GRC and Data Privacy Specialist

Social network you want to login/join with:

col-narrow-left

Card Factory

Other

-

Yes

col-narrow-right

0577c86673a0

7

24.04.2025

08.06.2025

col-wide

Job Introduction

cardfactory are excited to announce a new opportunity for a GRC and Data Privacy Specialist to join our growing team. Working closely with the GRC Manager and DPO, you will build and maintain cardfactory’s GRC and Data Protection Strategy to aid in developing and maintaining privacy, GRC, and related policies, help to describe and define compliance requirements, and facilitate regulatory compliance.

Based at Junction 41 in Wakefield, with free parking and a flexible, hybrid way of working, this is a fantastic opportunity to make a real impact in our team. Colleagues are required to work in the office for a minimum of 1-2 days per week, with the expectation of additional attendance when needed.

Role Responsibility

• Develop, implement, communicate, maintain, and review the strategy with relevant stakeholders at cardfactory.
• Develop and maintain policies, procedures, and documentation to support an effective GRC and Data Protection Strategy including all necessary documents under the UK GDPR.
• Ensure cardfactory meets compliance standards, including PCI DSS, GDPR, and other relevant regulations.
• Conduct audits and monitoring to verify compliance with policies and procedures related to the GRC and Data Protection Strategy.
• Provide internal expertise and consultancy on privacy, data protection, and the PECR.
• Update or create training materials related to data protection and GRC.
• Stay informed about the latest trends, risks, and legal precedents in Data Protection.
• Collaborate with Security colleagues to manage risks associated with third-party suppliers and service providers.
• Ensure they meet required compliance and security standards for contracted services.

The Ideal Candidate

• A good knowledge and working understanding of the GDPR and PECR
• Prior experience of managing privacy operations compliant with the GDPR and PECR.
• Good attention to detail, strong organisational and time management abilities.
• Excellent written and oral communication skills, with the ability to adapt communication styles to suit and influence audiences of varying seniority, business areas, and locations.
• Demonstrable experience in risk management.
• The ability to implement a holistic security program of strategy, policies, processes, and technologies.
• Being able to balance legislative requirements taking into consideration a commercial viewpoint.
• Experience of implementing and managing Governance, Risk, and Compliance programs.
• Experience working in fast-paced and complex environments (retail experience would be beneficial).
• Experience with ISO27001, ISO27701, ISAE 3000/3402, or other information security / GRC standards.
• Experience in using GRC tools, such as OneTrust or Microsoft Auditing and Compliance.

About the Company

Card Factory is the UK’s leading specialist retailer of greeting cards, dressings, and gifts with over one thousand stores across the UK and Ireland. In 2020, we launched our exciting 5-year business strategy including our vision of becoming a true Omni-channel retailer. This strategy sees significant investment into our colleagues across the business, creating multiple opportunities to join a fast-paced environment and be part of our exciting journey.

In return, we offer a wide range of benefits to support your physical, mental, and financial well-being.

• 25% Card Factory colleague discount in-store and online
• Financial Wellbeing Support, Financial Education Tools, Salary Advance
• Seasonal incentive schemes
• Retail Management Apprenticeship Programmes with local providers, with access to a virtual internal network for learning together
• Discounts across 100’s of UK retailers
• Employee Assistance Programme – access to tools to support mental, physical, and financial wellbeing