FIXED CONTRACT: 1 year (with possibility to consolidate in long term employment)
OFFICE: London (Hybrid)
We’re seeking a Senior Specialist in Data Privacy.
Responsibilities
- Support business and internal firm services stakeholders in ensuring appropriate privacy terms are included in contractual arrangements with clients and vendors.
- Identify, assess, manage and report data privacy risk issues as part of the firm’s wider privacy risk management program, and work with stakeholder groups to address and mitigate any identified gaps.
- End to end management of Data Subject Requests (DSR’s), including:
- Processing client, employee, or third party DSR’s in accordance with firm policies and applicable laws and regulations and maintaining and updating related procedures.
- Tracking and logging of all DSR’s on the workflow system and ensuring DSR’s are completed within firm and regulatory timelines.
- Utilizing various firm systems and liaising with business stakeholders, including HR, in order to gather all relevant personal data.
- Reviewing and assessing personal data content, identifying and redacting privileged, confidential and non-personal data, and applying relevant GDPR and member state law and codes of practice, to ensure (where applicable) exemptions or redactions have been correctly applied, including working with external legal counsel when necessary.
- Assist in managing the response to privacy incidents, under the direction of the Data Protection Officer and in collaboration with the Global Privacy Team, technology, legal, and business stakeholders, and monitor and track resulting remediation action plans.
- Respond to data subject and third-party queries or complaints that come into the privacy team mailbox.
- Assist the Data Protection Officer in developing and delivering bespoke training and awareness initiatives.
- Assist the Data Protection Officer and the Global Privacy Team in assessing and managing requirements related to data localization and cross border transfers.
Requirements
- Working knowledge of the GDPR and the UK Data Protection Act 2018 required. Working knowledge of e-Privacy Directive and related legislation a plus.
- At least 2-3 years of proven experience in a legal or compliance function with privacy-related responsibilities.
- Current license to practice law in UK or another EU jurisdiction preferred.
- Experience in drafting and reviewing contractual arrangements and data processing addendums.
- Experience in tracking cross border data transfers and conducting transfer impact assessments a plus.
- Experience in managing and providing training and awareness initiatives a plus.
- Excellent teamwork and communication skills to represent diverse communities.
- Strong abilities in analytical thinking, problem solving, research, time management.
- Ability to communicate with employees at all levels of a global organization, with the ability to articulate technical or legal issues to a non-expert audience.
- Intermediate to advanced Microsoft Office skills including Word and excel. SharePoint experience a plus. Relativity or similar experience a plus.
- CIPM and/or CIPP/E certification preferred but not required. Knowledge of global privacy laws a plus
Kroll is committed to equal opportunity and diversity, and recruits people based on merit.
In order to be considered for a position, you must formally apply via careers.kroll.com.