Global Law Practice
Location: London (Hybrid)
Employment Type: Full-time
We are working with a leading international law practice to appoint an experienced Risk Specialist to join its established team.
This role supports the global management of risk across information governance, data protection, emerging technologies, and regulatory compliance. The successful candidate will contribute to strengthening governance frameworks while partnering with stakeholders across multiple jurisdictions.
The Role
Working within a collaborative global team, you will support oversight and management of risk relating to data, information security, and evolving regulatory requirements, including developments in AI and digital technologies.
Key responsibilities include:
* Supporting compliance with global data protection and privacy regulations, including conducting risk assessments and recommending mitigation measures
* Assisting with due diligence reviews relating to clients and third-party suppliers
* Supporting the management and escalation of cyber incidents and data-related events
* Contributing to Data Protection Impact Assessments (DPIAs) and maintenance of Records of Processing Activities (RoPA)
* Assisting with internal audits of the Information Security Management System (aligned to ISO 27001 standards)
* Collaborating on emerging technology and AI governance initiatives
* Supporting global phishing simulations and analysing outcomes to enhance risk awareness
* Coordinating responses to data subject rights requests in partnership with internal legal teams
* Acting as a point of contact for information governance best practice and information barrier guidance
* Supporting compliance with regulatory frameworks such as DORA and HIPAA in alignment with client obligations
* Working collaboratively to prioritise workload and maintain consistent global processes
About You
We are seeking a proactive, analytical professional with strong stakeholder engagement skills and a structured approach to risk management.
Required experience:
* 2–5 years’ experience in data protection, information governance, compliance, or technology risk roles
* Strong working knowledge of UK & EU GDPR, UK data protection legislation, and associated regulatory frameworks (e.g., DORA, EU AI regulation, HIPAA)
* Experience working within structured risk management frameworks to identify and mitigate risk
* Experience assessing and escalating data incidents, breaches, or compliance issues
* Exposure to ISO 27001, enterprise risk management (ERM), and governance structures
* Strong communication skills with the ability to engage stakeholders at all levels