At a Glance
- Tasks: Ensure GDPR compliance and data protection across our systems and processes.
- Company: Join Mitchells & Butlers, a leader in the hospitality industry with over 1,600 venues.
- Benefits: Enjoy flexible hours, 33% discount at all brands, and comprehensive health benefits.
- Other info: Hybrid role based in Birmingham with excellent career growth opportunities.
- Why this job: Make a real impact on data protection while working in a dynamic, inclusive environment.
- Qualifications: 3+ years in GRC or data protection; strong analytical and communication skills required.
The predicted salary is between 35000 - 45000 £ per year.
We have an exciting opportunity for a GRC Analysts – Data Protection & GDPR Compliance to join our award‑winning Business Change and Technology (BC&T) team on a 12‑month Fixed Term Contract. You will be based in Birmingham City Centre, working in a hybrid role. Reporting to the IT Licensing & Compliance Manager, these roles support Mitchells & Butlers’ governance, risk, and compliance (GRC) activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation.
This specialism focuses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, proportionately, and in line with regulatory and organisational requirements.
You will be well rewarded:
- 35 hours per week, Monday to Friday, with flexibility around personal commitments.
- 33% discount across all M&B brands and hotels.
- A pension that pays, with contributions matched at 1.5x, up to 5%.
- Private healthcare, dental plan, cycle‑to‑work, and keep‑fit schemes.
- 26 days annual leave plus bank holidays.
Key responsibilities include:
- Reviewing how personal data is used across M&B systems, business processes, and technology solutions.
- Assessing and documenting PII risks, gaps, and recommended actions in line with GDPR, the UK Data Protection Act, and M&B risk management processes.
- Ensuring data minimisation principles are applied by identifying unnecessary collection, processing, or retention of personal data.
- Constructively challenging business teams where personal data processing is excessive or insufficiently justified.
- Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs.
- Maintaining visibility of personal data usage, including data classification, sensitivity, and lifecycle controls.
- Providing clear, pragmatic risk assessments and guidance to business stakeholders on personal data processing.
Governance, Risk & Compliance:
- Support the review, development, and rollout of information security and data protection policies.
- Contribute to the management of information security, third‑party, and privacy risk registers.
- Produce compliance reports, dashboards, and metrics for management and senior stakeholders.
- Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits.
- Support control reviews, evidence gathering, and policy adoption across the organisation.
- Maintain clear, accurate, and auditable compliance documentation.
Security & Privacy Operations:
- Track remediation of identified security, privacy, and compliance issues to ensure timely closure.
- Support incident and breach response activities, including investigation, documentation, and follow‑up actions.
- Review and document business, data, and supplier processes to support governance, risk, and compliance activities.
- Provide clear, auditable documentation to evidence risk decisions, approvals, and outcomes.
What you’ll need to bring:
- Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements.
- Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role.
- Ability to interpret and assess technical and organisational controls.
- Strong analytical skills with excellent attention to detail.
- Confident written and verbal communication skills, able to engage across legal, technical, and operational teams.
- Experience contributing to incident or breach investigations.
- Ability to manage multiple competing priorities and constructively challenge established processes.
Qualifications:
- Minimum 3 years’ experience in a relevant role.
- CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection desirable.
What makes Mitchells & Butlers a great place to work? At M&B, a career isn’t just about clocking in. We care about our people and value every contribution from a diverse workforce that reflects our guests and communities. By fostering a culture of inclusion, respect, and collaboration, we create an environment where colleagues can thrive and deliver great guest experiences.
At M&B we value the unique perspectives each person brings. We believe that by fostering a culture of inclusion, respect, and allyship, we create a sense of belonging, engagement and teamwork which are essential to delivering great guest experiences. Join us and be a part of a great team.
Closing date: Monday 25th May 2026 11:59pm
IT in Birmingham employer: Mitchells & Butlers
Mitchells & Butlers is an exceptional employer, offering a supportive and inclusive work culture that prioritises employee well-being and growth. With flexible working arrangements, comprehensive benefits including private healthcare and generous discounts across our extensive portfolio of pubs and restaurants, we empower our GRC Analysts to thrive in their roles while contributing to our commitment to data protection and compliance. Join us in Birmingham City Centre and be part of a team that values your unique contributions and fosters a sense of belonging.
StudySmarter Expert Advice🤫
We think this is how you could land IT in Birmingham
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend events, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Understand their values and how they align with your own. This will help you tailor your responses and show that you're genuinely interested in being part of their team.
✨Tip Number 3
Practice makes perfect! Do mock interviews with friends or use online resources to get comfortable with common questions. The more you practice, the more confident you'll feel when it’s time to shine.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, we love seeing candidates who are proactive about their job search.
We think you need these skills to ace IT in Birmingham
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the GRC Analyst role. Highlight your experience with GDPR and data protection, and don’t forget to mention any relevant qualifications. We want to see how your skills match what we’re looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re passionate about data protection and how your background makes you a great fit for our team. Keep it engaging and personal – we love to see your personality come through.
Showcase Your Analytical Skills:Since this role requires strong analytical skills, be sure to include examples of how you've used these in past roles. Whether it’s assessing risks or documenting compliance, we want to know how you tackle challenges head-on!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets to us quickly and efficiently. Plus, you’ll find all the details you need about the role right there!
How to prepare for a job interview at Mitchells & Butlers
✨Know Your GDPR Inside Out
Make sure you brush up on your knowledge of GDPR and the UK Data Protection Act. Be prepared to discuss how these regulations apply to real-world scenarios, especially in relation to data processing and compliance. This will show that you’re not just familiar with the theory but can also apply it practically.
✨Showcase Your Analytical Skills
As a GRC Analyst, strong analytical skills are crucial. Prepare examples from your past experience where you identified risks or gaps in data protection processes. Highlight how you approached these issues and what actions you recommended, demonstrating your attention to detail and problem-solving abilities.
✨Communicate Clearly and Confidently
You’ll need to engage with various teams, so practice articulating complex information in a clear and concise manner. Think about how you can explain technical concepts to non-technical stakeholders. This will showcase your communication skills and ability to bridge gaps between legal, technical, and operational teams.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions during the interview. Think about potential data breaches or compliance challenges and how you would handle them. This will help you demonstrate your critical thinking and decision-making skills, which are essential for the role.
