Data Compliance Manager in Nottingham

About The Role

Contract type: Permanent

Hours: Full-time, 35 hours

Location: Head Office, Nottingham (Hybrid working, minimum 2 days per week)

Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying, please contact us.

At Nottingham Building Society, our talent acquisition approach is rooted in openness and inclusive hiring, so even if you don’t feel you tick every box, we’d still genuinely love to hear from you.

As our Data Compliance Manager, you’ll play a key role in shaping and safeguarding the way we manage data across the organisation. You’ll lead the development and delivery of our data protection and information governance strategies, ensuring we not only meet regulatory requirements but also champion best practice in handling sensitive business, customer, and colleague information.

Working closely with teams across the organisation, as well as senior leaders and external partners, you’ll build strong frameworks, strengthen governance processes, and help create a culture where awareness and accountability for data protection thrive. This is an exciting opportunity to make a meaningful impact, influence organisational standards, and support a diverse community of colleagues in managing data responsibly and confidently.

Here’s a taste of what you will be doing as a Data Compliance Manager at Nottingham Building Society:

• Policy & Governance Development: Create, implement and maintain data protection and information governance policies, controls, and standards aligned to laws, regulations, and best practice.
• Risk & Incident Management: Lead data breach risk assessments, mitigation planning, continuous monitoring and collaborate on breach, complaint and risk event handling within regulatory deadlines.
• Regulatory Compliance Oversight: Ensure adherence to UK GDPR, DPA 2018, PECR and relevant global frameworks such as CCPA, HIPAA, ISO 27001, NIST, PCI‑DSS and SOX.
• Audits & Assessments: Conduct data protection and information governance audits, gap analyses, and assessments to identify risks and improvement opportunities.
• Third‑Party Risk Management: Oversee vendor risk processes to ensure external partners meet data protection and governance requirements.
• Training & Awareness: Deliver regular training and awareness initiatives to strengthen organisational understanding of data protection and governance.
• Data Lifecycle & Classification Management: Develop and maintain data classification, privacy, and retention policies in partnership with second‑line Data Protection teams.
• Security & Privacy Operations Support: Support DLP, encryption, IAM implementation, and collaborate on PIAs and DPIAs to ensure privacy‑by-design.

About you:

• Data Protection Expertise: Strong experience in data protection and information governance, including DPIAs and framework/policy development.
• Regulatory Knowledge: Solid understanding of UK and global data protection requirements and industry best practices.
• Technical & GRC Skills: Background in information security, GRC, risk management and working with frameworks such as ISO 27001, NIST, CIS and COBIT.
• Communication Skills: Ability to explain complex technical concepts clearly to non‑technical stakeholders.
• Stakeholder Influence: Proven experience influencing and engaging stakeholders at all levels, including senior leadership.
• Third‑Party Management: Experience conducting vendor due diligence and appropriateness assessments.
• Leadership & Collaboration: Strong leadership skills with experience working cross‑functionally and building relationships at all levels.

Reward & Benefits:

Competitive Package: Fair salary benchmarked against market data, annual discretionary bonus, and 29 days holiday plus.