Data Protection Senior Associate L2 - Risk Management - Manchester

At Ernst & Young (EY), the Risk Management (RM) function plays a critical role in identifying, managing and mitigating risk across the business. RM supports the firm in upholding EY’s business standards, protecting its reputation and value, and ensuring compliance with all applicable legal, regulatory and professional obligations.

The UK Data Protection team supports the UK firm in complying with data protection and privacy legislation and regulatory requirements. This includes the development, implementation and ongoing maintenance of data protection policies, standards and procedures, the provision of advice on complex data protection matters, and the delivery of training and awareness to embed effective data protection practices across the business. The team also monitors and oversees the application of Global and local policies to ensure continued compliance.

This is an exciting opportunity to join the UK Data Protection team, supporting EY’s compliance with data protection and privacy legislation, including UK General Data Protection Regulation (GDPR) and Data Protection Act 2018. The role is suited to an experienced compliance or risk professional who operates with a high degree of independence, accountability and excellent commercial judgement.

Your Key Responsibilities:

• Acting as a first point of contact for the business on data protection queries, providing clear, pragmatic advice and balancing regulatory requirements with commercial realities.
• Independently manage data subject rights requests determining appropriate actions and escalating only where necessary.
• Lead investigations into data incidents and breaches, taking ownership of fact finding, containment and mitigation activity, and coordinating with stakeholders to drive timely resolution.
• Lead and coordinate the review of Privacy and Confidentiality Impact Assessments (PIAs) for EY products, applications, tools, technologies and suppliers, providing risk‑based assessment, challenge and guidance to product owners on required controls and mitigations.
• Draft, review and update internal data protection policies, procedures and training materials, ensuring they are practical, current and aligned to regulatory expectations.
• Manage personal workload and competing priorities autonomously, ensuring work queues are progressed efficiently and service standards are met without day to day direction.
• Proactively identify opportunities to improve and streamline data protection processes, taking responsibility for driving enhancements rather than simply supporting them.
• Support wider Data Protection initiatives and projects, contributing expertise and leadership as required, with minimal supervision from Managers or the Data Protection Officer.

Behaviours, skills and attributes for success:

• Operate with confidence and independence, progressing work and making informed decisions without needing detailed instruction.
• Demonstrate an “ownership” mindset — seeing issues through from identification to resolution.
• Provide credible challenge and clear messaging to senior stakeholders, including delivery of difficult or risk based advice.
• Remain resilient and effective in a fast paced, ambiguous environment, adapting quickly as priorities change.
• Strong ability to plan, prioritise and execute work independently, managing complexity with minimal oversight.
• Excellent judgement and problem solving skills, with the confidence to take responsibility of decisions.
• Clear, authoritative communicator, able to influence and advise stakeholders at all levels of the firm.
• Calm, professional, positive and resilient under pressure, with a pragmatic and solutions focused mindset.
• Maintain high levels of accuracy and attention to detail.
• Work collaboratively within a high‑performing team, contributing to wider team objectives and supporting colleagues where needed.

To qualify for the role you must have:

• At least two years of professional work experience in a relevant role (e.g., complaints handling, incidents management, quality control/assurance, risk management, legal, or compliance related role).
• An interest to understand UK data protection and privacy legislation and risk‑based approach to compliance.

While full training will be provided, ideally, you’ll also have one of the following:

• Familiarity and practical experience with the application of data protection law and/or policies.
• Experience working in Financial / Professional services or a regulated environment.
• Certified courses or qualifications in data protection / privacy e.g., CIPP/E.

What working at EY offers:

• We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance.
• Our comprehensive Total Rewards package includes support for flexible working and career development.
• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements.