Description

Key Responsibilities

• Act as NatCen’s Data Protection Officer (DPO), ensuring compliance with the General Data Protection Regulation (GDPR), Data Protection Act, and other relevant privacy laws.
• Develop and maintain the organisation’s data protection policies, procedures, and frameworks.
• Ensure compliance with ethical research guidelines (e.g., ESRC Framework for Research Ethics, ICO research exemptions, and confidentiality obligations).
• Provide expert guidance on the collection, storage, processing, and sharing of highly sensitive respondent data.
• Conduct Data Protection Impact Assessments (DPIAs) for research projects involving personal or sensitive data, ensuring that risks to participants are mitigated.
• Develop governance frameworks for handling new and emerging data sources, such as social media scraping, biometric data, or real-time behavioural analytics.
• Address ethical concerns around AI-powered survey tools, ensuring that data is collected transparently, securely, and with full informed consent.
• Oversee compliance with international data-sharing agreements, ensuring secure transfers across jurisdictions while complying with GDPR, UK Data Protection Act, and data sovereignty laws.
• Ensure that research involving international partnerships adheres to differing privacy laws (e.g., EU GDPR, US HIPAA, India’s DPDP Act, China’s PIPL) and ethical guidelines.
• Serve as the main point of contact for data protection authorities and oversee responses to regulatory inquiries or audits.
• Lead the management of data subject access requests (DSARs) and other individual rights under GDPR.
• Conduct data protection impact assessments (DPIAs) and advise on privacy risks associated with new projects or systems.
• Provide expert advice and training to staff on data protection responsibilities and best practices.
• Monitor and report on personal data breaches, ensuring regulatory reporting obligations are met.

• Develop, implement, and manage an effective compliance management framework aligned with relevant laws, industry standards, and best practices.
• Ensure the organisation adheres to all applicable regulatory requirements.
• Act as the main point of contact for regulatory bodies, ensuring smooth communication and cooperation.
• Conduct regular compliance risk assessments, identifying gaps and implementing mitigation strategies.
• Lead internal and external compliance audits, ensuring findings are addressed in a timely manner.
• Oversee whistleblowing and ethical compliance procedures to ensure a culture of integrity and transparency.
• Develop and deliver training programs to raise awareness of compliance obligations across the organisation.

• Provide strategic leadership in information security governance, ensuring that IT systems, data, and assets are protected.
• Oversee the Information Security team, ensuring the implementation of policies aligned with recognised frameworks (e.g., ISO 27001, NIST, CIS).
• Ensure compliance with Cybersecurity & IT risk management frameworks, addressing security vulnerabilities proactively.
• Oversee the management of security incidents, including investigations, root cause analysis, and remediation.
• Ensure alignment between information security, data protection, and regulatory compliance strategies.
• Develop a crisis response plan for handling ethical controversies, data breaches, or participant complaints, including proactive risk communication strategies.
• Engage with senior stakeholders to ensure business continuity and incident response planning are robust.

• Lead and develop the enterprise risk management framework, ensuring proactive identification, assessment, and mitigation of risks.
• Report regularly to the Leadership Team and Risk and Audit Committees on compliance and security matters.
• Develop policies and procedures to ensure ongoing compliance with corporate governance standards.
• Provide expert guidance on legal and regulatory risks impacting the organisation’s strategic objectives.
• Oversee the integration of compliance and risk frameworks into business operations.

Skills, Knowledge and Expertise

• Demonstrable experience in compliance, data protection, or information security, in a leadership role.
• Deep expertise in GDPR, UK Data Protection Act, and other global privacy regulations.
• Strong knowledge of industry compliance standards, including ISO 27001, or other relevant frameworks.
• Proven experience in managing regulatory relationships and handling investigations or audits.
• Strong understanding of cybersecurity principles and risk management in an enterprise environment.
• Experience in leading teams, mentoring staff, and managing organisational change.

• Professional certifications such as CIPP/E, CIPM, CISSP, CISM, ISO 27001 Lead Implementer, ICA Compliance, or similar.
• Working in a data intensive organisations with a large stakeholder base.

• Leadership & Strategic Thinking:Ability to drive compliance strategy and influence senior leadership.
• Regulatory Expertise:Strong understanding of legal and regulatory landscapes.
• Risk Management Acumen:Ability to identify and mitigate organisational risks effectively.
• Communication & Stakeholder Engagement:Skilled in engaging with regulators, trustee board, leadership team, and teams at all levels.
• Technical Understanding:Knowledge of information security, cybersecurity frameworks, and digital risk.
• Problem-Solving & Decision-Making:Ability to navigate complex compliance challenges with a pragmatic approach.

Benefits

• 25 days holiday (plus bank holidays) rising to 30 days holiday after three years’ service
• An excellent defined contribution pension scheme with NatCen contributing 7.5% of your salary
• Extensive flexible working arrangements, including part-time and remote working, suiting people at different stages in their life and career
• Personal and professional development
• Enhanced maternity, paternity and adoption pay
• Discount packages with a range of retailers, e.g. shopping, utilities and leisure
• Cycle to Work scheme
• Season Ticket Loan
• Free eye tests
• Health Cash Plan
• Payment of one professional subscription
• Group Life Assurance paying up to 5 x the annual salary to nominated beneficiaries in the event of death in service