intersect privacy and data governance.
• Proactive, practical, and eager to translate legal requirements into clear, usable guidance with support from senior team members.
• Strong verbal and written communication skills, with the ability to simplify complex information for non-legal audiences.
• Highly organized, detail-oriented, and able to manage multiple tasks in a fast-paced environment.
• Collaborative and team-oriented, with the ability to build positive working relationships across functions.
• Motivated to grow, take initiative, and further develop within the team.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.