Data Risk Officer

Kennedys is looking to recruit an experienced and enthusiastic officer to join our Data Risk Team. This role will principally be responsible for supporting the Data Risk Teams global management of risk across the areas of information security, emerging technology and regulatory compliance.

Team

Kennedys Risk & Compliance team handles a wide range of partnership and risk and compliance issues for the firm and acts as an in-house legal department assisting with regulatory and professional conduct enquiries. Within this the Data Risk Team specialises in risk to data, privacy and information as well as compliance with associated regulations and best practise globally. This includes keeping abreast of new and emerging risks associated with ever developing technology such as AI.

Key responsibilities

  • Assist the Data Risk Team in ensuring the firms adherence to existing and new regulations around data protection and privacy, including risk assessments and providing recommendations to reduce the risk of personal data breaches.
  • Assist with internal queries or audits relating to due diligence work for both clients and suppliers.
  • Support with management of cyber incidents and other events.
  • Support with the completion of Data Protection Impact Assessments and Records of Processing Activities
  • Assist with the internal auditing of the ISMS in line with Kennedys global ISO 27001 certification.
  • Work with the Emerging Technology Risk Manager on AI and other emerging technology regulations and compliance.
  • Work with the Information Security Manager to run global phishing exercises, analyse results and provide recommendations.
  • Work with General Counsel by coordinating the sourcing of data for DSRR's.
  • Point of contact for Risk Operations for best practice and guidance relating to information barriers
  • Provide support in adherence to Client requirements aligning with regulatory requirements such as DORA & HIPAA
  • Work with colleagues to prioritise Data Risk Team work and ensure global processes are maintained.

Required Experience

  • Educated to a university degree level.
  • 2-5 years' experience in data protection, risk management, compliance or information governance roles
  • Working knowledge of UK and EU GDPR, UK Data Protection Act and associated regulations such as DORA, EUAI, HIPAA
  • Experience in working within a structured risk management framework to identify, assess, monitor and reduce risks.
  • Demonstrated ability to assess, investigate and escalate data incident or breaches and/or issues/risks.
  • Exposure to risk management frameworks such as ISO27001, ERM and understanding of governance structures.
  • Proven ability to positively engage stakeholders of all levels across an organisation/firm and flexible communication style
  • Experience in the professional services sector (desirable)

This is a developing role, and the job description is not exhaustive and may vary in line with changes in the team's objectives and firm policy.

Please let us know if you require any additional support or adjustments to be made in order to submit your application to Kennedys.

*where a level of experience is indicated, this is a guideline only and represents the amount of time we would usually expect a candidate to accumulate the requisite level of experience. This does not preclude applications from candidates with more or less experience.

Apply Now
Apply Now

Job Details

Company
Kennedys Law
Location
London, South East, England, United Kingdom
Employment Type
Full-Time
Salary
Competitive salary
Posted