AMS PSR

On behalf of UKRI, we are looking for a Data Protection Specialist (Inside IR35) for an 8 month contract. This is a hybrid working role (occasional travel to Swindon required).

UK Research and Innovation (UKRI) is the national funding agency investing in science and research in the UK.

UKRI invests £8 billion of taxpayers’ money each year into research and innovation and the people who make it happen. They work across a huge range of fields – from biodiversity conservation to quantum computing, and from space telescopes to innovative health care. They give everyone the opportunity to contribute and to benefit, bringing together people and organisations nationally and globally to create, develop and deploy new ideas and technologies.

Job Purpose:

The Information Governance Optimisation project is the first phase of a multi-workstream cluster of initiatives designed to:

• Strengthen UKRI’s information governance posture across the Group.
• Reduce risk exposure associated with poor data handling, compliance breaches, and information loss.
• Deliver a unified and consistent approach to information governance across UKRI, aligning policies, processes, and controls.
• Protect UKRI from significant financial, operational, and reputational harm arising from regulatory non-compliance or data incidents.
• Achieve compliance with UK Government standards and statutory obligations, including Data Protection Act 2018, UK GDPR, and Freedom of Information requirements.

The Info Gov Optimisation project comprises 4 discreet workstreams:

• Privacy and consent management
• Governance Automation
• Physical records reduction
• Electronic Documents and Records Management System

As a Data Protection Specialist, your main responsibilities will be:

• Data protection compliance framework – defined policies, standards, and controls to ensure alignment with UK GDPR, Data Protection Act 2018, and UK Government requirements.
• Data protection impact assessments (DPIAs) and risk outputs – completed or improved DPIA processes, templates, and assessments for high-risk processing activities.
• Privacy and consent management design – structured approach to consent capture, management, and auditability aligned to the project’s privacy workstream.
• Data handling and lifecycle standards – clear guidance on data classification, retention, minimisation, and secure disposal across physical and digital records.
• Breach management and response processes – defined procedures for identifying, reporting, and managing data breaches, including escalation and regulatory reporting.
• Integration with governance tooling (e.g. EDRMS, automation) – alignment of data protection requirements with systems and automation to ensure embedded, auditable compliance.

Essential:

• Expert knowledge of data protection law – strong understanding of UK GDPR, Data Protection Act 2018, and associated regulatory guidance to ensure compliant design and advice.
• Experience of data subject rights request handling, including the review of information, application of exceptions and redactions, and preparing responses.
• Privacy-by-design and risk assessment – ability to embed data protection into solutions, including conducting and reviewing DPIAs and identifying mitigation actions.
• Experience of data subject rights request handling, including the review of information, application of exceptions and redactions, and request preparation.
• Policy and standards development – capability to create clear, practical data protection policies, standards, and controls aligned to organisational needs.
• Data lifecycle and records management awareness – understanding of data classification, retention, minimisation, and disposal across physical and digital environments.
• Stakeholder engagement and advisory skills – ability to work with legal, technical, and business teams to provide clear, actionable data protection guidance.
• Incident and breach management expertise – skills in identifying, managing, and reporting data breaches, and improving organisational response processes.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident 

As a member of the Disability Confident Scheme, UKRI guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

Armed Forces Covenant / Commitment

UKRI guarantees to interview veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".