Senior Data Risk Manager (Privacy)

Company: Kennedys
Apply for the Senior Data Risk Manager (Privacy)
Location: London
Job Description:

Job Overview

Kennedys is looking for a Senior Data Risk Manager to join our Risk & Compliance team on a 12 month fixed term contract. The role provides strategic oversight and operational leadership across data privacy, regulatory compliance and information risk. It ensures personal data is managed lawfully, securely and in line with global regulatory requirements, acting as a subject‑matter expert in data protection and privacy risk.

Team

The Risk & Compliance team handles a wide range of partnership and risk and compliance issues for the firm and acts as an in‑house legal department. The Data Risk Team specialises in risk to data, privacy and information as well as compliance with associated regulations and best practice globally, keeping abreast of new and emerging risks associated with technology such as AI.

Key Responsibilities

  • Act as subject‑matter expert on data protection (GDPR, UK DPA)
  • Lead DPIAs and privacy risk assessments
  • Oversee the maintenance of risk registers and mitigation plans
  • Develop privacy policies and frameworks
  • Support ISMS and ISO 27001 alignment
  • Lead incident and breach management
  • Engage stakeholders and deliver training
  • Support AI and emerging risk governance
  • Product owner for Surecloud (or equivalent) platform
  • Lead and develop team members and deputise for Head of Data Risk as required

Required Experience

  • Strong knowledge of GDPR and global privacy laws including HIPAA, PIPA and Australian Privacy
  • Experience in data risk management and governance
  • DPIA and incident management experience
  • Understanding of ISO 27001 / ISMS
  • Demonstrable experience of assessing AI and privacy risks
  • Stakeholder engagement skills

Equal Employment Opportunity Statement

Kennedys is an equal opportunities employer and is committed to ensuring our recruitment processes are as inclusive as possible. We expect all employees to be aware of and comply with all relevant policies and procedures within their jurisdiction, including those relating to Information Security, Data Protection and Quality Management, refer any breach promptly to Risk & Compliance and to complete all mandatory training when requested.

#J-18808-Ljbffr…

Posted: July 7th, 2026