Privacy Specialist in United Kingdom

Job description

Privacy Advisor/Business Analyst (Mergers & Acquisitions)

Fully Remote with occasional travel across the UK and Ireland

12 month contract

£500 per day via Umbrella Company

Our commitment is to provide equal opportunity regardless of, for example, your gender, age, ethnicity, disability, sexual orientation or beliefs. We also engage with employers to develop programmes and pathways that embrace diverse talent and promote more inclusive employment worldwide through partnerships and other initiatives. We recognise and celebrate the value of difference and how it makes us faster, smarter and more innovative than our competition.

Our client is a global leader in insurance, risk management and consulting services. They help businesses grow, communities thrive and people prosper. A culture driven by their people, over 40,000 strong, serving their clients with customized solutions that will protect them and fuel their futures.

They are seeking an experienced Privacy Advisor/Business Analyst (Mergers & Acquisitions) where you will become an integral part of their dynamic and fast-paced privacy team, where your expertise will support the M&A Privacy Lead in executing activities aligned with the Global M&A Privacy Framework and broader M&A program.

Job Purpose

You will be responsible for:

• Data Privacy Discovery: Leading a comprehensive program to assess target entities' data privacy processes and procedures against the organisations Data Privacy Framework. Identifying compliance gaps with relevant privacy laws and regulations, and uncovering opportunities to enhance privacy practices.
• Integration Planning: Developing and executing a prioritised integration plan to seamlessly incorporate privacy practices into the organisations framework.
• Process Remediation: Aligning and remediating processes and procedures to meet the requirements of the organisations Data Privacy Framework.
• Collaborative Engagement: Working closely with the Global Privacy Office (GPO), local privacy, security, compliance teams, and senior business stakeholders to articulate and deliver activities necessary to fulfill the Global M&A Privacy Framework requirements.

Key Accountabilities/Deliverables

• Privacy Risk Management: Identify, quantify, and manage privacy risks related to M&A transactions, ensuring alignment with the organisations risk appetite throughout the M&A lifecycle, including due diligence and integration.
• Privacy M&A Playbooks: Develop and maintain comprehensive playbooks to systematically identify and manage privacy risks, ensuring consistency and thoroughness in approach.
• Target Entity Privacy Assessment: Evaluate the current privacy framework and landscape for each target entity, focusing on:
• Processing activities outside the organisations standard practices.
• High-risk processing activities.
• Known risks and issues.
• Business-as-usual activity volumes (e.g., data incidents, individual rights requests) that may require additional resources.
• Privacy Due Diligence: Conduct thorough privacy due diligence on target entities using publicly available data.
• Privacy Integration Plan: Develop and execute a detailed privacy integration plan with clear milestones and interdependencies between workstreams, ensuring regular reporting and progress tracking.
• Risk Identification and Mitigation: Continuously identify and report new privacy risks and issues, providing actionable recommendations for mitigation.
• Stakeholder Engagement: Collaborate with key stakeholders, including Legal, Compliance, HR, IT, Operations, and Marketing, to keep them informed of interdependent risks throughout the M&A lifecycle.
• Training and Awareness: Assist in the development and delivery of training and awareness programs related to privacy and data protection.
• Privacy Compliance Support: Provide advice and support to ensure privacy compliance during data transfers and integrations.
• Privacy Risk Assessment: Identify and assess privacy risks (including conducting privacy risk assessments and data transfer impact assessments) and provide guidance to business units on risk mitigation strategies.
• Supplier Risk: Assess privacy risks in relation to supply chain, working closely with colleagues in security, IT, legal and procurement.
• Regulatory Updates: Stay informed on privacy laws and regulations to ensure ongoing compliance and adapt strategies and implementation plans accordingly.
• Governance and Values: Execute duties in accordance with internal policies, procedures, applicable laws, rules, regulations, and the organisations shared values, prioritising client-centric approaches.

Skills/Qualifications

• Expertise in an operational or privacy consulting experience with demonstrable experience of carrying out privacy gap analysis, creation and implementation of remediation plans as well as designing and implementing privacy projects.
• Experience of working in privacy project in a financial setting is essential.
• Privacy qualifications / certificates e.g. CIPP/E, CIPM, data protection practitioner certifications (preferred)

Technical Knowledge

• Proven experience with relevant UK and European data protection laws and regulations such as UK and EU GDPR, PECR and UK DPA, and their practical application.
• Experience in mergers and acquisitions, including pre / post acquisition due diligence and integration.
• Ability to identify, articulate, guide and assist stakeholders in the management of their privacy risks and obligations to desired outcomes through stakeholder engagement.
• Experience of working closely with Legal, Compliance, Information Security, HR, Privacy, Marketing and Operations.
• Practical privacy operations experience, for example, privacy risk assessments and data transfer impact assessments.
• An accomplished communicator with the ability and confidence to present issues and influence decisions at all levels within an organisation with excellent analytical, interpersonal and stakeholder management skills.
• Understanding of cultural dynamics.
• Detailed; problem solver; outcome focused; multi tasker; and collaborative team player.
• Willingness to travel.
• Knowledge of OneTrust.

Candidates must show evidence of the above in their CV to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you.

Extra information

Status

Open

Education Level

Secondary School

Location

United Kingdom

Type of Contract

Part-time jobs

Published at

14-07-2025

Profession type

Accountancy

Full UK/EU driving license preferred

No

Car Preferred

No

Must be eligible to work in the EU

No

Cover Letter Required

No

Languages

English