Data Protection & Third-Party Risk Analyst

Data Protection & Third-Party Risk Analyst 12-month FTC | Hybrid | Birmingham - £45k - £55k We’re recruiting a Data Protection–focused analyst to support PII usage, data sharing, and third-party risk across a large, multi-site organisation.This is not a SOC or cyber tooling role, it's focussed on how personal data is shared, used, minimised, and governed across SaaS platforms, IT vendors, and service providers.What you’ll be doing Assess how PII is shared with SaaS providers and IT vendorsReview and document data flows, purposes of processing, and data lifecyclesConduct third-party data protection risk assessments and DPIA-style reviewsMaintain records of:Data categoriesProcessing purposesHosting locationsSub-processorsRetention and deletionChallenge unnecessary data collection and enforce data minimisationTrack and close remediation actions with vendors and internal teamsSupport Procurement, Legal, IT, and the business with practical GDPR adviceMaintain clear, audit-ready documentation for GDPR and third-party assurance What we’re looking for 3+ years in Data Protection, Privacy, or Third-Party RiskStrong, hands-on experience with:Understanding PII usageVendor / SaaS data sharingGDPR in practice (not theory)Comfortable challenging stakeholders on data usageExperience working with IT vendors, platforms, or outsourced servicesAble to balance risk, commercial reality, and complianceData Protection and Data Privacy-first role | Vendor & SaaS focused

If this could be suitable, please apply in the first instance