Senior Risk & Resilience Consultant; Data Privacy Consultant

Description

We have an exciting, permanent opportunity for a Senior Risk & Resilience Consultant / Data Privacy Consultant to join any of our 11 UK offices (hybrid working/flexible) as we continue to grow following the Howden acquisition.

As an experienced Data Privacy Consultant, you will support a diverse portfolio of clients across multiple sectors in a fast‑paced consulting environment. The role involves both proactive privacy advisory work and reactive support for incidents such as data breaches and data subject rights requests (DSRs). This position suits someone who is calm under pressure, comfortable managing multiple priorities, and able to explain privacy risks and decisions clearly, concisely, and without jargon to business stakeholders at all levels.

• Support multiple client engagements simultaneously across a range of sectors in a busy consulting environment
• Proactively assess and improve clients’ data protection and privacy posture, including privacy gap analyses and audits; risk assessments and DPIAs, including for new technologies and data uses; and policy, procedure, and framework development
• Assess and advise on the privacy implications of processing personal data using AI and automated decision‑making technologies
• Conduct third‑party and supplier privacy assessments, including data processing due diligence and ongoing assurance
• Produce clear, well‑structured audit and assessment reports with practical, prioritised recommendations
• Provide calm, pragmatic advice during reactive scenarios, including data breaches and incident response; regulatory notifications and communications; and data subject rights requests (access, erasure, rectification, etc.)
• Deliver privacy education and training, tailored to different audiences and levels of knowledge
• Act as a trusted advisor, helping clients balance regulatory requirements with business objectives across differing regulatory and operational contexts
• Communicate effectively with operational teams, senior leaders, and non‑technical stakeholders, avoiding unnecessary jargon or alarmism
• Work collaboratively with legal, information security, and business teams to embed privacy into day‑to‑day operations
• Maintain awareness of relevant data protection laws, regulatory guidance, and best practices (e.g. GDPR, UK GDPR)

• Proven experience working in a busy, multi‑client environment supporting organisations across multiple sectors, either in consultancy or an equivalent in‑house role; with hands‑on experience delivering both proactive privacy advisory services and reactive support
• Ability to quickly understand different business models, risk profiles, and regulatory environments, and tailor privacy advice accordingly
• Practical experience handling data breaches and incident response and data subject rights requests
• Experience assessing AI and automated processing activities involving personal data, including understanding risk, transparency, and accountability considerations
• Demonstrated ability to conduct third‑party privacy risk assessments, including review of suppliers, processors, and data sharing arrangements
• Capability to produce high‑quality, structured written outputs, including audit and assessment reports
• Experience designing and delivering privacy training and awareness sessions
• Excellent communication skills, with the ability to translate privacy requirements into clear, concise business decisions and communicate effectively with technical and non‑technical audiences
• Broader business understanding, enabling pragmatic advice that aligns privacy compliance with operational and commercial realities
• Experience working across regulated and non‑regulated sectors (e.g. financial services, healthcare, technology, public sector, retail)

• Experience working closely with information security or cybersecurity teams (an advantage)
• Understanding of technical security controls and how they intersect with privacy and AI risk
• Professional certification such as Certified Data Protection Officer (DPO) or CIPP/M or other IAPP certifications

• Competitive discretionary annual bonus
• Core benefits paid for by BW…