Cyber Advisory BRS - Data Protection Senior Consultant
The role
We are seeking an experienced data privacy professional to join our growing Data Privacy practice at Senior Consultant or Assistant Manager level. You will support and lead client engagements covering GDPR, the Irish Data Protection Acts, ePrivacy, and adjacent regimes such as the EU AI Act, NIS2, DORA and DSA where they intersect with personal data.
Working alongside our Partners, Managers and our outsourced DPO team, you will help organisations across financial services, public sector, healthcare, life sciences and technology to operationalise privacy-by-design, respond to regulators, fulfil data subject rights, and embed continuous privacy compliance monitoring programmes
Key Responsibilities
For all levels:
Deliver GDPR and Data Protection Act compliance assessments, gap analyses and maturity reviews against recognised frameworks (e.g., ICO/DPC guidance, EDPB guidelines, ISO/IEC 27701, NIST Privacy Framework).
Design and operate Data Protection Impact Assessment (DPIA) methodologies, including supporting clients with high-risk processing reviews and remediation tracking.
Support the design and execution of Subject Access Request (SAR) / Data Subject Rights processes, including verification, scoping, data discovery, review and redaction, and secure delivery.
Lead and support Records of Processing Activities (RoPA) development, data mapping, and lawful basis analysis.
Draft and review privacy notices, consent mechanisms, data processing agreements (DPAs), Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs).
Support Personal Data Breach Management - triage, root-cause analysis, regulator (DPC) notification, and post-incident lessons learned.
Contribute to outsourced DPO and DPO-as-a-Service engagements, including privacy compliance monitoring programmes, training, governance committee reporting, and Board-level updates.
Map privacy obligations to adjacent regimes (NIS2, DORA, EU AI Act, DSA) and embed within client GRC operating models.
Contribute to internal methodology development, proposals, thought leadership and client presentations.
Additional Responsibilities at Assistant Manager Level
Manage day-to-day delivery of small/medium engagements; coordinate workstreams, budgets, timelines and quality of deliverables.
Act as primary day-to-day client contact, including liaison with DPOs, CISOs, Legal and Compliance functions.
Coach and review the work of Consultants and Senior Consultants; contribute to performance feedback.
Support business development through proposal authoring, fee modelling, and identification of cross-sell opportunities into Cyber, Risk Advisory and Forensics.
Represent the firm at industry events (IAPP, ACOI, ISACA Ireland) and contribute to GT Ireland's privacy thought leadership.
Skills & Experience
Bachelor's degree in Law, Information Systems, Cybersecurity, Business or related discipline.
Hands-on GDPR/DPA compliance experience gained in consulting, in-house DPO office, regulator, or law firm.
Working knowledge of DPIA methodologies, SAR fulfilment, RoPA, international data transfers (SCCs, TIAs, BCRs), and breach management.
Familiarity with adjacent EU regulation: ePrivacy, NIS2, DORA, EU AI Act, Digital Services Act.
One privacy certification, e.g., CIPP/E, CIPM, or CDPSE.
Excellent written communication, able to draft client-ready policies, DPIAs, board papers and regulator correspondence.
Assistant Manager (Desired Experiences)
All of the above, plus
Demonstrable experience leading multi-stream privacy programmes (e.g., outsourced DPO, group-wide GDPR remediation, BCR design, M&A privacy due diligence).
Two or more relevant certifications, e.g., CIPP/E + CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, CISM/CISSP (where privacy and security responsibilities overlap).
Desired Skills
Experience engaging directly with supervisory authorities on enquiries, complaints, audits or breach notifications.
Track record of mentoring junior staff and supporting proposal/BD activity.
Sector depth in one or more of: financial services, public sector, health/life sciences, technology/online platforms.
Experience with privacy technology platforms (OneTrust, BigID, TrustArc, Microsoft Purview).
Understanding of AI governance frameworks (ISO/IEC 42001, NIST AI RMF) and the EU AI Act's interaction with GDPR.
Knowledge of cross-border transfer mechanisms post-Schrems II and emerging EU-US Data Privacy Framework developments.
Experience supporting clients through DPC investigations or inquiries.
At GT Ireland we don't just predict your future, we build it.
What does this mean for you?
At Grant Thornton, we provide equitable opportunities for all our colleagues. We are a responsible, sustainable business where equity, diversity and inclusion (ED&I) is at the forefront of our workplace culture agenda, and today, we continue to build and develop on our existing ED&I structure and strategy to meet our workplace culture needs. People are at the heart of our business and teams built with varied individuals present diverse viewpoints, which need to be heard and valued.
We are all at our best when we are able to be ourselves and we view integrity and authenticity as integral values to bring to our day-to-day work-life at the firm. We are excited to see the personality and perspectives you will bring to our team because we know we will all benefit from them. Diversity of thought, background and experience enables better decision-making, improves the quality of our delivery, and helps us to meet the needs of our clients. Our firm is built on people and their ideas, so we want to hear all the new perspectives and fresh thinking you have to offer. You form the bedrock of our firm's best-practice principles and we will champion you as leaders from day one.
Reward and benefits
Our reward and benefits are designed to create an environment where our people can flourish. We are committed to building a culture where our people have access to the necessary benefits to help promote a healthy lifestyle and thrive.
Recognition
We want to create a culture of recognition and celebrating success, by saying thank you to people who surpass our expectations and recognising the right values and behaviours. Our Shout Out recognition scheme is our way of highlighting and promoting achievements. Whether you simply want to say thank you, celebrate a special occasion or give an award for doing something exceptional, you can do all of this and more through the scheme.