Data Protection Consultant

Job Description 

Role Title: Data Protection Consultant 
Location: Remote
Salary: Up to £60,000  dependent on experience

Career Level:  Consultant 

We are looking for consultant who will primarily sit within the data protection function. Depending on the available projects, this individual may also be asked to work on Governance , Risk & Compliance (GRC) projects too.  

This is a mid-level role. You will be expected to operate mostly independently with guidance and oversight from a senior consultant. We are looking for individuals who have some experience in delivering and managing projects involving GDPR compliance, PECR compliance, and ISO 27001 certification. This role will be customer facing. Successful candidates will be highly professional individuals with exceptional communication and people skills.  

Responsibilities  

• Delivering key areas of data protection and GRC engagements. 
  

• Managing multiple client engagements on a day to day basis. 

• Assisting with the implementation of data protection frameworks aligned to legal requirements and standards, such as ISO 27701 and NIST Privacy Risk Assessment Methodology. 

• Assisting with managing and developing Information Security Management System (ISMS) and ISO 27001 projects. 

• Planning, organising and conducting gap analyses and audits. 

• Staying on top of the latest developments within data protection by attending training and conferences. 

• Gaining experience with the sales process to help respond to tenders and provide pre-sales support. 

• Quality assure junior consultant work as required, ensuring technical and written quality levels are met. 

• Provide input into the development of tmc3 data protection methodologies. 

• Suggesting ways to improve delivery output. 

• Develop and maintain industry awareness and best practices, relating to legislation & regulations, emerging threats, areas of operation and technology, surrounding Information Security and Data Protection; and participate in knowledge transfer activities.  
   

Competencies and qualifications

We are looking for experience in the following skills:

Essential

• Practical experience of maintaining or implementing a data protection framework. 
• 3+ years of professional experience and knowledge of relevant UK, European and global data protection laws and regulations, such as GDPR, PECR and UK DPA
• Experience in designing, managing, and implementing processes that follow industry best practices, such as PCI DSS, NIST, Cyber Essentials, NCSC Cyber Assessment Framework, CIS. Experience with either of the ISO 27001:2013 or ISO 27001:2022 families. 
• Any practical experience of managing or implementing a GDPR environment, including:
  • Data mapping
  • Record of processing activities
  • Privacy notices
  • Cookie management systems
  • Responding to data subject requests
  • Managing personal data breaches
  • Undertaking data protection impact assessments.
  • Any experience in conducting GDPR gap analyses or audits. 
• A willingness to join and observe sales calls to understand the sales process. 

• The ability to confidently present to strangers in the area of your expertise. 

• Analytical, decision making and problem solving skills. 
• Proficient in the use of IT systems, such as OneTrust, and applying data protection in a practical context.
• Hold or are eligible to obtain the following Security Clearances: 
• NPPV3 and SC 

Desirable

• Consulting experience in developing, maintaining or implementing data protection frameworks within a variety of client organisations (private and public sector).  
•  Any knowledge of international privacy law and experience implementing appropriate international safeguards.
  
• Experience as a Lead Auditor/Implementer for ISO 27001:2022. 
• Hold one or more of the following Professional Certifications: CIPP/E, CIPM, Practitioner Certificate in Data Protection (PDP or equivalent). 
• Any experience in sales. 
• The ability to accurately defend your knowledge and experience under scrutiny of clients and the ability to recognise when you need to go away and investigate something further. 
• Experience in preparing and delivering reports highlighting risks for senior management.

What can tmc3 offer you? 

Original, strategic and operational consulting that provides transformational outcomes to high-profile customers. 

The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise. Intelligent and interesting colleagues who will develop and challenge you. 

A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential. 

• A company nominated by the Financial Times as one of the fastest growing businesses within Europe, with opportunities for development and growth within the business. 

• Original, strategic and operational consulting that provides transformational outcomes to high-profile customers. 

• The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise. Intelligent and interesting colleagues who will develop and challenge you. 

• A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential. 

• Competitive Market Salary 

• Annual and referral bonus schemes 

• 25 days holiday (increasing after time) 

• Remote working  

• Flexible Working (around core office hours) 

• Company Pension 

• Dedicated training and development budget 

• Professional membership budget 

• Home Office equipment (for remote working employees) 

• Electric Vehicle Scheme 

• Life Insurance 

• Enhanced Maternity/Paternity 

• Employee discount and rewards platform 

• Vision Care 

• Regular team social events 

Follow us