You will lead the execution of Data Protection Impact Assessments (DPIAs) for projects in the UK and Europe, while also providing critical support to North American initiatives and our global assessment framework.
You will conduct specialized compliance reviews for artificial intelligence initiatives, identifying risks related to bias, transparency, and data minimization.
You will serve as a primary point of contact for business teams in Dunton, providing day-to-day guidance on privacy-by-design principles and data protection requirements.
You will evaluate and negotiate the terms of data processing agreements and SCCs, supporting vendor management processes.
Support data breach response activities when necessary.

Advising on the execution of appropriate IT security measures to safeguard personal data
Strong knowledge of privacy documentation (e.g., DPIAs, privacy notices, contracts)
Excellent communication skills—able to simplify complex topics for diverse audiences
Strong leadership and interpersonal skills to influence and mentor across teams
Experience analyzing technical processes or complex business workflows to identify privacy risks.
Ability to quickly grasp and apply global regulatory frameworks
Experience and ability to operate in a fast paced environment in large, matrixed, multinational organizations
A Bachelor’s degree in a relevant field or equivalent professional experience.
Three or more years of experience in data privacy, compliance, or risk management.
A deep, working knowledge of the General Data Protection Regulation (GDPR) and the UK GDPR.
Experience analyzing technical processes or complex business workflows to identify privacy risks.
CIPP/E (Certified Information Privacy Professional/Europe) certification; CIPP/US or CIPM is a plus.
Experience working on cross-border privacy projects or supporting compliance efforts in multiple geographies (e.g., EU and US).
Direct experience conducting assessments for AI, machine learning, or automated decision-making systems.
Preferable to have experience using OneTrust or similar privacy management software to manage DPIAs and risk registers.

The Company is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of race, religion or belief, sex, marriage and civil partnership, pregnancy and maternity, age, sexual orientation, gender reassignment or disability
This position is based in Dunton, and it is expected the successful candidate will be able to attend the Dunton office for typically 4 days a week and remain flexible on the days they are required to attend the office according to business requirements.
As part of our pre-employment checks process, successful candidates will be required to undergo a criminal record check. This will be conducted in line with the Rehabilitation of Offenders Act 1974 and applied only to unspent convictions.

Privacy Analyst, Data Protection Office

Key skills