Compliance Manager － Privacy & AI Governance Lead in Abingdon

Function and Department: Compliance, Corporate Governance and Responsibility

Location: Milton Hill, Abingdon, UK

Position Summary:

We are seeking a highly experienced and strategic compliance professional to lead data privacy and artificial intelligence (AI) governance programs. This newly created role will strengthen our existing data privacy programs and will be responsible for ensuring compliance with the GDPR and similar data governance and privacy regimes in other applicable jurisdictions. In addition, this role, with input from other stakeholders, will develop and implement the procedures, governance program, and framework to ensure compliance with emerging AI regulations across our global operations. The ideal candidate will have extensive expertise in data privacy, information governance, and AI risk management, and will serve as a trusted adviser to senior leadership and cross-functional teams. This role will report to the Company’s Head of Corporate Compliance.

Key Responsibilities / What You'll Achieve

• Enhance existing processes and procedures to manage data privacy risks.
• Develop and implement policies and processes for Transfer Impact Assessments, Legitimate Interest Assessments, Article 30 records, data protection impact assessments (DPIAs), Fundamental Impact Risk Assessments (FRIA) and combined DPIA-FRIA risk assessments for high-risk use cases.
• Enhance and implement procedures for management of data subject access requests and ensure timely and accurate management of all such requests globally.
• Advise on data processing, international data transfers, and third-party risk management in the context of privacy and AI systems.
• Provide subject-matter expertise on applicable global data protection laws, the EU AI Act and other AI laws and stay abreast of AI governance frameworks and regulatory developments.
• Familiarity with security frameworks such as Network and Information Systems (NIS) directives, the National Institute of Standards and Technology (NIST) AI Risk Management Framework, ISO27001, and ISO42001 as they intersect with data privacy and AI governance and third-party vendor matters.
• Lead AI governance implementation across the organisation and its operations.
• Assess vendors for privacy safeguards, data minimisation, algorithmic transparency, AI safety controls and international data transfer risk including transfer impact assessments (TIAs), binding corporate rules (BCRs), and standard contractual clauses (SCCs).
• Negotiate DPAs, AI clauses, security addenda, and model/data use provisions.
• Deliver training and guidance to internal stakeholders on data privacy requirements and responsible AI best practices and governance.
• Collaborate with various global internal stakeholders and operational teams including legal, procurement, supply chain, and sales to ensure consistent and robust privacy and AI governance practices.

What will you gain from this role?

• The opportunity to use your expertise to help our businesses manage known and ever-changing privacy and AI governance risks across a dynamic company in a dynamic environment.
• Exposure across several key global groups and the opportunity to work with people from around the world, gaining an understanding of our commercial business as a whole.
• The ability to lead in this area of expertise and the responsibility to provide critical subject-matter expertise to assist our business leaders in growing our business while being faithful to our compliance obligations.
• The organization needs this support; your counsel and support will be valued and appreciated.
• The responsibility to help design and implement the correct policies and procedures to manage privacy and AI governance, taking our existing structure and making any necessary changes or modifications.
• The ability to use existing tools and work with emerging technologies and in particular AI to find better and more efficient ways to manage these risks.
• The opportunity to learn and grow. We believe there is no better way to learn than by doing, so from day one you will have the opportunity to make a real difference.
• The opportunity to build a stimulating, long-term career with an inclusive company that values everyone as an individual.

Skills & Qualifications

Essential:

• Deep expertise in data privacy and data governance matters.
• Demonstrated experience navigating and interpreting emerging AI regulatory landscapes, including practical application of AI ethics principles in business settings and ability to advise on interconnection between AI implementation and other laws, e.g. privacy, employment, health and safety at work etc.
• Proven track record in designing and implementing organization-wide privacy and AI training programs.
• Familiarity with privacy-enhancing technologies and technical safeguards for data protection within AI systems.
• Experience advising on cross-border data flows and managing relationships with data protection authorities or regulators.
• Ability to operate effectively in a fast-paced, matrixed, and multicultural global environment.
• Experience in a multinational corporate legal department or law firm.
• Strong interpersonal, communication and influencing skills, with the ability to explain complex issues in a straightforward manner and collaborate and engage effectively with all levels within the business.
• Strong analytical abilities, judgment, critical thinking and attention to detail.
• High degree of professional ethics, integrity, and gravitas.

Preferred:

• Qualified solicitor or barrister in the UK (or equivalent legal qualification) preferred, although non-attorneys with relevant experience will be considered.
• Commercially minded, financially aware, and solutions-oriented with a positive, “can-do” approach.
• Relevant certifications are highly desirable such as Certified Information Privacy Professional/Europe (CIPP/E), Certified Information Privacy Manager (CIPM), Fellow of Information Privacy (FIP), and Artificial Intelligence Governance Professional (AIGP).
• Motivated, assertive, pragmatic and persistent.
• Well-versed in how businesses operate, with financial acumen, strong commercial mindset, and a “can do”, “yes if” rather than “no because” approach.