Legal Specialist - Privacy and Data Protection

Specialist, Legal Services

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Specialist, Legal ServicesSpecialist, Legal Services - Privacy and Data Protection

The Global Business Solutions Center’s (GBSC) mission is to be the partner of choice with stakeholders across Mastercard, enabling business operations efficiency, productivity, and growth. With over 1,100 professionals delivering more than 200 solutions across 10 locations, the GBSC is a powerhouse of innovation and strategic partnerships that combines operational excellence with a vision of what’s next.

The Specialist, Legal Services – Privacy and Data Protection will be part of a team of privacy legal specialists within the broader GBSC Legal Services organization. This role supports Mastercard’s integrated, global approach to privacy and data protection laws, risk standards and is accountable for the end-to-end review and negotiation of data protection terms in services agreements and standalone data protection agreements.

The position plays a critical role in enabling compliant, customer focused, and efficient business outcomes while supporting Mastercard’s data driven products and services.

The position will be based in Mastercard’s office in Pune, Maharashtra.

Are you someone who:
• Strives for excellence in everything you do?
• Is deeply committed to customer service and stakeholder partnership?
• Enjoys solving complex legal and business problems?
• Is passionate about identifying and implementing process improvements?

If so, this role may be an excellent fit, and you can continue reading.
________________________________________
Role & Responsibilities

In this role, you will:
• Develop and apply a strong understanding of global privacy and data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), translating legal requirements into practical business and data solutions.
• Review, negotiate, and advise on data protection terms in services agreements and standalone data protection agreements with vendors, and other third parties to enable business operations and continuity.
• Ensure all data protection agreements are prepared, revised, and executed in close collaboration with business, product engineers and product privacy counsel, and in accordance with approved policies, standards, and negotiation playbooks.
• Support transition process from product privacy counsel or privacy SME ensuring product requirement, risk mitigation and data privacy regulatory consideration are properly implemented as advised by product privacy counsel.
• Identify and escalate privacy risks, deviations, or non‑standard positions in line with established escalation paths.
• Document negotiation outcomes, rationale, and approvals to support audit and governance requirements.
• Deliver exceptional customer service in line with GBSC standards, including quality, responsiveness, resolution timelines, and adherence to defined Service Level Objectives (SLOs).
• Contribute to continuous improvement initiatives by identifying opportunities to enhance efficiency, consistency, and scalability in privacy legal support.
________________________________________
All About You

Education & Certifications

• Must possess a 3‑year LL.B. (after completing a bachelor’s degree), or 5‑year integrated LL.B. from a recognized University in India, admitted to practice in the hiring location and in good standing.
• CIPP/E, CIPP/US, or other IAPP certifications are strongly preferred.

Experience & Knowledge

• Prior experience in global privacy and data protection law is a must have.
• Familiarity with U.S., European, Middle East, Africa, and/or Asia Pacific privacy laws is highly desirable.
• Knowledge of the financial services, payment processing industry or technology, product development, cybersecurity, identity, or fraud-related domains is an advantage.
• Experience of minimum 3-5 years in contract review and negotiation and managing complex stakeholder interactions.
Skills & Competencies
• Advanced negotiation skills with ability to independently support complex negotiations, along with sound judgment on when to escalate issues versus exercising independent discretion.
• Practical, solution-oriented approach to privacy risk management.
• Strong time management and organizational skills, with the ability to manage workloads of varying priority and complexity.
• Excellent legal and business acumen, including strong analytical, problem solving, and attention to detail skills.
• Ability to work independently and collaborate effectively with diverse stakeholders, including business partners, legal colleagues, and third-party vendors.
• Positive, energetic leadership mindset with a focus on efficiency, collaboration, and team success.
• Excellent written and verbal communication skills, with a demonstrated ability to clearly explain legal concepts and negotiate contract terms.
• Proven commitment to a customer focused service orientation.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Experience Level

Mid Level