Senior Data Privacy Consultant

One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world’s most trusted organisations. We are the trusted partner for operators of essential services and provide end-to-end cyber security capabilities that help our clients overcome their security challenges, allowing them to operate safely and securely.  
 
Bridewell holds the Gold level, Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.    

Due to continued growth, we are looking for ambitious individuals who are passionate about Data Privacy and are keen to continue to develop and grow with us. You are a client facing Data Privacy professional, with extensive experience delivering interesting projects and delivering and maintaining client relationships at a senior level. You will have a broad range of expertise across Data Privacy and be able to articulate, sell and deliver different Bridewell propositions to our target markets. 

• →Primary responsibility will be to deliver on client engagements, typically this could be working on one large programme of work or delivering on a number of different privacy projects for a select group of Bridewell’s clients. Activities may include but not limited to: 

• →Implementing Data Protection by Design and Default processes; 

• →Data Breach investigation, assessment and notification; 

• →Implementing and conducting Data Protection Impact Assessments; 

• →Data protection and privacy considerations in supply chains; 

• →Data mapping; 

• →Implementation and handling of data subject rights processes; 

• →Producing Privacy Notices and Polices; 

• →Provision of advice on data protection and privacy matters; 

• →Development of Records of Processing Activities and related processes. 

• →Delivering and preparing training and awareness programmes. 

• →Third party due diligence and ongoing assurance.  

• →Review and drafting of data protection processing agreements.  

• →Identification, mitigation and management of privacy risks. 

• →Staying up to date with privacy requirements and changes through your own research as well as attending conferences and events. 

• →Working with others to identify sales opportunities and support pre-sales activities. 

• Approx. 4-6 years of professional experience and expert technical knowledge of relevant UK, European and global data protection laws and regulations, such as GDPR, PECR and UK DPA. 

• Relevant certifications such as CIPP/E, CIPM, CIPT, Practitioner Certificate in Data Protection (PDP or equivalent).  

• Ability to work effectively within a team environment. 

• Proficient in the use of IT systems, such as OneTrust, and applying data protection in a practical context. 

• Practical experience of applying expert domain knowledge across a number of delivery scenarios, including but not limited to, data mapping, responding to data subject requests, managing personal data breaches, undertaking Data Protection Impact Assessments, undertaking privacy audits and gap analysis and conducting contract reviews. 

• Practical experience of developing, maintaining and implementing Data Privacy Frameworks in a variety of organisations including during times of large-scale transformation. 

• Practical experience of applying a range of risk management approaches, conducting risk assessments and being able to articulate risk effectively. 

• Practical experience of providing independent support and advice on a wide variety of privacy issues 

• Experience in operating in the role of Data Protection Officer, including liaising with regulators, such as the Information Commissioners’ Office. 

• Knowledge international privacy law and experience implementing appropriate international safeguards. 

• An accomplished communicator with the ability and confidence to present complex issues and influence decisions at all levels within an organisation with excellent analytical, interpersonal and stakeholder management skills. 

Other nice to haves would include experience of: 

• Previous work experience with regulators or industry bodies 

• Previous experience having worked for or with both Processors and Controllers 

• Working in multiple industries or sectors 

• Presenting at industry events 

• Developing solutions to address client security requirements 

• Supporting business development opportunities, proposal development and presentations.