Data Protection Officer

About Us  

Jean Edwards Consulting is a specialist technology consultancy serving the global reinsurance and insurance markets. We help clients modernise their operations through AI-driven solutions, contract automation tools, and expert-led project delivery. With a global team spread across five offices, we help clients transform their operations and drive long-term efficiency. We are looking for a Data Protection Officer to oversee the organization’s data protection, privacy, and regulatory compliance programs. 

Our headquarters are in Brighton, UK with additional offices in Switzerland, the US, Latvia, Nigeria, and South Africa. We work with a diverse portfolio of international clients across the financial services sector, with a strong focus on insurance, reinsurance, and the Lloyd’s market. 

The Role 
 
We are seeking an experienced, and highly knowledgeable Data Protection Officer (DPO) to oversee the organization’s data protection, privacy, and regulatory compliance programs. The ideal candidate will possess strong expertise in European data privacy laws (especially GDPR), global data protection frameworks, compliance management, regulatory research, policy development, reporting, risk assessment, and governance documentation.

The Data Protection Officer will be responsible for ensuring that the organization processes personal data in compliance with applicable laws, industry standards, and internal governance frameworks while promoting a strong culture of privacy and accountability across the organization. 

Key Responsibilities

1. Data Protection & Privacy Compliance
•    Serve as the organization’s subject matter expert on data protection, privacy, and information governance matters. 
•    Ensure compliance with applicable privacy and data protection laws, including but not limited to: General Data Protection Regulation (GDPR), UK GDPR, ePrivacy Regulations, Data Protection Act requirements, International privacy and cross-border data transfer regulations. 
•    Monitor organizational compliance with privacy obligations, internal controls, and regulatory requirements. 
•    Advise management and business units on legal and operational privacy obligations. 

2. Governance, Frameworks & Policy Management
•    Develop, implement, and continuously improve the organization’s Data Protection Framework, Privacy Governance Framework, and compliance controls. 
•    Create, review, and maintain Data Protection Policies

3. Regulatory Research & Legal Monitoring
•    Conduct ongoing research and analysis of evolving privacy laws, regulations, regulatory guidance, and enforcement trends across Europe and other jurisdictions. 
•    Translate regulatory updates into actionable organizational policies, procedures, and operational recommendations. 
•    Provide legal and compliance insights regarding emerging risks, privacy developments, and best practices. 

4. Risk Assessment & Data Protection Impact Assessments
•    Lead and manage Data Protection Impact Assessments (DPIAs) and privacy risk assessments. 
•    Identify privacy risks associated with products, technologies, systems, vendors, and operational activities. 
•    Recommend remediation strategies and risk mitigation measures. 
•    Support security, legal, and technology teams in privacy risk management activities. 

5. Documentation & Records Management
•    Maintain accurate and up-to-date privacy compliance documentation. 
•    Manage and oversee: Compliance registers, DPIA documentation, Breach registers, Data inventory records, Audit trails, Regulatory evidence files 
•    Ensure documentation readiness for audits, regulatory reviews, and compliance reporting. 

6. Reporting, Audits & Monitoring
•    Develop regular privacy and compliance reports for executive leadership, management committees, and regulatory purposes. 
•    Monitor privacy compliance KPIs, metrics, and internal controls. 
•    Support internal and external audits related to privacy, security, and data governance. 
•    Prepare audit responses, compliance evidence, and regulatory submissions where required.  

7. Stakeholder Engagement & Advisory
•    Act as the primary contact point for privacy and data protection matters internally and externally. 
•    Liaise with regulators, supervisory authorities, legal counsel, auditors, vendors, and business stakeholders. 
•    Provide practical privacy guidance to operational, technology, HR, legal, and commercial teams. 

8. Training & Awareness
•    Design and deliver organization-wide privacy awareness programs and training initiatives. 
•    Promote a culture of data protection compliance and responsible data handling practices. 
•    Develop educational materials, compliance guidance documents, and awareness campaigns.

Experience Requirements
•    3+ years of experience in data protection, privacy compliance, regulatory compliance, legal compliance, governance, or risk management roles. 
•    Demonstrated experience implementing and managing privacy compliance programs. 
•    Experience conducting: DPIAs, Compliance reviews, Privacy audits, Regulatory research, and Governance reporting. 
•    Experience working with multinational, technology, legal, consulting, financial services, healthcare, or data-driven organizations is desirable.
•    Strong organisational and strategic thinking skills, with the ability to manage competing priorities. 
•    Ability to work independently and represent the company confidently at client sites. 
•     Knowledge of GDPR, European privacy regulations, and global privacy standards 
•    Strong analytical, research, and legal interpretation skills 
•    Excellent policy writing, documentation, and reporting abilities 
•    Strong stakeholder management and advisory capability 
•    High attention to detail and organizational skills 
•    Risk assessment and compliance monitoring expertise 
•    Excellent written and verbal communication skills 
•    Ability to interpret complex regulatory requirements and translate them into operational controls 
•    Strong ethical judgment, confidentiality, and professional integrity.
 
What to expect in the hiring process
•    A preliminary phone call with the recruiter
•    A technical interview with the Hiring Manager AND/OR
•    A behavioural and technical interview with a member of the Management Team.