Data Protection & Third‑Party Risk Analyst
12‑month FTC | Hybrid | Birmingham - £45k - £55k
We’re recruiting a Data Protection–focused analyst to support PII usage, data sharing, and third‑party risk across a large, multi‑site organisation.
This is not a SOC or cyber tooling role.
The focus is how personal data is shared, used, minimised, and governed across SaaS platforms, IT vendors, and service providers.
What you’ll be doing
* Assess how PII is shared with SaaS providers and IT vendors
* Review and document data flows, purposes of processing, and data lifecycles
* Conduct third‑party data protection risk assessments and DPIA‑style reviews
* Maintain records of:
* Data categories
* Processing purposes
* Hosting locations
* Sub‑processors
* Retention and deletion
* Challenge unnecessary data collection and enforce data minimisation
* Track and close remediation actions with vendors and internal teams
* Support Procurement, Legal, IT, and the business with practical GDPR advice
* Maintain clear, audit‑ready documentation for GDPR and third‑party assurance
What we’re looking for
* 3+ years in Data Protection, Privacy, or Third‑Party Risk
* Strong, hands‑on experience with:
* Understanding PII usage
* Vendor / SaaS data sharing
* GDPR in practice (not theory)
* Comfortable challenging stakeholders on data usage
* Experience working with IT vendors, platforms, or outsourced services
* Able to balance risk, commercial reality, and compliance
Data Protection and Data Privacy-first role | Vendor & SaaS focused | Not a SOC work