Data Protection Audit Specialist

a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; }
As a Data Protection Audit Specialist, you will play a key role in strengthening our global privacy and compliance posture across GEDU and its entities that process personal data under the UK GDPR and EU GDPR.
In this role, you will lead and support internal data protection audits, partner closely with IT, Cybersecurity, Legal, and operational teams, and help build a privacy environment that is transparent, secure, and audit-ready. Your work will directly contribute to identifying risks, closing compliance gaps, and ensuring our global operations meet regulatory expectations with confidence.
Key Responsibilities Compliance Monitoring- Monitor and support GDPR compliance efforts across all global entities.
- Help maintain the global data protection governance framework.
- Review departmental processes to ensure personal data is processed lawfully, fairly, and transparently.
- Plan and conduct GDPR compliance audits across business units, systems, and regions.
- Develop and maintain structured audit programs, checklists, and evidence frameworks.
- Assess compliance with key GDPR principles, including:
- Lawfulness and lawful basis
- Purpose limitation and data minimisation
- Retention and secure deletion
- Data subject rights and response processes
- Produce clear, actionable audit reports focusing on:
- Identified gaps
- Associated risk levels
- Remediation recommendations
- Track mitigation and corrective actions with stakeholders through closure.
- Work closely with IT and Cybersecurity teams to assess technical and organisational measures required under GDPR (Article 32).
- Review controls related to:
- Access management
- Encryption and key management
- System logging, monitoring, and backup practices
- Security of cloud platforms and SaaS applications
- Participate in system reviews, change assessments, and security audits involving personal data.
- Maintain a global Data Protection Impact Assessment (DPIA) register, ensuring risks, mitigations, and ownership are clearly documented.
- Maintain and periodically verify the Record of Processing Activities (ROPA) across all global entities, collaborating with process owners and system experts.
- Support IT and Cybersecurity teams in incident investigations and post-incident assessments.
- Ensure documentation and evidence trails are complete and audit-ready.
- Feed insights from incidents into improved controls, training initiatives, and business processes.
- Support the assessment of vendor security and privacy posture in collaboration with IT and Procurement teams.
- Ensure Data Processing Agreements (DPAs) and third-party safeguards meet GDPR requirements and expectations.
- Bachelor's degree in Information Security, Compliance, Information Technology, or a related field.
- Minimum 5 years of experience in data protection, privacy audits, internal audits, or compliance governance.
- Strong understanding of UK GDPR, EU GDPR, and related global data protection frameworks.
- Experience collaborating with IT teams on security reviews and control assessments.
- Excellent analytical, documentation, and reporting skills.
- Ability to interpret complex technical and regulatory requirements and translate them into practical business solutions.
You'll be redirected to
the company's application page