Data Protection Manager

We are looking for an enthusiastic and detail-oriented Data Protection Manager to join our growing information security and data protection team. This is an ideal opportunity for someone with existing data protection knowledge and experience to further their career in information security and data protection.

The Role:

The Data Protection Manager will be responsible for driving the technical implementation of data protection practices across our systems and infrastructure. You will work collaboratively with the wider Information Security team to deliver a consistent and easily understood approach. Reporting to the Director of Information Security and Data Protection Officer, you will play a hands-on role in ensuring that our platforms, applications, and third-party services are aligned with data protection policies, regulatory requirements, and information security best practices. The ideal candidate is eager to learn and grow within the data protection and information security fields while contributing to the team’s efforts to protect our organisation's data and IT infrastructure.

This role focuses on operational aspects of data protection — from technical risk assessments and secure system configuration reviews to incident response, vulnerability remediation tracking, and regulatory compliance audits. You will work closely with engineering, DevOps, and IT teams to embed privacy and information security controls into our technology stack.

This is a full-time position. Occasional after-hours work may be required to support incident response, high-priority vulnerability fixes, or audit activities.

Key Responsibilities:

1. Develop and implement data protection governance by designing, implementing, and enforcing policies aligned with business objectives and regulations.
2. Support the development of strategies to mitigate and monitor data protection risks and incidents.
3. Coordinate internal audits, assessments, and recommend improvements to enhance data protection posture.
4. Work collaboratively with the wider Information Security team to identify and develop strategies to mitigate, manage, and monitor data protection risks and incidents.
5. Engage with other departments to ensure security efforts align with business goals.

Risk Management:

1. Identify, assess, and document data protection risks across systems and processes.
2. Support administration of data protection systems and risk reporting.
3. Advise teams on risk mitigation strategies.

Vulnerability Management:

1. Coordinate data protection assurance testing and vulnerability management.
2. Guide teams on vulnerability mitigation and follow-up on remediation.
3. Collaborate with development teams to incorporate secure coding and privacy-by-design principles.

Incident Response & Recovery:

1. Lead incident response efforts on a duty basis.
2. Provide guidance on threat mitigation, containment, and recovery processes.

Legal & Regulatory Conformance:

1. Ensure compliance with relevant regulations such as GDPR, CCPA, etc.
2. Manage data protection processes, including audits and assessments.
3. Review system configurations for compliance and document settings.

Staff Training & Awareness:

1. Implement and manage data protection awareness training programs.
2. Conduct training sessions on data protection risks and best practices.

Vendor Management:

1. Manage third-party data protection assessments and ensure compliance.

Reporting & Documentation:

1. Maintain records of incidents, audits, and assessments.
2. Report on KPIs and metrics related to data protection and security.

Continuous Improvement:

1. Regularly assess and improve data protection and security measures.
2. Stay updated on latest threats, trends, and regulations.

Requirements:

• 3+ years of experience in data protection or information security.
• Knowledge of UK, EU, and US data protection laws.
• Understanding of security concepts, tools, and technologies.
• Willingness to learn and grow professionally.
• Experience with audits, risk assessments, and compliance.
• Strong communication skills for technical and non-technical audiences.

Benefits & Perks:

• Competitive salary + benefits including 25 days' holiday, wellbeing days, pension, medical plan, flexible working, and more.

We Value Diversity

We are committed to fostering an inclusive environment and welcome applicants from all backgrounds. We support various Employee Resource Groups and promote equality and fairness in our hiring process.