Responsibilities
- Manage the DPIA process, including risk assessment of new systems, processing activities and suppliers.
- Work with Procurement and contract owners to manage DPI risks in supply chains and ensure appropriate contractual protections.
- Assist the AI Risk Assessment Committee with onboarding new AI tools, conducting data protection risk assessments and advising on necessary protections.
- Develop, manage and implement global data‑privacy policies, standards, guidelines and procedures, including intra‑group transfer agreements.
- Handle day‑to‑day operational issues, incidents and maintain an incident register.
- Map and control privacy by design: map the firm’s data processing activities, manage the data map, monitor retention policies, and respond to client and audit information requests.
- Advise on privacy terms in client retainer documentation and data‑subject requests (correct, erasure, access, portability).
- Develop and deliver privacy education and awareness content, ensuring high visibility of privacy matters across the firm.
- Support privacy compliance reviews of offices and business services, and assist with internal and external audit findings.
- Maintain privacy risk assessments and impact assessments for each jurisdiction.
- Prepare quarterly plans and provide annual input to the Information Security report.
- Build and maintain relationships with internal stakeholders, particularly IT and legal teams.
Qualifications and Experience
- Degree‑educated (technical or law degree preferred).
- Minimum 3 years’ experience in data privacy, data governance, or information security (less experience considered with demonstrable competency).
- Strong knowledge of GDPR and data‑protection law in other jurisdictions.
- Proficiency in drafting, monitoring and enforcing data‑privacy policies and procedures.
- Experience with ISO27001, other control frameworks, and a broad range of IT technologies.
- Working knowledge of AI and associated data‑protection risks.
- Excellent communication skills – able to liaise effectively with lawyers and IT staff.
- Analytical ability to identify and assess data‑protection risks and controls.
- Self‑motivated, adaptable, diligent and proactive.
Employment Details
Full‑time, Permanent – London, United Kingdom.
This role reports to the Senior Data Privacy Manager and is part of the General Counsel & Risk team under the global risk and compliance function.
#J-18808-Ljbffr…
