At Ernst & Young (EY), the Risk Management (RM) function plays a critical role in identifying, managing and mitigating risk across the business. RM supports the firm in upholding EY’s business standards, protecting its reputation and value, and ensuring compliance with all applicable legal, regulatory and professional obligations. The UK Data Protection team supports the UK firm in complying with data protection and privacy legislation and regulatory requirements, developing, implementing and maintaining policies, procedures and training, and monitoring the application of global and local policies.
Key Responsibilities
- Act as the first point of contact for the business on data protection queries, providing clear, pragmatic advice and balancing regulatory requirements with commercial realities.
- Independently manage data subject rights requests, determining appropriate actions and escalating only where necessary.
- Lead investigations into data incidents and breaches, taking ownership of fact‑finding, containment and mitigation activity and coordinating with stakeholders to drive timely resolution.
- Lead and coordinate the review of Privacy and Confidentiality Impact Assessments (PIAs) for EY products, applications, tools, technologies and suppliers, providing risk‑based assessment, challenge and guidance to product owners on required controls and mitigations.
- Draft, review and update internal data protection policies, procedures and training materials, ensuring they are practical, current and aligned to regulatory expectations.
- Manage personal workload and competing priorities autonomously, ensuring work queues progress efficiently and service standards are met without day‑to‑day direction.
- Proactively identify opportunities to improve and streamline data protection processes, taking responsibility for driving enhancements rather than simply supporting them.
- Support wider Data Protection initiatives and projects, contributing expertise and leadership as required, with minimal supervision from Managers or the Data Protection Officer.
- Provide credible challenge and clear messaging to senior stakeholders, including delivery of difficult or risk‑based advice.
- Remain resilient and effective in a fast‑paced, ambiguous environment, adapting quickly as priorities change.
Qualifications & Skills
- At least two years of professional work experience in a relevant role (e.g., complaints handling, incidents management, quality control/assurance, risk management, legal, or compliance).
- An interest in understanding UK data protection and privacy legislation and a risk‑based approach to compliance.
- Strong ability to plan, prioritise and execute work independently, managing complexity with minimal oversight.
- Excellent judgement and problem‑solving skills, with the confidence to take responsibility for decisions.
- Clear, authoritative communication and the ability to influence and advise stakeholders at all levels of the firm.
- Calm, professional, positive and resilient under pressure, with a pragmatic and solutions‑focused mindset.
- Attention to detail and the ability to maintain high levels of accuracy.
- Experience working in Financial / Professional services or a regulated environment (preferred).
- Familiarity and practical experience with the application of data protection law and/or policies (preferred).
- Certified courses or qualifications in data protection / privacy (e.g., CIPP/E) (preferred).
Benefits
- Continuous learning: Develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: Tools and flexibility so you can make a meaningful impact.
- Transformative leadership: Insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: Encouraged to use your voice to help others find theirs.
- Flexible working arrangements: Balance career and personal priorities.
#J-18808-Ljbffr…
