Data Protection Officer in London

MERITUS are recruiting for a Data Protection & AI Governance Business Partner to join a leading software organisation, supporting enterprise-wide privacy, compliance, and responsible AI initiatives across a diverse portfolio of technology products and services.

This role requires a CIPP/E-qualified Data Protection professional with 4-5 years' experience working within a software house, SaaS provider, or technology-led organisation in a similar Data Protection, Privacy, or AI Governance position.

As a Data Protection & AI Governance Business Partner, you will play a key role in operationalising privacy and AI governance frameworks, delivering expert advisory services, and supporting responsible innovation across the business. Working within a specialist compliance team, you will partner closely with Product, Engineering, Technology, Operations, HR, Legal, and Security teams to ensure privacy and AI governance requirements are embedded throughout the organisation.

This is an excellent opportunity for an experienced privacy professional with a strong background in GDPR compliance, supplier assurance, privacy impact assessments, and emerging AI governance practices within a software development environment.

• Lead supplier assurance reviews for AI systems and data protection matters, assessing contractual and technical controls and approving supplier assurance outcomes within delegated authority levels.
• Work with stakeholders across the business to identify and remediate gaps within Article 30 Records of Processing Activities (RoPA).
• Lead and facilitate Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), and AI Impact Assessments.
• Review privacy and AI risks, recommending practical mitigations and assessing readiness for implementation.
• Act as a trusted advisor to business stakeholders, providing pragmatic guidance on UK GDPR, Data Protection Act 2018, PECR, ISO 27701, AI governance principles, and internal compliance frameworks.
• Support the implementation and continuous improvement of privacy and AI governance controls across products, services, and business processes.
• Collaborate with Product, Engineering, and Technology teams to ensure privacy-by-design and responsible AI principles are embedded into solutions.
• Support compliance projects and governance initiatives as required by the Data Protection Officer and Head of Data Protection & AI Governance.
• Contribute to risk management activities, governance reporting, and wider compliance objectives.

• CIPP/E certification is essential.
• 4-5 years' experience working in a similar Data Protection, Privacy, or AI Governance role within a software house, SaaS provider, or technology organisation.
• Strong working knowledge of UK GDPR, Data Protection Act 2018, PECR, and privacy governance frameworks.
• Proven experience conducting DPIAs, LIAs, supplier due diligence reviews, and privacy risk assessments.
• Experience supporting privacy governance frameworks such as ISO 27701.
• Working knowledge of AI governance principles, responsible AI frameworks, and AI risk assessment methodologies.
• Strong stakeholder management skills with the ability to influence both technical and non-technical audiences.
• Demonstrable experience operationalising governance frameworks and driving compliance adoption across business functions.
• Strong analytical and problem-solving skills with a pragmatic approach to risk management.

• CIPM certification.
• CIPT qualification.
• Experience with AI/ML governance frameworks, NIST AI Risk Management Framework, or equivalent AI governance standards.

If you believe that you have the skills and experience for this Data Protection & AI Governance Business Partner opportunity, then please get in touch.