Operational Compliance Specialist

At Certn, we’re changing how trust works with The World’s Easiest Background Check. We’ve raised $127M+, earned Deloitte Fast 50 recognition three years in a row, and we’re still only scratching the surface.

Our goal is straightforward: help people move faster - into jobs, homes, and opportunities - by simplifying the path to trust. We’re not a traditional background screening company.

We’re a team of curious, collaborative builders who care about solving real problems for real people. We challenge each other, move fast, and have fun doing it.

If you want to grow, make an impact, and help shape products used by millions, this is your place. Let’s build what’s next, together.

Reporting directly to Senior Counsel of Privacy, the Operational Compliance Specialist will play a key part in Certn’s privacy and EMEA compliance programs, by translating legal and regulatory requirements into reliable, repeatable operational processes. This role will focus on managing subprocessor compliance, data retention, client privacy communications, EMEA reporting obligations, and technical compliance. You will serve as a critical partner across the business, ensuring privacy-related processes are effectively implemented, maintained, and aligned with evolving regulatory requirements.

Technical Privacy Compliance

• Maintain the subprocessor register; manage the end-to-end process for reviewing, onboarding, and notifying clients of subprocessor changes in line with contractual and regulatory obligations.

• Administer data retention schedules - tracking retention periods by data category and jurisdiction, coordinating deletion and archiving activities, and maintaining supporting documentation.

• Support access control compliance, including maintaining records of data access permissions and assisting with periodic access reviews.

• Own the end-to-end Data Subject Access Request (DSAR) intake process ensuring accurate request tracking, seamless coordination across internal stakeholders, and timely fulfillment in compliance with regulatory requirements and response deadlines.

• Support the privacy office in monitoring and testing activities and audits, notably by ensuring proper documentation and tracking of the controls and related findings.

• Ensure that compliance documentation remains up-to-date and support the management and handling of any relevant registries of processing activities and risks assessments.

Client Privacy Communications

• Act as a first point of contact for client and applicant compliance queries relating to privacy and EMEA regulatory matters, triaging straightforward requests independently and escalating complex or legally sensitive issues to Senior Counsel as appropriate.

• Prepare and issue subprocessor update notices and other privacy-related client communications.

• Maintain client-specific compliance records relating to data processing agreements and privacy obligations.

EMEA Regulatory Operations

• Track EMEA jurisdiction-specific reporting requirements and filing deadlines; coordinate preparation in support of the Senior Counsel, Privacy and Senior Compliance Officer.

• Maintain the EMEA compliance calendar and assist with regulatory correspondence.

• Support credentialing and onboarding/offboarding compliance processes for EMEA clients and vendors.

• Apply a working knowledge of regulated criminal-record screening across the UK disclosure regimes (DBS, Disclosure Scotland, and AccessNI), including the distinct check levels available under each and the eligibility rules that govern which level a given role qualifies for.

• Understand Certn's obligations when acting as, or supporting clients who rely on, a registered body, umbrella body, or responsible organisation, including the duty to confirm role eligibility, verify applicant identity, and handle disclosure results in line with each agency's code of practice.

• Audit screening files for eligibility accuracy and procedural compliance, and prepare first-line responses to client and regulator inquiries about how a check was scoped, processed, and stored, escalating substantive legal questions to the Senior Counsel, Privacy and Senior Compliance Officer.

• Apply the data-protection rules that sit alongside the disclosure regimes, including the handling, retention, and secure destruction of criminal-record data as criminal offence data under UK GDPR and the Data Protection Act 2018.

Operational Collaboration

• Maintain process documentation for privacy and EMEA compliance workflows

• Act as a liaison to Operations for privacy-adjacent process design and workflow improvements

• Triage and manage Jira tickets relating to privacy and EMEA compliance matters

• Post-secondary education in a related field or an equivalent combination of education and professional experience.

• Practical working knowledge of GDPR and data subject rights processes, including experience engaging with regulatory or quasi-governmental bodies such as the ICO, a privacy commissioner, or equivalent authority.

• Highly organized with exceptional attention to detail and the ability to manage multiple priorities, deadlines, and regulatory requirements across different jurisdictions.

• Excellent written and verbal communication skills.

• Ability to maintain discretion and confidentiality at all times.

• Comfortable working across compliance, operations, and client-facing functions

• Professional privacy certification through the International Association of Privacy Professionals (IAPP), such as CIPT or CIPP/E, is considered a strong asset.

• Comfortable using AI tools (e.g., Claude) to support day-to-day tasks such as drafting communications, summarising regulatory guidance, and improving workflow efficiency

If you meet most, but not all, of the qualifications listed above, we still encourage you to apply. We recognize that strong candidates come from a wide range of backgrounds and experiences, and we value the diversity of perspectives that brings.

Certn is a remote-first company with a high-performance edge. We value hustle, hunger, and helping each other win - but we also have a strict no-jerk policy. Ambition here is about lifting people up, not stepping on toes.

• We think like owners and execute with urgency.

• We’re customer-obsessed and always learning.

• We give real feedback and hold each other to high standards.

We’re AI enthusiasts. From Ops to Legal, Product to People & Culture, we use AI to move faster, make smarter decisions, and build better experiences.

We believe in using AI intentionally - ethically, creatively, and always in service of delivering more for our customers and each other. Don’t worry if you’re not an expert; curiosity and a willingness to learn matter most.

• 20 days of annual leave to start, plus up to 3 additional Performance Days

• Company-paid benefits

• Remote-friendly and supportive flexible remote arrangements

• Work-from-home allowance

• Professional development budget

• And a few more goodies!

We’re committed to building a workplace that’s diverse, inclusive, and empowering for all. If you need accommodations to support any special needs at any stage of the recruitment process, just let us know - we’ve got you.

Just so you know, the selected candidate will be required to complete a background check. This means you will get to see first hand what we do, and trust us, we do it REALLY well!

We use AI tools to support our recruitment process, including helping us organize applications and identify early matches based on role criteria. That said, every rejection decision is made by a human. We encourage candidates to apply authentically and avoid relying solely on AI-generated responses, especially during interviews.

This posting is for a current, open position within Certn.

This opportunity is offered through HighlightTA, the on-demand talent team supporting Certn’s growth.

Connect with us and learn more:
Certn on LinkedIn

HighlightTA on LinkedIn