Data Risk Officer

Kennedys is looking to recruit an experienced and enthusiastic officer to join our Data Risk Team. This role will principally be responsible for supporting the Data Risk Teams global management of risk across the areas of information security, emerging technology and regulatory compliance.

Kennedys Risk & Compliance team handles a wide range of partnership and risk and compliance issues for the firm and acts as an in-house legal department assisting with regulatory and professional conduct enquiries. Within this the Data Risk Team specialises in risk to data, privacy and information as well as compliance with associated regulations and best practise globally. This includes keeping abreast of new and emerging risks associated with ever developing technology such as AI.

• Assist the Data Risk Team in ensuring the firms adherence to existing and new regulations around data protection and privacy, including risk assessments and providing recommendations to reduce the risk of personal data breaches.
• Assist with internal queries or audits relating to due diligence work for both clients and suppliers.
• Support with management of cyber incidents and other events.
• Support with the completion of Data Protection Impact Assessments and Records of Processing Activities
• Assist with the internal auditing of the ISMS in line with Kennedys global ISO 27001 certification.
• Work with the Emerging Technology Risk Manager on AI and other emerging technology regulations and compliance.
• Work with the Information Security Manager to run global phishing exercises, analyse results and provide recommendations.
• Work with General Counsel by coordinating the sourcing of data for DSRR's.
• Point of contact for Risk Operations for best practice and guidance relating to information barriers
• Provide support in adherence to Client requirements aligning with regulatory requirements such as DORA & HIPAA
• Work with colleagues to prioritise Data Risk Team work and ensure global processes are maintained.

• Educated to a university degree level.
• 2-5 years' experience in data protection, risk management, compliance or information governance roles
• Working knowledge of UK and EU GDPR, UK Data Protection Act and associated regulations such as DORA, EUAI, HIPAA
• Experience in working within a structured risk management framework to identify, assess, monitor and reduce risks.
• Demonstrated ability to assess, investigate and elevate data incident or breaches and/or issues/risks.
• Exposure to risk management frameworks such as ISO27001, ERM and understanding of governance structures.
• Proven ability to positively engage stakeholders of all levels across an organisation/firm and flexible communication style
• Experience in the professional services sector (desirable)

This is a developing role, and the job description is not exhaustive and may vary in line with changes in the team's objectives and firm policy.

Please let us know if you require any additional support or adjustments to be made in order to submit your application to Kennedys.

*where a level of experience is indicated, this is a guideline only and represents the amount of time we would usually expect a candidate to accumulate the requisite level of experience. This does not preclude applications from candidates with more or less experience.

Kennedys is a global law firm with expertise in dispute resolution and advisory services. With over 2,750 people worldwide across 47 offices in the UK, Europe, Middle East, Asia Pacific and America we have some of the most respected legal minds in their field.

Our lawyers handle both contentious and non-contentious matters, and provide a range of specialist legal services, for many industry sectors but we have particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims.

We're a fresh-thinking firm, and we're not afraid to bring challenging new perspectives to the table way beyond the traditional realm of legal services. We empower our clients with a diverse range of ideas, tools and technology to make their lives easier, as well as delivering exceptional results, every time.

We welcome high-performing lawyers, business services professionals, secretaries, graduates and apprentices to join our rapidly expanding global firm. Whatever your role at Kennedys, you'll be involved in exciting and stimulating work, where your input will make a difference.

Our culture and values form a big part of who we are and we take them seriously. We make a difference by being approachable, straightforward, supportive and distinctive. Our values are at the core of who we are and what make us a great firm to work with and for.

The Firm recognises the value of investing in our people's development and believes our culture and values contribute to the quality of our work and of our client relationships. With a culture of on-the-job and experiential learning, peer to peer learning, mentoring, resources and tools that enable you to drive your career, we can support your development in your current and future roles.A variety of other opportunities are available including secondments to clients and our global offices.

We strive to celebrate diversity, empower our people and ensure everyone can bring their authentic selves to work.We've created a culture based on client service, professional excellence, hard work and trust, where diversity, equity and inclusion (DE&I) is a key priority.We recognise that many of our people want to work for an employer that is aligned to their values, which is why we are building an inclusive culture, decarbonising our operations and supporting our people to thrive at work.Our people are the key to driving this change and helping us to make a difference to our clients, our people and the communities in which we live and work.

Kennedys is an equal opportunities employer and is committed to ensuring our recruitment processes are as inclusive as possible. We expect all employees to be aware of and comply with all relevant policies and procedures within their jurisdiction, including those relating to Information Security, Data Protection and Quality Management, refer any breach promptly to Risk & Compliance and to complete all mandatory training when requested.