Business Security, Data Privacy Lead (Lawyer) – Senior Manager, Open to flexibility

London (Greater)
13 Sep 2018
13 Oct 2018
Contract Type

Business Security, Data Privacy Lead (Lawyer) – Senior Manager, Open to flexibility

Your opportunity

This is a fantastic opportunity for a results driven individual to join Deloitte Business Security (DBS) – a cross-disciplinary team that ensures the security, confidentiality and privacy requirements of the firm and our clients can be met, supporting the firm’s ability to win business and protecting our reputation. 

The firm’s Executive recognises that we need to be able to demonstrate a strong and effective commitment in these areas, and there is current and significant focus on GDPR.  The role holder will work closely with the Quality, Risk, Security and Legal teams, and with partners and staff across all service lines and industries.  

Your role

The responsibilities of the role are varied and challenging. The role holder will be responsible, in both the UK and Switzerland, for ensuring our compliance with privacy requirements, managing and driving improvements to our privacy compliance programme and advising on contractual requirements with clients.  

The position is for a privacy professional with the ability to lead a privacy function, and to manage diverse and complex data privacy issues in the UK and globally, liaising with and supporting the business and client service teams. This role acts as a bridge between the internal, business and legal functions of the firm to ensure compliance with appropriate privacy legislation.


  • Advise on all privacy matters relating to standard terms of business, Master Services Agreements, data processing agreements and general terms and conditions
  • Develop and maintain the firm’s privacy programme, planning, directing and organising  policy, standards, compliance, and evaluation activities related to privacy throughout the firm, to ensure compliance with relevant law and regulation
  • Advise and ensure that the firm is appropriately prepared for the forthcoming GDPR, e-privacy regulation and for what comes after BREXIT
  • Report as necessary to the appropriate executive group and senior stakeholders on privacy-related risks, incidents and concerns 
  • Support the firm’s Data Protection Officer (when appointed) on core aspects of their role and in particular matters relating to breaches, investigations and complaints
  • Manage, build and develop the privacy team (lawyers and risk professionals) to meet growing demand, with team members based in both London and Cardiff
  • Undertake  personal data breach investigations, assessment and notification as required, ensuring data protection complaints are managed and data subject rights responded  to (in consultation with DPO)
  • Liaise with other member firms on privacy matters and act as the UK firm’s representative on the Global Member Firms’ Privacy Group and North West Europe Privacy Group
  • Consult with teams across the firm regarding privacy issues and the integration of  privacy best practice
  • Maintain knowledge of applicable privacy laws, regulations, and standards, and assist with monitoring advancements in information privacy technologies
  • Ensure the appropriate international legal transfer mechanisms are maintained
  • Oversee the management of Subject Access Requests, and other compliance functions, such as Data Privacy Impact Assessments, Breach notifications, data policy and retention schedules and that fair processing notices are compliant with legislation 
  • Advise on privacy issues connected with mergers and acquisitions, and new business innovation
  • Work closely with appropriate teams to enhance governance, controls and documentation, and address findings
  • Assist in the development and facilitation of  privacy training and awareness programmes across the firm to improve employee awareness 

Your work, your choice

How long does impact take? How long is a piece of string? How many seconds does a solution contain? How can we possibly tell? After all, impact can be huge or small. Immediate or years in the making. At Deloitte we believe the best impact is the value we add, not the hours we sit at our desk.

We, therefore, carefully consider agile ways of working, both formal and informal, that allow for the best impact for our people and our clients. If the working pattern you are looking for is not specifically indicated below, we are happy to discuss alternative arrangements. 

Location: London

Suggested work pattern: Permanent full-time

Your professional experience

The ideal candidate will currently be working as a privacy specialist or Data Protection Officer/Lawyer, and will have:

  • Experience of Data Protection contract review and negotiation
  • Deep knowledge of UK and EU Data Protection legislation, in particular the General Data Protection Regulation (GDPR)
  • Experience of managing a team both locally and remotely i.e. London and Cardiff 
  • Compliance/legal/risk experience
  • Excellent communication, interpersonal and influencing skills
  • Sound judgement and an ability to evaluate risk
  • Ability to prioritise workload and balance multiple demands and stakeholders
  • High level understanding of technology and security issues impacting data privacy programmes
  • Problem solving, flexibility, initiative and ability to successfully multitask
  • Close attention to detail
  • Legal training and experience
  • Demonstrable relevant experience in privacy and data protection
  • Ability to quickly gain understanding of internal business processes
  • Evidence of having initiated and led change, as well as training and awareness
  • Experience of working with senior stakeholders 

Your service line 

Quality, Risk and Security

The Quality, Risk and Security (QRS) community is an overarching identity for all of the professionals who manage quality and risk for Deloitte. It comprises:  Deloitte Business Security (DBS), National Quality and Risk Management (NQRM), Quality & Risk Operations (QR Ops), and Service Line Quality and Risk Management teams (including Switzerland), and is led by a dedicated partner who sits on the firm’s Executive.

Within QRS, we use our skills and experience across a variety of disciplines to support a risk intelligent culture at Deloitte; enabling our partners and practitioners to deliver high quality services to their clients, minimising the administrative burden on our people, and acting as custodians of firm risk, security, ethics and reputation.

Our collaborative and innovative culture, multi-disciplinary approach and wide range of development opportunities makes QRS an exciting and fast-paced place to develop your career.

About Deloitte 

Our Purpose & Strategy

To make an impact that matters for our clients, our people and society - defines who we are and what we stand for. Our purpose provides the foundation for our strategy and our aspiration to be the undisputed leader in professional services: this is not about size, it's about being the first choice. The first choice for the largest and most influential clients, and the first choice for the best talent.

What do we do?

Deloitte offers global integrated professional services that include Audit & Assurance, Consulting, Financial Advisory, Risk Advisory and Tax Consulting. Our approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities whatever the role, technology revolutions and innovation from multiple disciplines to help our clients excel anywhere in the world.


Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and registered office at 2 New Street Square, London, EC4A 3BZ. Deloitte LLP is the United Kingdom affiliate of Deloitte NWE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. 


Requisition code: 156276

Similar jobs

Similar jobs