Senior Risk & Resilience Consultant (Data Privacy Consultant)

We have an exciting, permanent opportunity for a Senior Risk & Resilience Consultant / Data Privacy Consultant to join any of our 11 UK offices (hybrid working/flexible) as we continue to grow following the Howden acquisition.

As an experienced Data Privacy Consultant, you'll support a diverse portfolio of clients across multiple sectors in a fast-paced consulting environment. The role involves both proactive privacy advisory work and reactive support for incidents such as data breaches and data subject rights requests (DSRs). This position suits someone who is calm under pressure, comfortable managing multiple priorities, and able to explain privacy risks and decisions clearly, concisely, and without jargon to business stakeholders at all levels.

A snapshot of your day:

•  Support multiple client engagements simultaneously across a range of sectors in a busy consulting environment
• Proactively assess and improve clients’ data protection and privacy posture, including Privacy gap analyses and audits; Risk assessments and DPIAs, including for new technologies and data uses; and Policy, procedure, and framework development
• Assess and advise on the privacy implications of processing personal data using AI and automated decision-making technologies
• Conduct third-party and supplier privacy assessments, including data processing due diligence and ongoing assurance
• Produce clear, well-structured audit and assessment reports with practical, prioritised recommendations
• Provide calm, pragmatic advice during reactive scenarios, including Data breaches and incident response; Regulatory notifications and communications; and Data subject rights requests (access, erasure, rectification, etc.)
• Deliver privacy education and training, tailored to different audiences and levels of knowledge
• Act as a trusted advisor, helping clients balance regulatory requirements with business objectives across differing regulatory and operational contexts
• Communicate effectively with operational teams, senior leaders, and non-technical stakeholders, avoiding unnecessary jargon or alarmism
• Work collaboratively with legal, information security, and business teams to embed privacy into day-to-day operations
•  Maintain awareness of relevant data protection laws, regulatory guidance, and best practices (e.g. GDPR, UK GDPR)
   

We would love to hear from you if you have:

• Proven experience working in a busy, multi-client environment supporting organisations across multiple sectors, either in consultancy or an equivalent in-house role; with hands-on experience delivering both proactive privacy advisory services and reactive support
• Ability to quickly understand different business models, risk profiles, and regulatory environments, and tailor privacy advice accordingly
• Practical experience handling data breaches and incident response and data subject rights requests
• Experience assessing AI and automated processing activities involving personal data, including understanding risk, transparency, and accountability considerations
• Demonstrated ability to conduct third-party privacy risk assessments, including review of suppliers, processors, and data sharing arrangements
• Capability to produce high-quality, structured written outputs, including audit and assessment reports
• Experience designing and delivering privacy training and awareness sessions
• Excellent communication skills, with the ability to translate privacy requirements into clear, concise business decisions and communicate effectively with technical and non-technical audiences
• Broader business understanding, enabling pragmatic advice that aligns privacy compliance with operational and commercial realities
• Experience working across regulated and non-regulated sectors (e.g. financial services, healthcare, technology, public sector, retail)

Desirable but not essential:

• Experience working closely with information security or cybersecurity teams (an advantage 
• Understanding of technical security controls and how they intersect with privacy and AI risk
• Professional certification such as Certified Data Protection Officer (DPO) or CIPP/M or other IAPP certifications

What's in it for you:

• Competitive discretionary annual bonus.
• Core benefits paid for by BW including life assurance, group income protection, private medical cover and 25 days holiday per year with holiday trading.
• A generous pension scheme where we contribute 8% of your salary from day one of your employment.
• Employee Assistance Programme to support you and your family through any concerns or challenges you may experience.
• A comprehensive range of voluntary benefits to suit you (and your family) including an electric car leasing scheme, tech scheme, cycle to work scheme, dental cover, healthcare cash plan, health assessments, critical illness cover, extension of private medical cover or life assurance to family members, Sports Allowance – we pay up to 50% of your gym/sports membership (up to £50 pm), travel insurance, paid volunteering, and a broad range of discounts at hundreds of retailers including supermarkets, fitness centres, travel and leisure companies.
• For a full list of benefits, please click here  

Happy to talk flexible working

Accessibility 

We are a Disability Confident Employer. If you reasonable adjustments could support you, or if you would like more information on accessibility, please click here   

Not quite the right opportunity for you this time? 

For more about us and other Careers at BW, please click here 

Follow Barnett Waddingham on LinkedIn  

We kindly ask recruitment agencies to not send speculative CVs. Should we need assistance, we will reach out. All enquiries should be directed to careers@barnett-waddingham.co.uk.