Our client is seeking a highly motivated and detail-oriented Information Compliance Analyst to ensure organizational compliance with data protection laws, including GDPR and other relevant regulations. This role involves conducting Data Protection Impact Assessments (DPIAs), supporting data classification initiatives, and collaborating on information security projects to uphold the integrity, confidentiality, and availability of data.
The ideal candidate will work closely with stakeholders across IT, HR, and Operations to embed data protection principles into organizational processes, ensuring alignment with compliance requirements and information security best practices.
Regulatory Compliance and Data Protection
- Monitor compliance with GDPR, national data protection laws, and organizational data protection policies.
- Conduct and document Data Protection Impact Assessments (DPIAs) for new projects, systems, and processes.
- Maintain a register of processing activities (ROPA) and ensure it is up-to-date and accurate.
- Support the implementation of privacy by design and default principles in all data-handling activities.
- Support with maintaining, updating, and reviewing compliance-related documentation, including policies, procedures, and guidelines, ensuring they are up to date and in line with regulatory changes.
Data Classification and Management
- Support and maintain data classification frameworks to ensure data is categorised and handled appropriately based on sensitivity and regulatory requirements.
- Collaborate with data owners and custodians to establish and enforce data access controls.
- Conduct audits to ensure adherence to data classification and handling policies.
Information Security Projects
- Support information security initiatives, including risk assessments, policy development, and incident response planning.
- Collaborate with the IT team to implement technical and organizational measures for data protection and security.
- Participate in security audits and risk assessments to identify compliance gaps and recommend remediation actions.
- Ensure that security measures align with compliance requirements and data protection regulations.
- Work closely with the Information Assurance and Security Lead to establish risk treatment plans, track progress, and validate the effectiveness of implemented controls.
Stakeholder Engagement and Reporting
- Act as a key liaison between IT, Legal, HR, and other departments to address compliance and data protection concerns.
- Provide expert guidance on data protection issues and regulatory changes affecting the organization.
- Prepare and present compliance reports, metrics, and insights to senior management and relevant committees.
- Assist in responding to data subject access requests (DSARs) and other regulatory inquiries.
- Strong knowledge of GDPR and other relevant data protection regulations (e.g., CCPA, UK Data Protection Act).
- Experience with conducting DPIAs and managing ROPAs.
- Familiarity with data classification frameworks and tools.
- Understanding of information security concepts, such as risk management, access control, and encryption.
- Proficiency in compliance and security tools (e.g., OneTrust, Varonis, or similar platforms).
- Excellent analytical skills with the ability to assess compliance risks and recommend solutions.
- Strong communication and interpersonal skills to effectively engage with stakeholders at all levels.
- Detail-oriented with strong organizational and documentation abilities.
- Ability to manage multiple projects and prioritise tasks in a fast-paced environment.
- Bachelor’s degree in Information Security, Law, Business Administration, or a related field.
- Minimum 3 years of experience in data protection, compliance, or information governance roles.
- Certification in GDPR or data protection (e.g., CIPP/E, CIPM, or CIPT).
- Information security certifications, such as ISO 27001 Lead Implementer, CISSP, or equivalent.
- Experience supporting security projects, such as vulnerability assessments or incident response.
