Data Privacy & 3rd Risk Analyst

Data Privacy & 3rd Risk Analyst FTC | Hybrid | Birmingham - £45k - £55k We’re recruiting a Data Privacy analyst who has experience mapping out data sharing, usage and processing, PII usage across a large and complex third‑party supplier landscape. Suitable candidates will be able to example where they have developed supplier audit processes, mapped out and reported on how personal customer and employee data is shared, used, minimised, and governed across SaaS platforms, IT vendors, and service providers. What you’ll be doing Assess how PII is shared with SaaS providers and IT vendors Review and document data flows, purposes of processing, and data lifecycles Conduct third‑party data protection risk assessments and DPIA‑style reviews Maintain records of: Data categories Processing purposes Hosting locations Sub‑processors Retention and deletion Challenge unnecessary data collection and enforce data minimisation Track and close remediation actions with vendors and internal teams Support Procurement, Legal, IT, and the business with practical GDPR advice Maintain clear, audit‑ready documentation for GDPR and third‑party assurance What we’re looking for 3+ years in Data Protection, Privacy, or Third‑Party Risk Strong, hands‑on experience with: Understanding PII usage Vendor / SaaS data sharing GDPR in practice (not theory) Comfortable challenging stakeholders on data usage Experience working with IT vendors, platforms, or outsourced services Able to balance risk, commercial reality, and compliance Data Protection and Data Privacy-first role | Vendor & SaaS focused If this could be suitable, please apply in the first instance