logo
See all jobs

Data Protection Manager

Permanent employee, Full-time · Poland - Warsaw - HQ
What we do?

Aion Bank is a fully regulated European bank and credit institution, combining Vodeno’s cutting-edge, private blockchain-based platform with its ECB banking license, strong balance sheet, and deep regulatory expertise. Our mission is to provide a comprehensive suite of embedded banking solutions, enabling businesses to seamlessly integrate financial services into their offerings.

As part of the UniCredit Group, Aion Bank and Vodeno will accelerate their digital banking offer in strategic markets and will act as a sandbox for innovation for the wider UniCredit Group. Aion Bank and Vodeno's existing Banking-as-a-Service (BaaS) offering across key European markets, including Germany and Poland, will see the bank embed its services - ranging from account access and deposits to lending, payments and loyalty programs - directly into non-banking digital platforms, facilitating seamless customer experiences.

At Aion Bank, our biggest strength is our people—a team of highly intelligent, creative, and ambitious professionals who thrive in a fast-paced, innovative environment. We believe in delivering results while fostering a culture of passion and collaboration.

We are currently looking for a Data Protection Manager ready to join our adventure, share our ambition and help shape the future of digital banking.
What you will be doing?

We are looking for Data Protection Manager who will act as the 1st Line of Defence (1LoD) operational manager and data protection policy owner for both UniCredit NV and Vodeno. 
This is an end-to-end responsibility, working closely with Data Governance, IT teams, Product Teams and managing our external privacy partner. 
You will act as the internal project manager and enforcer, leveraging external partner support to handle the heavy-lifting of standard controller tasks and documentation. 

Your core responsibilities will include:

  • Operational Ownership: Operationalize our control catalogue and enforce Group Data Processing Agreements (DPAs) across our core EU markets (Poland, Spain, Portugal, Germany, and Belgium).

  • GDPR Assurance & Documentation: Implement, execute, and enforce business compliance with GDPR, national laws, and internal policiesOwn the ROPA, ensuring valid legal bases (Art. 6) and localized retention periods (Tax, HR, Criminal) are strictly defined.

  • Third-Party Risk & Advisory: Verify vendor due diligence, ensure compliant DPAs, advise internal teams (IT, Product) on privacy requirements, and drive staff awareness training.

  • Current Compliance Projects:

    • Data Retention: Update and operationalize the "Guidelines - Data Retention Periods", specifically ensuring alignment with local laws (e.g., tax data, employment data, and criminal records).

    • Marketing Privacy: Prepare and get formal approvals for standalone Legitimate Interest Assessments (LIAs) for processing personal data for marketing purposes. Ensure marketing consent templates allow granular, per-channel choices.

    • Process Finalization: Update the Data Protection Process documentation to include required elements such as Transfer Impact Assessments (TIAs) and ROPA certification.

    • Data Subject Access Requests (DSARs) Management: Oversee the end-to-end DSAR lifecycle (e.g., right to access, right to erasure). Coordinate actively with IT and business units to ensure the accurate retrieval, review, and deletion of personal data across all systems within strict regulatory SLAs

  • Incident Response & Security Operations: Execute Data Protection Impact Assessments (DPIAs), advise on cross-border data transfers, and coordinate data breach incident management. Implement 1LoD controls to prevent sensitive personal data from being stored in unauthorized locations and oversee clean-up efforts.

  • AI & New Technologies: Ensure that all Artificial Intelligence (AI) tools used within business processes are identified, assessed through a DPIA, and properly documented in the ROPA.

  • Strategic Collaboration: 

    • Work closely with the Data Architect Lead and Data Management Team to build out global data lifecycle and retention plans.

    • Collaborate with IT teams to activate and operationalize data privacy controls within the IT Service Management (ITSM) control matrix.

    • Collaborate with Product Teams to operationalize data privacy within business products. 

    • Champion and embed Privacy by Design principles directly into the Software Development Life Cycle (SDLC) and Agile workflows. 

    • Act as the primary First Line of Defence (1LoD) liaison to the official Data Protection Officer (2LoD). 

    • Direct and manage our external privacy agency to ensure they deliver high-quality controller documentation.

Skills you should have

  • Minimum 5 years experience required in Data Protection, Compliance, or Risk Management within the Financial Sector (banking/fintech).

  • Deep, practical expertise in GDPR, EU data protection law, and data subject laws. Specific knowledge of Polish data protection nuances (e.g., Electronic Communications Law, Criminal Record Act, and local retention limits) is highly preferred.

  • Hands-on Assessment Experience:  Proven experience in a First Line of Defence (1LoD) or senior privacy/DPM role. Proven capability in conducting specialized assessments, including Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and Transfer Impact Assessments (TIAs).

  • Technology & AI Privacy Risk: Experience evaluating new technologies, specifically AI tools within business processes, and establishing compensating controls within a Risk and Control Self-Assessment (RCSA) framework.

  • Data Governance & IT Operations Integration: Practical understanding of metadata, unstructured data cataloging, and implementing privacy controls directly into ticketing/ITSM systems.

  • Bachelor's Degree (Law, Compliance, Risk etc.).

  • Excellent communication skills. English fluency is mandatory.

  • Data privacy certifications (e.g., CIPP/E, CIPM) are a significant advantage.

  • Ability to leverage strong organizational and problem-solving skills to efficiently juggle complex tasks, meet critical deadlines, and anticipate challenges before they arise.

What we offer
You will get an opportunity to work in an innovative, digital bank applying state of the art approaches and technologies. 
Unless limited by banking regulations we offer a flexible form of contract.
You will be provided an Individual Development Budget, dedicated to enhancing your professional skills.
If your role permits, we also offer flexible work location: home/office —  according to your preference. 
You and your closest family will be covered with VIP-level private medical care which includes dental treatment and a hospitalisation package
We care for our colleagues’ well being, therefore we cover psychological consultations if you ever feel you need such support. 
Aion bank account without fee. 
We co-sponsor your Multisport card and cover 50% of its cost. 
You will work on computer equipment that delivers the best user experience — Apple MacBook
If you feel like working from the office, we have beautiful space available for you in Brussels and Warsaw. Each office is very nicely located with convenient commute options by public transport and by bike. Our office in Warsaw offers healthy snacks throughout the day. 
Our process
We keep our recruiting process simple. 
Step 1: Talk with one of our Recruiters about your to date experiences and ambitions
Step 2: Meet with your future Team Manager to deep dive on the role specifics and our work environment
Our note to you

Diverse teams really are the best teams. Research shows that some candidates may hesitate to apply for a job unless they meet every requirement. If you are excited about working with us, we encourage you to apply - even if you're not 100% sure. We are interested in getting to know you and learning about what you bring to the table.

Please note that we may close a job posting early if we receive a large number of exceptional applications.

Good luck!

Apply for this job
Apply for this job
We are looking forward to hearing from you!
Thank you for your interest in UniCredit. Please fill out the following short form. Should you have difficulties with the upload of your data, please send an email to recruiting@aion.eu
Data privacy statement
Uploading document. Please wait.
Please add all mandatory information with a * to send your application.