Data Protection Project Manager

We're looking for a proactive and delivery-focused Data Protection Project Manager to lead the implementation of a robust governance and compliance framework across the organisation. This is a hands-on role, ideal for someone who's ready to roll up their sleeves and deliver meaningful, tangible outputs.

The role will focus on foundational data protection work, embedding key operational procedures and processes aligned to the ICO Accountability Framework, with immediate impact across the business. You'll also support broader compliance areas including PCI-DSS, carbon reporting, and audit readiness., * Deliver and embed the core data protection governance framework, working closely with business leaders and the Group Data Protection Officer to align with the ICO Accountability Framework and embed it into daily operations.

• Support the wider compliance function by collaborating with the Group-level Senior Compliance Officer to ensure consistent application of standards.
• Draft and implement essential data protection policies, operational procedures, and incident response plans, including clear protocols for escalation, investigation, and reporting. Ensure all documentation meets both legal and Group-level requirements.
• Own and manage incoming compliance and audit queries, coordinating responses to internal and external audits. Work cross-functionally with Legal, People, IT, Retail, Sourcing, and Operations teams to gather evidence and deliver responses accurately and on time.
• Establish and manage the Data Protection Mailbox, clearing existing backlogs, setting up an efficient triage and escalation process, and tracking all activity for audit-readiness.
• Learn and document existing business processes from internal stakeholders, identifying gaps and opportunities for improvement. Translate these into practical, privacy-aligned procedures that are clear, repeatable, and easy to follow.
• Lead the delivery of key compliance activities, including Data Protection Impact Assessments (DPIAs), data subject access requests (DSARs), vendor and third-party reviews, and data mapping updates. Maintain records such as ROPA, asset registers, and audit trails to evidence compliance.

• A data protection and compliance specialist with hands-on experience implementing governance frameworks, not just managing them.
• Strong ability to operate independently and deliver at pace in a project environment with tight timelines.
• Experienced in interpreting regulatory requirements (e.g. GDPR, UK DPA, ICO) and translating them into real-world, operational processes.
• Skilled in documenting policies, responding to incidents, and managing subject access and vendor risk requests.
• Confident in working with senior stakeholders and cross-functional teams to define and implement compliance policies and procedures.
• A natural problem-solver with excellent communication and stakeholder engagement skills.
• Experienced in audits, data mapping, DPIAs, and tools that support compliance functions.
• Ideally familiar with data protection regulations in the UK, EU, and US.

• Competitive salary.
• Up to 65% employee discount.
• Access to exclusive sample sales.
• Aviva DigiCare+ wellbeing services.
• Medicash health support plan.
• Workplace pension contributions.
• Enhanced parental leave policies.
• Cycle to Work programme.
• Plus further workplace benefits.