We are a young, innovative and expanding technology business, delivering mobility services and sustainability products through B2B business models (Car-pooling; Ride-pooling/ Shuttle; Sustainability planning and reporting). Our customer base is growing across Europe, our technology being ready to go global.

JOB OVERVIEW

We are currently looking for a Head of Privacy, Risk & Compliance and Data Protection Officer to ensure we comply with our regulatory, risk and data protection obligations across the Company. The role includes oversight of compliance monitoring, risk management, regulatory reporting, policy development, and new business reviews, providing expert advisory support to the business and clients.

REQUIREMENTS

• Proven experience leading a risk, privacy, and compliance function in a regulated environment.
• Significant Data Protection, Risk, and Compliance experience.
• Strong understanding of the ‘Three Lines of Defence’ model and regulatory frameworks.
• Experience in engaging with regulators, auditors, and compliance bodies at national and international levels.
• Strong leadership, people management, and change management skills.
• Excellent communication and stakeholder engagement skills, with the ability to influence senior management, IT, Information Security, and external regulatory bodies.
• Deep knowledge of UK GDPR, EU GDPR, and other relevant data protection and cybersecurity laws.
• Practical experience in compliance monitoring, internal audits, and risk assessments.
• Understanding of information security principles and collaboration with IT security teams on compliance and data governance.
• Ability to develop and oversee Data Protection Impact Assessments (DPIAs), privacy policies, and risk controls.
• Prior experience as a regulated DPO or senior compliance officer in a multinational organisation.
• Hands-on experience working with IT, Information Security, and Regional Audit & Compliance teams.
• Experience with ISO 27001, NIST, or other information security compliance frameworks.
• A current CIPP/E, CIPM, CDPO, or equivalent data privacy certification.

PRIVACY & DATA PROTECTION (DPO RESPONSIBILITIES)

• Act as the formal Data Protection Officer (DPO) for KJL, ensuring full compliance with UK GDPR, EU GDPR, and other relevant data protection laws.
• Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new projects, processes, and third-party engagements.
• Oversee data protection policies, procedures, and training to embed a culture of privacy by design.
• Serve as the primary point of contact for data protection regulators, handling regulatory inquiries, audits, and data breach reporting.
• Develop and oversee the data incident response framework, ensuring timely and effective breach management.