Data Protection Assistant Director (L3) - Risk Management - CBS - Manchester

Data Protection Assistant Director (L3) - Risk Management - CBS - Manchester

Manchester Full-Time 80000 - 100000 £ / year (est.) No working from home possible
E

At a Glance

  • Tasks: Lead data protection initiatives and provide expert advice on complex privacy matters.
  • Company: Join Ernst & Young, a global leader in risk management and compliance.
  • Benefits: Competitive salary, flexible working, career development, and a diverse culture.
  • Other info: Collaborate with a high-performing team and enjoy continuous learning opportunities.
  • Why this job: Make a real impact on data protection while developing your skills in a dynamic environment.
  • Qualifications: 4+ years in data protection, strong knowledge of UK legislation, and a recognised privacy qualification.

The predicted salary is between 80000 - 100000 £ per year.

Location: Manchester

At Ernst & Young (EY), the Risk Management (RM) function plays a critical role in identifying, managing and mitigating risk across the business. RM supports the firm in upholding EY’s business standards, protecting its reputation and value, and ensuring compliance with all applicable legal, regulatory and professional obligations.

The UK Data Protection team supports the UK firm in complying with data protection and privacy legislation and regulatory requirements. This includes the development, implementation and ongoing maintenance of data protection policies, standards and procedures, the provision of advice on complex data protection matters, and the delivery of training and awareness to embed effective data protection practices across the business. The team also monitors and oversees the application of Global and local DP policies to ensure continued compliance.

This is an exciting opportunity to join the UK Data Protection team, supporting EY’s compliance with data protection and privacy legislation, including the UK General Data Protection Regulation (GDPR), Data Protection Act 2018, the Data (Use and Access) Act 2025 and Privacy and Electronic Communications Regulations.

As a Data Protection Manager, you will act as a senior advisor to the business, leading on complex and high‑risk privacy matters and providing clear, pragmatic, and commercially focused guidance. You will combine strong technical expertise with sound judgement to support decision‑making, manage risk effectively, and drive the consistent application of data protection practices across the firm. You will operate with a high degree of autonomy, taking ownership of key areas of data protection, leading delivery across multiple workstreams, and contributing to the ongoing development and improvement of EY’s privacy risk management framework.

Your Key Responsibilities

  • Advisory and Escalation: Act as a senior data protection advisor and escalation point, providing clear, risk‑based and commercially pragmatic advice on complex and high‑risk matters.
  • Frontline Compliance Oversight: Lead and oversee key data protection activities, including:
    • Data subject rights requests
    • Data incidents and breach investigations (including fact‑finding, containment and mitigation)
    • Privacy and Confidentiality Impact Assessments (PIAs)
    • Legitimate Interest Assessments (LIAs)
    • Compliance reviews and health checks
  • Risk Assessment and Challenge: Review and challenge risk assessments, ensuring appropriate controls, mitigations and governance frameworks are in place.
  • Framework, Policy and Embedding: Develop, implement and maintain data protection policies, procedures and training to embed compliant and practical privacy practices across the firm.
  • Delivery and Continuous Improvement: Own delivery across multiple workstreams, ensuring timely, high‑quality outcomes while driving continuous improvement in data protection processes.
  • Stakeholder Management and Influence: Build strong relationships across the business, influencing stakeholders at all levels and providing clear direction on data protection requirements.
  • Training and Awareness: Deliver training across the business and support embedding a strong privacy awareness culture for all personnel.
  • Leadership and Contribution: Lead and coordinate complex workstreams and contribute to wider Data Protection initiatives and strategic projects, including supporting the evolution of the firm’s privacy framework.

Behaviours, skills and attributes for success

  • Strong ability to plan, prioritise and manage multiple complex workstreams independently.
  • Excellent commercial acumen, with the ability to balance regulatory requirements and business objectives.
  • Strong analytical, problem‑solving and decision‑making capability, operating independently with sound judgement in complex or ambiguous situations.
  • Clear and authoritative communicator, able to influence and advise stakeholders at all levels, provide effective challenge, including delivering risk‑based messages to senior leadership.
  • Demonstrated ability to lead delivery across complex issues or projects, with accountability for outcomes.
  • Resilient and flexible, able to operate effectively in a fast‑paced and evolving environment, adapting quickly as priorities change.
  • Calm, professional, positive and resilient under pressure, with a pragmatic and solutions focused mindset.
  • Work collaboratively within a high‑performing team, contributing to wider team objectives and supporting colleagues where needed.
  • Maintain high levels of accuracy and attention to detail with a commitment to quality.

To qualify for the role, you must have

  • At least four years of relevant professional work experience in data protection, privacy, risk, compliance, legal or a related field.
  • Strong working knowledge of UK data protection and privacy legislation, and a risk‑based approach to compliance.
  • Experience handling complex data protection matters and stakeholder engagement.
  • A recognised privacy qualification (e.g. CIPP/E, CIPM, ISEB Certificate, PC.dp or equivalent).

Ideally, you will also have

  • Practical experience applying data protection law in a commercial or professional services environment.
  • Experience working within a regulated industry (e.g. Financial Services or Professional Services).

What working at EY offers

  • We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance.
  • Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well‑being, insurance, savings and a wide range of discounts, offers and promotions.
  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
  • Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.
E

Contact Details:

Ernst & Young Advisory Services Sdn Bhd Recruitment Team

We think you need these skills to ace Data Protection Assistant Director (L3) - Risk Management - CBS - Manchester

Data Protection Legislation Knowledge
Risk Management
Advisory Skills
Stakeholder Engagement
Privacy Impact Assessments (PIAs)
Legitimate Interest Assessments (LIAs)
Compliance Oversight