Data Protection and Risk Analyst

Summary

Join CEF's Global IT team as a Data Protection and Risk Analyst and play a crucial role in supporting the business's compliance and risk management efforts. You will work closely with the Data Protection Officer and Governance and Compliance Manager to ensure compliance with data protection regulations and mitigate risks. This role involves managing Subject Access Requests, handling compliance inquiries, supporting Data Protection Impact Assessments, and assisting with risk register maintenance. You will also contribute to PCI renewal, Cyber Essentials recertification, and phishing simulations. The position requires experience with SARs, GDPR, risk management, and cybersecurity frameworks. It's a predominantly home-based role with occasional travel to Durham and other UK sites. CEF offers a competitive salary, bonus scheme, employee discounts, pension plan, wellbeing platform, and gym access.

Requirements

• Experience handling Subject Access Requests (SARs) and Right to be Forgotten requests
• Familiarity with GDPR compliance requirements and related legislation
• Understanding of risk management processes, including maintaining risk registers and conducting risk assessments
• Strong communication skills and the ability to engage professionally with stakeholders across the business
• Understanding of cybersecurity frameworks such as ISO 27001, PCI DSS, and Cyber Essentials
• Ability to work independently and manage sensitive data with discretion and confidentiality

Responsibilities

• Manage Subject Access Requests (SARs) and Right to be Forgotten requests
• Handle compliance-related inquiries, such as police requests for CCTV footage and legal data inquiries
• Support the screening and completion of Data Protection Impact Assessments (DPIAs)
• Provide administrative support to ensure CEF complies with Data Protection legislation
• Assist with maintaining and updating the EMEA Information Security Risk Register
• Support PCI renewal and Cyber Essentials recertification processes
• Help manage phishing simulations, KPI reporting, and information and security risk remediation efforts
• Maintain and develop the AI risk catalogue and contribute to achieving security standard certifications
• Liaise with multiple IT teams to monitor and address cybersecurity risks
• Assist with customer security questionnaires and responses to support compliance efforts
• Draft regular security communications to raise awareness of information security best practices

Preferred Qualifications

• Knowledge of the NIST Security Framework
• Experience supporting audits and compliance efforts for ISO 27001, ISO 42001, and PCI DSS
• Recognised certifications related to information security, risk management or data protection

Benefits

• Competitive basic salary
• Annual IT Bonus scheme
• MySavings - Employee Discount Platform
• Pension: 3% ee’e / 3% e’er (Total 6%)
• Champion Health – a comprehensive physical, mental & financial wellbeing platform, offering bespoke content on all aspects of wellbeing & life including recipes, workouts, blogs and loads of other content for you
• Free use of the state-of-the-art private gym at our award winning IT Headquarters