Senior Privacy Analyst

What you'll do:

• Ensure Kraken meets its privacy obligations by providing privacy expertise, implementing and maintaining data privacy and protection best practices and processes, anticipating future challenges and developing innovative solutions, harnessing automation where possible.
• Understand evolving needs from different territories and risk appetites and provide appropriate and authoritative advice to teams across the business.
• Engage effectively with both technical and non-technical stakeholders across the organisation, including key stakeholders such as Security, Legal, Procurement and Product & Engineering, driving change and adding value through mitigation of risk.
• Support the Privacy Lead with internal team support, discussing improvements to actively influence department-level work and demonstrating strategic thinking. 
• Lead a range of individual tasks and short-term projects with minimal feedback, taking ideas from concept to implementation, as well as leading on substantial, strategic Privacy projects.
• Define and document data handling policies, standards and procedures that meet global compliance regulations and internal standards.
• Support in the development and deployment of training programs for internal teams on global privacy regulations, industry best practices, and internal company policies.
• Lead response to data privacy incidents, investigations and reporting to supervisory authorities where necessary.
• Regularly update key stakeholders about the state of data privacy and protection on our platform, emerging risks, and strategies being taken to mitigate them.

What you'll have:

• Proven experience in the following domain-specific areas of expertise, helping to define and evolve data protection and privacy processes, mentor, and handle the most complex or sensitive interactions, for both processor and controller obligations.
• Working as a senior privacy analyst within a tech organisation that’s a data processor (e.g. a SaaS provider or software vendor), for a minimum of 3 years plus an additional background in privacy and data protection.
•  Data mapping and upholding ROPA requirements 
• Managing data retention; defining and implementing retention periods.
•  Managing data protection impact assessments, third party vendor, sub-processor risk management, transfer impact assessments
• Leadership of Data Privacy incident management processes, root cause analysis and remediation, and experience working with all levels of stakeholders in the remediation/communication of incidents
•  Working closely with technical teams, including Engineering, Development, Legal and Security. You’ll have experience in being able to grasp technical concepts from other teams so that privacy principles and regulations are applied appropriately,  delivering tangible and actionable expert privacy advice.
• Understanding of artificial intelligence, its use cases within the utilities markets and associated risks, as well as experience in leveraging its potential as an enabler when used responsibly.
• Risk identification and mitigation; management of a risk register.
• Implementing Privacy by Design and Privacy by Default into products.
• Translating complex technical privacy matters routinely to non-technical or non-privacy team stakeholders.
• Working knowledge of the majority of Articles of the EU GDPR and UK DPA.
• Staying up-to-date with the fast-moving landscape of data protection regulations and technologies, including international legislation that will impact our global clients.
• Knowledge management (including content creation, maintenance and delivery).

Soft Skills:

• Strong strategic influence, project ownership, team enablement, and stakeholder management
• Skills and ability to succeed under pressure
• A self-starter, taking the initiative to help drive the team’s initiatives forward
• Highly adaptable to new technologies; good understanding of cloud technology internet infrastructure and emerging technologies e.g. artificial intelligence
• Strong problem-solving and analytical capabilities to help identify areas for improvement
• Very well organised; able to meet deadlines under pressure and prioritise effectively
• Excellent verbal and written communication skills, particularly the ability to translate complex regulatory and technical requirements into actionable tasks for different departments
• Excellent attention to detail and record keeping

What will help:

• Privacy certifications such as CIPT, CIPP or CIPM
• Knowledge and practical application of local privacy laws beyond the UK and EU, i.e. those for within the USA and APAC
• Familiarity with utility sector regulations
• Law degree / legal experience