Expert - Privacy Engineering (m/f/d)
MU
130 years of trust. One team shaping what's next. Allianz Group is one of the world's leading insurers and asset managers - built on over a century of stability, expertise, and financial strength. Allianz Services is where that legacy meets the future. 8,500+ people. Twelve countries. Four continents. We deliver specialized services to clients within Allianz Group, powered by AI, advanced analytics, and a mindset that refuses to stand still. From core insurance operations to engineering and consulting services, we reimagine how insurance works. What truly sets us apart are our people and the trusted partnerships we build, anchored in our values of expertise, integrity, and empowerment. We don't support the business. We shape it.
Are you passionate about Privacy and Data Protection? Do you thrive in a global environment and enjoy turning legal and policy requirements into practical technical solutions? We are looking for a dedicated professional to join our Privacy Team, supporting Privacy by Design and Default across systems, applications, and business processes.
In this role, you will contribute to privacy engineering standards and scalable compliance frameworks, promoting a strong privacy culture within Allianz. If you have a proactive mindset, technical expertise, and a passion for privacy, we would love to hear from you!
What You Do:
- Provide technical privacy support across strategic and operational activities, translating legal and policy requirements into practical technical measures across systems, applications, platforms and business processes
- Support Privacy by Design and by Default implementation across the full lifecycle of processing activities, including project initiation, architecture and design reviews, procurement, development, testing, deployment, maintenance, change management and legacy system remediation
- Bring a technical lens to PIAs/DPIAs and privacy risk assessments by analysing system design, data flows, default settings, access models, retention logic, deletion mechanisms, and technical safeguards, while supporting the operationalization of privacy requirements through internal privacy platforms and governance workflows
- Be a strategic advisor and work closely with Engineering, Enterprise Architecture, Information Security, Cyber, Data, AI and business teams to embed privacy requirements into the SDLC / DevSecOps lifecycle, including privacy requirements in design gates, reusable control patterns, technical acceptance criteria and remediation plans
- Assess the adequacy of technical and organisational measures protecting personal data, including areas such as access control, IAM, encryption, pseudonymisation, anonymisation, logging, retention, deletion, data minimisation, segregation, secure configuration and monitoring
- Support the DPO in personal data breach management by analysing incidents from a privacy perspective, assessing the nature of affected data and systems, evaluating likely impacts on individuals’ rights and freedoms, helping determine notification implications, and recommending containment, remediation and control improvements in coordination with IT Security and Cyber teams
- Review third-party solutions, off-the-shelf software, cloud services and other technology-enabled processing activities from a technical privacy standpoint, ensuring that configurable features, data flows and default settings align with applicable laws, internal privacy requirements and intended purposes
- Contribute to the design and maintenance of privacy engineering standards, implementation guidance, technical control libraries, retention and deletion models, default-setting baselines and privacy test cases to support consistent and scalable privacy compliance across the organisation
- Help define and track privacy engineering evidence, metrics and remediation actions, ensuring that technical safeguards remain effective over time and that the organisation can demonstrate accountability for the measures implemented
- Promote a strong privacy engineering culture through practical guidance, targeted awareness sessions and collaboration with stakeholders, helping both technical and non-technical teams operationalise privacy requirements in a proportionate and solution-oriented manner
What You Bring:
- A bachelor’s degree in Computer Science, Information Security, Cybersecurity, Software Engineering, Artificial Intelligence or a related technical field is essential
- Professional certifications are preferred rather than mandatory. Particularly relevant certifications may include CIPT, CDPSE, AIGP, CISM, CISA, ISO 27001, CISSP, cloud security certifications, OneTrust certification, or other technical privacy, security or AI governance credentials
- Between 2 and 5 years of experience in a technical role such as software engineering, security engineering, cloud security, architecture, cyber, data engineering or privacy engineering
- Fluency in written and spoken English is mandatory. French and/or German would be a strong advantage
Key Requirements:
- Strong understanding of systems, applications, APIs, infrastructure and data flows, with the ability to analyse technical designs and translate them into privacy risks, safeguards and implementation requirements
- Good knowledge of technical and security concepts relevant to privacy, including secure design, IAM, encryption, pseudonymisation, anonymisation, logging, retention, deletion, access control, cloud environments, incident concepts and control validation
- Practical experience in supporting architecture reviews, SDLC / DevSecOps processes, technical assessments, control design and cross-functional remediation planning
- Understanding of, or willingness to work with, global privacy requirements and recognised governance frameworks such as GDPR, international privacy laws, Allianz Privacy Standard, ISO 27001 / 27701, the NIST Privacy Framework and secure development practices
- Experience or familiarity with privacy-relevant tools and domains such as OneTrust, data discovery or mapping tools, cloud platforms, IAM solutions, logging environments and workflow automation would be an advantage
- Ability to support personal data breach assessments by interpreting technical facts, distinguishing security events from privacy impact, and contributing to structured and defensible risk assessments for affected individuals
- Strong analytical and communication skills, with the ability to turn technical and regulatory complexity into clear, actionable advice for legal, technical, business and executive stakeholders
- Ability to work effectively across multicultural and cross-functional environments, with strong collaboration, influencing and stakeholder-management skills
- Proactive, structured and solution-driven mindset, with a strong sense of accountability, confidentiality and professional integrity
- Coding, scripting or automation capability would be an advantage, particularly where it supports control
99881 | Legal & Compliance | Professional | Non-Executive | Allianz Services | Full-Time | Permanent
Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges is what makes us a unique employer.
We are united by a shared commitment: to put our customers first and at the center of everything we do. Their needs inspire our thinking and guide our actions.
Together, we can build an environment where everyone feels empowered and confident to explore, grow and shape a better future – for our customers and for the world around us. At Allianz, we stand for unity: we believe that a united world is a more prosperous world, and we are dedicated to consistently advocating for equal opportunities for all. The foundation for this is our inclusive workplace, where people and performance both matter, and where integrity, fairness, inclusion and trust are at the heart of our culture.
We therefore welcome applications regardless of ethnicity or cultural Internal background, age, gender, nationality, religion, social class, disability or sexual orientation, or any other characteristics protected under applicable local laws and regulations.
Join us. Let's care for tomorrow.