We are seeking an experienced and motivated professional to join our team as a Consultant, Senior Consultant, or Manager specialising in Data Protection. This role is ideal for individuals with a strong understanding of data governance, privacy laws, and technology risk management, particularly in relation to GDPR, the UK's Data Protection Act, and other global privacy regulations. You will be instrumental in advising clients across multiple sectors on how to implement, maintain, and improve their data protection frameworks.
Responsibilities include conducting data protection impact assessments (DPIAs), developing privacy policies and procedures, supporting data breach response and incident management, and advising clients on cross-border data transfer requirements. You will also help to design privacy training programmes and compliance monitoring tools tailored to client needs.
We offer a challenging and rewarding environment where professional growth and client engagement are key. Depending on your level of experience, you will lead or support project delivery, manage client relationships, and contribute to business development activities.
Key Responsibilities:
- Provide expert advice on data protection laws and regulatory requirements.
- Support the design and implementation of data privacy frameworks.
- Conduct privacy risk assessments and audits.
- Develop and review privacy policies, notices, and contractual clauses.
- Assist with data protection compliance programmes and readiness assessments.
- Deliver client training on privacy policies and legal updates.
- Lead or contribute to project planning and execution within scope, timeline and budget.
- Engage in client meetings and develop strong professional relationships.
Requirements:
- Bachelor's degree in Law, Information Security, Computer Science, or a related field. A Masters or professional certification such as CIPP/E, CIPM, or CIPT is highly desirable.
- Proven experience (2-8+ years) in data protection, privacy consultancy, compliance, or a related domain, preferably from a professional services firm or in-house privacy role.
- Strong understanding of GDPR, UK GDPR, Data Protection Act 2018, and other relevant privacy frameworks (e.g. PDPO, CCPA).
- Excellent communication skills, both written and verbal, in English. Cantonese and Mandarin are a plus.
- Demonstrable experience in drafting privacy documentation and conducting DPIAs.
- Ability to work independently and as part of a team in a fast-paced environment.
- Proficiency in Microsoft Office applications; familiarity with GRC tools is advantageous.
