Data Compliance Specialist

About Marshmallow

We build financial products that accelerate the economic freedom for people who move across borders. We started with car insurance — insuring over a million drivers — and we’re scaling beyond. Tens of millions of people move countries each year, facing overlooked financial challenges. Our future is in building financial products around their needs to positively impact their lives.

How we work

We’re really proud of the culture we’ve created. We push for progress every day, because we know that we’ll only hit big milestones by taking lots of smaller steps. We’re always open to helping our team mates, sharing our ideas, experience and knowledge to solve problems together. We take risks, think creatively and experiment relentlessly to meet our customer’s needs, and never pass blame when things go wrong. We encourage people at all levels to take ownership of their work, and to be bold in challenging how we do things. Everyone has a voice and the opportunity to make an impact.
And autonomy and ownership are only possible with clear direction. That’s why we collaborate to do in-depth planning twice a year, and make sure we leave with clear goals and objectives that flow from top to bottom. To make sure we’re as aligned as possible across functions, most of our work rolls up into three tribes; Acquisition, Retention & Claims. Each tribe has multiple teams embedded in it, working cross-functionally to do great work.
We’re so excited for all of the challenges up ahead, and we need more people to help us tackle them! If life at Marshmallow sounds like it could be for you, explore our Culture Handbook to find out more.

We’re looking for a Data Compliance Specialist to strengthen our approach to privacy across the Marshmallow group. You’ll help ensure we meet our obligations under data laws, regulations and associated guidance and best practice, including UK GDPR and the DPA, while working closely with teams to support product development and business change in a privacy-conscious way.

If you’re passionate about data, privacy, thrive in fast-paced environments, and want to work somewhere that’s genuinely mission-led — this could be your next move.

What you’ll be doing:

• Supporting the DPO in maintaining and enhancing our group-wide data protection programme.

• Advising on DSARs. DPIAs, data sharing agreements, and data protection clauses in commercial contracts.

• Helping teams across Tech, Product and Marketing implement privacy by design and default.

• Owning our Record of Processing Activities (RoPA) and SARs and data incidents.

• Monitoring compliance with relevant data protection laws and supporting internal audits.

• Supporting training and awareness across the company — making privacy approachable and practical.

• Owning the relationship and any interactions with the ICO

Who you’ll work with:

• You’ll sit in our Legal, Risk & Compliance function and report to the General Counsel (GC) who is the DPO

• You’ll collaborate daily with the GC and as required the legal, compliance, risk and Information Security teams.

• You’ll also be a go-to advisor for Product Managers, Engineers and the Marketing team on privacy matters.

What we’re looking for:

• Proven strong understanding and experience of UK data protection law and regulations and how to apply it in a commercial context.

• Experience in a privacy or data protection role, ideally within a tech or financial services firm.

• Someone who enjoys problem-solving and isn’t afraid to ask “why?”

• An excellent communicator — able to explain privacy risks in plain English.

• CIPP/E or similar qualification is a nice-to-have, but not essential.

Perks of the job

• Flexible working - Spend 2-3 days per week with your team in our new collaborative London office

• Competitive bonus scheme - designed to reward and recognise high performance 🌟

• Flexible benefits budget - £50 per month to spend on a Ben Mastercard meaning you get your own benefits budget to spend on things you want. Whether that’s subscriptions, night classes (puppy yoga, anyone?), the big shop or a forest of houseplants. Pretty much anything goes 💰

• Sabbatical Leave - Get a 4-week fully paid sabbatical after being with us for 4 years 🏝️

• Work From Anywhere - 4 weeks work from anywhere to use, with no need to come to the office 🛫

• Mental wellbeing support – Access therapy and mental health sessions through Oliva 💚

• Learning and development – Personal budgets for books and training courses to help you grow in your role. Plus 2 days a year - on us! - to further your skillset 🤓

• Private health care - Enjoy all the benefits Vitality has to offer, including reduced gym memberships and discounts on smartwatches 🏥

• Medical cash plan - To help you with the costs of dental, optical and physio (plus more!)

• Tech scheme - Get the latest tech for less 🖥

Plus all the rest; 33 days holiday (including bank holidays), pension, cycle to work scheme, monthly team socials and company-wide socials every month!

Our Process

We break it up into a few stages:

• Initial call with Ali in Talent Acquisition (30-40 mins via zoom)

• A past experience interview, where you will discuss your technical experience in more detail with our CLRO (45 minutes)

• Presentation/task stage interview (60 mins - in person)

• A case study & culture Interview to check that your work style fits our processes and values with one of our SLT (60 mins)

Everyone belongs at Marshmallow

At Marshmallow, we want to hire people from all walks of life with the passion and skills needed to help us achieve our company mission. To do that, we're committed to hiring without judgement, prejudice or bias.

We encourage everyone to apply for our open roles. Gender identity, race, ethnicity, sexual orientation, age or background does not affect how we process job applications.

We're working hard to build an inclusive culture that empowers our people to do their best work, have fun and feel that they belong.

Recruitment privacy policy

We take privacy seriously here at Marshmallow. Our Recruitment privacy notice explains how we process and handle your personal data. To find out more please view it here.