Job Description
Location: Melksham, Hybrid
Job Description:
We are seeking a motivated and detail-oriented consultant to join our Governance, Risk, and Compliance (GRC) team. This hybrid role centres on Data Protection, with additional responsibilities in Cyber Security to support a holistic approach to information governance.
You’ll play a key role in helping clients meet and maintain compliance with GDPR, ISO27001, SOC2 and other privacy and security related frameworks. You will support on advising data protection strategies, conducting risk assessments, reviewing and updates DPAs and BAAs, managing DPIAs, and supporting incident response processes that prioritise privacy outcomes. Alongside this, you’ll also contribute to our clients' security postures through audits, awareness training, and basic risk monitoring.
Reporting to the Security Manager, your work will directly support our clients’ ability to navigate evolving data protection laws while embedding practical, security-conscious compliance.
A day in the life:
* Monday morning we have the Periculo Pulse, a weekly brief on the industry, threats, and news that may help with your role
* Start your day by clearing customer queries or monitoring alerts from environments like Google Workspace and Office 365.
* Advise clients on lawful basis, data retention, international transfers, or privacy policies.
* Conduct DPIAs or review third-party processor agreements to flag risks or required controls.
* Tackle incidents such as data breaches or compliance gaps, assisting with documentation for audits (e.g., ISO27001).
* Stay updated with the latest in privacy law and cyber security trends to support your clients effectively.
* Work closely with the privacy and security teams of large enterprise and pharmaceutical customers to review, negotiate, and finalise Data Processing Agreements (DPAs) and Business Associate Agreements (BAAs).
* Represent Customers on calls and in meetings with customer legal, compliance, and information governance teams to align on regulatory and contractual data protection requirements.
* Filling out request for proposals for customers, enabling them to win work using security and data protection as a selling point
Key Duties:
* Data Protection: Lead DPIAs, analyse risks, and provide clear recommendations to reduce data-related harms. Support with ensuring relevant processing agreements and privacy collateral are suitable for use across different regions.
* Privacy & Compliance Monitoring: Ensure ongoing compliance with data protection regulations (e.g., GDPR, DPA 2018 and customer contracts), and support ISO27001-aligned processes.
* Client Engagement: Advise clients on data protection best practice and provide practical solutions for lawful, fair, and transparent data use.
* Policy & Document Support: Draft and maintain data protection policies, privacy notices, RoPAs, and other key governance artefacts.
* Vendor & Processor Management: Support due diligence of third-party processors and ensure contracts include appropriate data protection clauses.
* Training & Awareness: Help deliver privacy and cyber awareness training for client teams.
* Security Risk Oversight: Collaborate with the security team to identify cyber risks with data protection implications.
* Audit Support: Prepare documentation and assist in external/internal audits focusing on privacy controls and overall compliance posture.
* Reporting: Provide timely updates and dashboards on data protection maturity, risks, and corrective actions.
As a junior role, we are not expecting you to be able to operate all of the processes without help or learning, but you will have the capability to talk to customers, use non technical systems under the direction of the Security Manager.
If you are ready to make a significant impact and grow your expertise in data protection and cyber security, we want to hear from you!
Skills & Qualifications:
* A foundational understanding of data protection law (GDPR, DPA 2018, HIPAA).
* Knowledge of security standards including ISO27001 is advantageous.
* Strong problem-solving.
* Attention to detail.
* Excellent verbal and written communication.
* Client engagement and relationship building.
* Team collaboration.
* Effective time management.
* Multitasking ability.
* Proactive issue resolution.
* Work Environment:
* Hybrid working with 3 days per week in the Melksham office.
* Comfortable office environment with pool table, ping pong table and shower.
* Onsite gym & access to recovery suite including sauna and ice bath.
* Additional days leave for birthday.
* From time to time there might be a need to travel to customers' premises.