Salary Range: £60,000 - £80,000, dependent on experience Location: Central Oxford Contract: Permanent Hours: Full-time Reports to: Director, Legal Our Mission: The Ellison Institute of Technology (EIT) works to develop and deploy advanced technology in pursuit of solving some of humanity’s most challenging and enduring problems. Guided by world leaders, scientists, and entrepreneurs, EIT seeks to accelerate innovation by driving scientific and technological advancements across four humane endeavours: health and medical science, food security and sustainable agriculture, climate change and clean energy, and government innovation and era of artificial intelligence. EIT Oxford is a new interdisciplinary research and development facility that bridges The Oxford Science Park and Littlemore. Set for completion in 2027, the state-of-the-art facility will have 30,000m² of research laboratories, an oncology and preventative care clinic, plus educational and meeting spaces. The new facility will further EIT’s current partnership with the University of Oxford and become the new home for Ellison Scholars. Please visit eit.org for more details. At the Ellison Institute, we believe that an inclusive, collaborative team atmosphere is just as important to our mission as our scientific aims and methods. We strive to build a supportive environment where everyone feels confident taking creative risks toward innovation. We value emotional intelligence and communicating with empathy and respect for others. We foster a team that is curious, has a deep sense of commitment, responsibility, and the resilience needed to achieve excellence. The Data Protection Officer (DPO) plays a crucial role in safeguarding data privacy within our organisation. They are responsible for educating employees about data compliance, training staff involved in processing data, and conducting regular security audits. Additionally, they serve as the primary liaison between our company and relevant data protection authorities. Duties/Responsibilities: May include some or all of the following: You'll lead the establishment of robust data protection processes, including Data Protection Impact Assessments (DPIAs), Data Processing Agreements (DPA), and a comprehensive risk register. Conducting a thorough audit of our current data handling practices, you'll identify areas for improvement and develop benchmarks to ensure compliance with data protection regulations. To provide expert, strategic data protection, advice and leadership to ensure compliance with Data Protection legislation. Advising and informing the organisation and its employees of their obligations pursuant to current Data Protection legislation and on the appropriate disclosure of personal Information. To manage the investigation and response to personal data breaches and data security breaches in accordance with EIT policies. To develop and manage EIT’s processes for responding to access to information requests; taking steps as required to ensure that compliance adequately satisfies the requirements of the statutory code. To lead the development of policies, protocols, training and guidance in connection with Information Compliance issues. To manage Information Compliance related content on the EIT web site and internal intranet. To represent EIT as a member or leader of working groups, project teams, etc; regionally, nationally and within EIT to address Information compliance issues affecting EIT and its partners. Working closely with cross-functional teams, you'll create essential documentation, policies, and procedures to guide data protection practices across the organisation. As a subject matter expert, you'll provide guidance and training to employees on data protection best practices and ensure ongoing compliance with regulatory requirements. Provide practical advice to the business on a broad range of data protection related matters. Assess risk and ensure regulatory deadlines are met. Develop the Data Protection compliance monitoring programme for Data Protection across the Group, working collaboratively with the business. Ensure Privacy by Design requirements are met and privacy risks are managed. Lead, support and participate in working groups that promote privacy and provide ongoing support across the organisation. Deliver training and awareness of Data Protection across the Group. Develop existing Policy Documentation, Processes Notices and Procedures and related practical guidance. Keep up to date with the latest changes in applicable legislation, industry news and guidance. Any additional duties or tasks, as requested by leadership, commensurate with job role. Person Specification Essential Knowledge, Skills and Experience Knowledge of current/proposed UK privacy and data protection legislation (including the Data Protection Act, UK General Data Protection Regulation and Human Rights Act). Prior experience in data protection, privacy law, or information security is essential for this role. Demonstrated expertise in conducting DPIAs, developing DPAs, and maintaining a risk register. Practical experience operating within a Data Protection role, demonstrating the capacity to manage activities within both project lifecycle and departmental BAU compliance environments. Experience of translating Data Protection legislative requirements into pragmatic and practical advice. Must have worked in either a start-up or rapidly scaling business. IT literate with experience of working in a cloud-first company and using cloud-based applications. Expert knowledge of UK data protection law. Practical experience of two years or more in developing and implementing data protection related policies, processes and procedures as part of a privacy program. Experience in working collaboratively with project teams to ensure Privacy by Design and Default requirements are being met. Able to provide risk-based, considered and practical advice to the business on a broad range of Data Protection related matters. Ability to handle confidential information with integrity and impartiality. Comfortable working independently or as part of a team, including remote work capabilities. Experience in developing and leading data governance programmes or frameworks. Knowledge of data governance practices, business and technology issues related to management of enterprise information assets and approaches related to data protection. Strong analytical skills and attention to detail are crucial for conducting comprehensive audits and assessments. Excellent communication skills are essential for effectively collaborating with stakeholders and educating employees on data protection protocols. Proactive and flexible approach to working. Ability to work to deadlines. Hold a degree in law, information technology or a related field. Desirable Knowledge, Skills and Experience Flexible approach and ability to take account of new information, changed circumstances and business requirements then modify the response to a problem or situation accordingly. Excellent analytical and conceptual thinking skills. Ability to work under pressure in a busy and fast-paced environment. Able to independently research aspects of regulation and legislation. Terms of Appointment You must be eligible to work in the UK with a willingness to travel as necessary. You must be based in, or within easy commuting distance of, Oxford and be prepared to work on site a minimum of 4 days a week. During peak periods, some longer hours may be required and some working across multiple time zones due to the global nature of the programmes. Hours of work will generally be Monday to Friday, core hours 08:30-17:30 and will be office/site based. However, due to the nature of the role and organisation there may be times where flexibility is required during the evening and occasionally weekends. Please apply online providing a covering letter specifically highlighting how your existing skills and experiences support fulfilling the responsibilities of this role. #LI-PE# Powered by JazzHR
