Head of Data Protection

Location:
England
Job Type:
Contract
Industry:
Digital Workspace
Job reference:
BBBH417293_1752510310
Posted:
1 day ago

Job Title: Head of Data Protection

Contract: Mid Jan (likely to extend)

Location: Remote

Clearance: Applicants must have, or be eligible for, SC clearance to be considered

Organisational Overview

This role sits within the Risk and Assurance Directorate and supports key client accounts, including those in the financial services sector. The Head of Data Protection reports to the Risk and Assurance Director (Conduct and Compliance) and leads one of the key verticals within the Directorate.

This is a critical role in advancing the organisation's second line assurance framework by delivering proactive, subject matter expert (SME) support across business operations. The objective is to ensure operational processes are compliant by design, while safeguarding the interests of end customers, corporate partners, and the business itself.

The organisation operates as a Data Processor under current outsourcing arrangements. While Data Controller responsibilities rest with clients, the role ensures robust assurance activities are in place to maintain compliant operations.

Key Responsibilities

  • Build and maintain strong relationships with operational teams, serving as a trusted SME advisor.
  • Support change teams by providing expert data protection and privacy guidance.
  • Lead assessment and response efforts for data protection breaches, including remedial planning and issue tracking.
  • Advise internal governance committees and boards on all matters related to data protection and privacy.
  • Deliver regular updates to governance forums, covering regulatory developments, incidents, and monitoring activities.
  • Develop and maintain the organisation's internal data protection policies and procedures.
  • Establish networks internally and externally to share knowledge and build best practices in data protection.
  • Foster a strong data protection governance culture across the business.
  • Lead assurance reviews and gap analyses of operational practices against applicable data protection regulations.
  • Monitor compliance with UK and EU privacy laws, using a risk-based approach to evaluate controls and regulatory risks.
  • Support operational teams in understanding and managing their data protection risks, including DSAR and FOIA requests.
  • Develop and deliver tailored training and education to support business understanding of data protection obligations.
  • Manage the data protection team, including staff development and performance planning.
  • Coordinate regularly with client-side data protection stakeholders through joint governance forums.

Person Specification

Skills and Competencies

  • Expert knowledge of UK and EU data protection laws, including GDPR and the UK Data Protection Act.
  • Strong experience with data privacy assurance and information security activities in complex business environments.
  • Proven ability to lead and manage data privacy programmes, including third-party oversight.
  • Strong communication and influencing skills, with the ability to provide sound advice under pressure or amid ambiguity.
  • Capable of building relationships and driving a positive data protection culture in a multifaceted organisation.
Back to Search Results