Privacy Risk & Compliance Manager

About The Role

Privacy Risk & Compliance Manager

Department: GRC

Reports To: Director of Information Security

Job Summary: The Privacy risk & compliance manager will be based in London Bridge and will be responsible for ensuring the organization's achievement, maintenance and adherence to FDM Privacy management practices including privacy risk assessments, data subject requests, data governance & the internal audit function that includes continuous improvement of our aligned ISO standards 9001, 27001.while ensuring the maturity of the business continuity across the business as continuously relevant to FDM needs and that standards are kept in line with best practices and our strategic goals ensuring GRC reporting can demonstrate continued improvement across all required compliance areas.

This role will be pivotal to AI adoption through governance and compliance while ensuring AI usage is vetted and any investments or use of AI is providing ROI.

Additionally, this role will contribute to ensuring compliance in our consulting business and ensure training in Skills Lab is meeting our clients' needs today and in future.

Key Responsibilities:

• Develop and maintain policies and procedures in compliance with data protection regulations (e.g., GDPR, CCPA).
• Conduct privacy impact assessments and risk assessments.
• Manage the actions and timely attention to risks logged in the operational resilience risk register within the centralised risk management.
• Develop and maintain comprehensive quality improvements, business continuity plans and Information security risk management activities.
• Manage commercial due diligence questionnaires ensuring rapid response to privacy and security questions.
• Complete FDM supplier due diligence to ensure our supply chain meets the required standard.
• Ensure data classification across cloud platforms & DLP governance through automation and reporting controls.
• Maintain AI usage register and conduct supplier audit risk assessments.
• Complete vendor risk management within our centralised risk management platform.
• Monitor and ensure compliance with data protection regulations and industry standards.
• Support investigations and implement corrective actions.
• Manage planner actions across all GRC initiatives.
• Provide confidentiality training for FDM newly onboarded consultants.
• Collaborate with various departments to integrate privacy measures into business processes.
• Monitor and evaluate the effectiveness of compliance programs for reporting in GRC.
• Collaborate with various departments to integrate compliance measures into business processes.
• Keep up to date with industry best practices and emerging trends in business continuity, quality management & information security risks.
• Stay up to date with changes in global privacy regulations and industry best practices.

About You

Qualifications:

• Professional certifications such as CIPP, CIPM, GDPRP, ISO 27001 or other relevant qualifications.
• Advantageous if certifications held in ISO 9001 Lead Auditor, ISO 27001 lead implementor , BCP 22301 or other relevant qualifications.
• Experience in business continuity planning, quality compliance management and information security risk an advantage.
• Strong understanding of regulatory requirements and industry standards.
• Excellent problem-solving, organizational, and communication skills.

About Us

We are a business and technology consultancy and one of the UK's leading graduate employers, recruiting the brightest talent to become the innovators of tomorrow. We have centres across Europe, North America and Asia-Pacific, and a global workforce of over 3,500 employees. FDM has shown exponential growth throughout the years, firmly establishing itself as an award-winning employer and is listed on the FTSE4Good Index.

Diversity and Inclusion
FDM Group is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, national origin, age, disability, veteran status or any other status protected by federal, provincial or local laws.