Group Data Protection Officer and Head of Data Governance in Edinburgh

Edinburgh or Home based Position

The Group Data Protection Officer (DPO) and Head of Data Governance role has DPO accountability for all entities across the Nucleus Financial Group, as well as responsibility for the Group's Data Governance and Privacy strategy and will help guide the business to ensure we comply with the relevant regulations.

This leadership position requires an individual with strong DPO knowledge and proven experience of leading a business to develop its Data Protection and Governance control environment; ideally with experience of working with Material Outsourcers and an understanding of the risks that the use of AI introduces.

With extensive experience in financial services and a deep understanding of platform businesses like Nucleus, the role holder will be well-versed in the workings of key regulatory bodies such as the ICO, FCA, and PRA. The role will ensure the delivery of secure and resilient services that underpin efficient, customer-focused operations. This includes providing advice and guidance to the wider business, as well as monitoring and overseeing the Nucleus corporate estate.

Your responsibilities will encompass business partnering, impact assessment approvals, and change and transition management. With excellent stakeholder engagement skills, covering all levels from C-suite to our delivery partners, you will instil confidence in the service delivery model, ensuring that the Data Governance and Privacy strategy continues to align with the needs of a growing business.

You will lead a continuous improvement programme aimed at enhancing the maturity of Data Protection and Data Governance across the business, particularly in the adoption and support of business applications, office productivity solutions, and user devices.

Having extensive operational management experience, you will oversee the effective running of your department in a regulated environment, including managing workflows, capacity planning, budget adherence, and risk and control management. An established leader with strong people management and relationship skills; you will develop a high-performing, motivated, and engaged team to help achieve our business objectives. The team currently comprises of two Data Protection Officers and three Data Governance SMEs who will support you in the delivery of your responsibilities.

About Nucleus and the Function

Nucleus is one of the UK’s leading independent financial planning and retirement-focused platforms operating from offices in London, Bristol, Ipswich, Salisbury, Edinburgh and Glasgow. The business administers over £100bn of customer assets across Self-Invested Personal Pensions, Individual Savings Accounts, general investment accounts and other products for over 5,000 financial advisers and more than 250,000 underlying clients.

By harnessing Nucleus Wrap, James Hay, Curtis Banks, Talbot and Muir, Dunstan Thomas and Third Financial, we’re building the best retirement focused adviser platforms group in the UK. We’re now bringing all these businesses together to harness the strengths of each and build the best retirement-focused adviser platform for larger adviser firms in the UK.

Nucleus has ~1,200 employees and uses FNZ and Bravura as material outsourcers; consequently, the business has a range of both in-house and outsourced services and operations that this role will have oversight responsibility for.

Nucleus’s vision is to become the ‘best loved platform for advisors’ and the Architecture, Governance and Oversight function sits within Group Technology and plays a crucial role in helping us navigate a major transformation programme and a series of transitional states to achieve this; whilst in parallel ensuring that we continue to support the near-term business strategy within the constraints of our existing solutions and capabilities.

The Architecture, Governance and Oversight function are responsible for:

• Architecting scalable and innovative solutions, that support both the growth and efficiency of our business
• Setting standards and policy to protect our business and ensure regulatory compliance
• Ensuring Information & Cyber Security controls, both internally and across our suppliers, are sufficient and effective
• Providing oversight of Data Governance and with Data Protection Officer responsibility
• Defining expected standards for, and testing, our Operational Resilience across the business
• Informing material decisions and ensuring good governance and oversight both internally and across our suppliers
• Providing appropriate insight and reporting to the Leadership team and stakeholders including Board
• Supporting the CTO define and track progress against our strategy
• Continuously reviewing our risk profile and effectiveness of mitigating controls
• Working with our Finance business partner to ensure good control over expenditure, budget setting and driving efficiencies in our cost base.

Responsibilities

The key responsibilities for the role include:

1. Data Protection Officer (DPO) for the Group: Primary responsibility with precedence over all other responsibilities where conflicts arise:

• Act as the Group’s independent, regulated Data Protection Officer in accordance with UK GDPR and DPA 2018.
• Monitor and independently assess compliance with UK GDPR, DPA 2018, DUAA, PECR, and related regulatory obligations across the Group.
• Advise the Group Board, Executive, and senior management on data protection obligations, risks, and regulatory interpretation.
• Oversee and challenge the design and effectiveness of privacy controls, without owning or determining processing purposes or means.
• Provide independent oversight of DPIAs, high-risk processing, and data protection-by-design activities.
• Act as the primary point of contact for the ICO.
• Act as escalation point for data subjects and oversee the handling of Data Subject Rights and regulatory complaints.
• Report independently to senior management and, where required, the Board or relevant committee.
• Maintain freedom from instructions regarding the exercise of DPO duties and from conflicts of interest.
• Escalate material data protection risks where management action is insufficient.

1. Set Data Protection and Data Governance Policy, Standards and Strategy:

• Define and maintain Group-wide data protection and governance policies and standards, led from the DPO role and aligned to wider regulatory requirements.
• Set the standards that define how the Group protects personal data, confidential information, customers, and the organisation itself, and how regulatory compliance is achieved and evidenced.
• Define data governance policies and standards that support lawful, fair, transparent, and accountable processing across all Group entities.
• Stay informed on emerging regulatory developments, governance practices, and relevant technologies within data governance and financial services, and assess their potential impact on the Group’s risk profile and compliance posture.
• Review, challenge, and approve data-related strategies and initiatives to confirm alignment with data protection principles before implementation.
• Ensure data governance strategy and standards do not compromise DPO independence, nor result in ownership of processing purposes, means, or operational delivery decisions.

1. Lead continuous improvement of Data Governance practice across the Business:

• Define and oversee the Group Data Governance and Privacy strategy, ensuring alignment with organisational objectives while retaining entity-level accountability for delivery.
• Set the minimum data governance framework required to support compliance, risk management, and regulatory defensibility.
• Assess governance maturity and control effectiveness, directing required improvements to first‑line owners without assuming delivery ownership.
• Oversee relevant data governance change initiatives to ensure alignment with agreed standards, timelines, and risk appetite.
• Provide expert advice and challenge on data governance and data protection risks arising from business change and M&A activity.

1. Governance, Compliance and Risk Management:

• Define, monitor, and challenge the effectiveness of data protection and data governance controls across the Group and key suppliers.
• Provide clear, evidence‑based insight and reporting to senior leadership and the Board.
• Oversee service performance indicators relating to data protection and governance outcomes.

1. Team Leadership and Development:

• Build and lead a high‑performing data protection and data governance team.
• Foster a professional culture of independence, challenge, and accountability.
• Develop team capability and succession through coaching and mentoring.

1. Stakeholder Management:

• Provide advice and guidance: to Board, Executives, and Senior Leaders on all Data Protection and Data Governance matters.
• Ensure functional priorities are aligned with organisational objectives and clearly communicated across the business.
• Provide advisory input to change sponsors to support compliant initiation and design of change activity.

As part of working within Nucleus you will:

• Take responsibility in everything you do to deliver good outcomes for our customers.
• Positively demonstrate the Nucleus Smart, Heart and Courage values and behaviours.
• Ensure compliance with FCA Code of Conduct at all times.

Key Competencies (Knowledge, Skills and Behaviours)

Knowledge and Experience:

• Strong expertise in UK data protection and data governance legislation and practice.
• Experience setting and applying data governance and data protection policies.
• Experience operating within a regulated environment, preferably financial services.
• Sound understanding of technology and data processing within platform‑based financial services.
• Knowledge of third‑party data protection contractual requirements.

Skills and Behaviours:

• Independent judgement with the credibility to challenge senior stakeholders.
• Strong leadership and people management capability.
• Excellent stakeholder management and influencing skills.
• Strategic thinker with the ability to apply practical, proportionate solutions.
• Calm and resilient under pressure.
• Clear, effective written and verbal communicator.
• Collaborative team player who role‑models organisational values.
• Strong commitment to continuous learning and improvement.
• Competent user of MS Excel, Word, PowerPoint, and Teams.

Desirable:

• Knowledge of platform propositions, including WRAP Platforms and SIPPs.
• Professional certifications such as CIPP/E, CIPM, or equivalent.
• Degree or relevant professional qualification.

A little about us

Our purpose at Nucleus is to transform financial services and create better outcomes for our advisers and their clients. It is this purpose that drives everything we do. Whether you are working in a role that is client facing or not, you’ll need to be service obsessed to work here. It’s a fast paced and exciting environment, and one where we believe you will get the chance to fulfil your potential and do work that really matters, to you and our clients.

We believe in you having your own chunk of responsibility and being trusted to make things happen. Nucleus’ culture is something our people believe sets us apart from other places they’ve worked. We think big, know our stuff and move at pace, but always empowering others along the way and breaking new ground to find better ways of doing things. We know that sometimes the right choice is not the easy one, so empowering each other and celebrating others' successes, as well as our own, is part of what makes us Nucleus #WeAreNucleus

Inclusion and diversity at Nucleus

As with most things in life, who cares, wins. We really care about inclusion. For us this is not a box-ticking thing, it’s a commercial imperative. It isn’t about being PC. It’s about being future relevant and durable. Find out more on our inclusion page.

We’re proud to partner Stonewall and be a diversity champion for Scotland. This partnership demonstrates our ongoing commitment to diversity by providing an environment where everyone feels welcome, able to be their authentic self and do the best work of their life.

We offer a generous blend of benefits for the things that really matter to our people, including pension, bonus, enhanced parental leave, paid time off for emergencies, health and wellbeing initiatives and flexible working options.