GDPR Business Analyst (3M FTC)

The Function The Risk function operates within Triple Point’s wider Governance, Risk and Compliance (GRC) team and is part of the Second Line of Defence. Its role is to provide independent oversight and challenge across the business, ensuring that risks are properly identified, assessed, and managed. The function is central to protecting the firm’s integrity and ensuring adherence to the high standards set by the Financial Conduct Authority (FCA). The Team By joining the Risk function, you will become part of a collaborative and professional GRC team that plays an essential role in supporting the firm’s success. Your contributions will directly influence how the business manages risk, while providing you with broad exposure to the firm’s operations. This is an opportunity to strengthen Triple Point’s control environment and to play a meaningful role in sustaining the company’s long-term resilience and reputation. Purpose of the Role The GDPR Business Analyst will lead the review of Triple Point’s GDPR and Data Management programme to ensure a robust compliance framework, aligned to regulatory expectations and operational risk appetite, strengthening data governance, accountability, and resilience across the business. This is a fixed-term contract reporting to the Risk Director (2LOD) and working closely with Compliance, Digital & Technology, Legal, People, and Client Operations functions. Key Responsibilities GDPR & Data Governance Framework • Lead the design, coordination, and implementation of an enhanced GDPR and Data Management plan. • Responsible for developing a comprehensive GDPR policy suite, including Data Protection Policy and Procedures, Data Retention and Erasure Policy, Privacy Notices, and Data Breach Response and Reporting Procedures. • Re-assess the firm’s approach to Record of Processing Activities (ROPA) and update the Data Location Register to ensure completeness and accountability. • Review and enhance the framework for Data Privacy Impact Assessments (DPIA) and ensure alignment with operational processes and systems. Governance, Oversight and Reporting • Support the establishment of a GDPR Working Group, with clear ownership and accountability mapped across 1LOD and 2LOD functions. • Design and implement reporting mechanisms to the Risk Committee and ManCom, ensuring transparent oversight of progress, issues, and residual risks. • Review documented roles, responsibilities, and decision rights for GDPR governance, including escalation routes and assurance checkpoints. Stakeholder Engagement & Change Management • Facilitate structured engagement with key stakeholders to ensure activities are embedded and understood across the business. • Coordinate input from subject matter experts, legal advisors, and external assurance providers to validate outputs and milestones. • Support the Group Risk & Compliance function in formalising compliance oversight and accountability mechanisms. Compliance Monitoring & Continuous Improvement • Support the Compliance function in redefining the GDPR compliance monitoring, aligned to 2LOD assurance activity and the Risk Management Framework. • Design and document metrics and KPIs to track effectiveness of data protection controls and risk mitigation actions. • Develop a regulatory horizon scanning process for emerging data protection legislation, including the Data (Use & Access) Act 2025, to ensure proactive compliance adaptation. Documentation & Delivery • Produce high-quality documentation, process maps, and records to evidence compliance improvements. • Ensure all proposed actions are tracked to completion, with clear audit trails and supporting artefacts. Knowledge & Experience • Minimum 5 years’ experience in business analysis, within financial services or regulated environments (essential) • Proven experience in data protection and GDPR compliance projects, including policy development, ROPA creation, and governance design (essential) • Familiarity with data governance frameworks, privacy impact assessments, and third-party data processor oversight (essential) • Knowledge of UK GDPR, Data Protection Act 2018, and Data (Use & Access) Act 2025 (essential) • Experience coordinating cross-functional projects and presenting progress to senior management or committees (preferred) • Experience engaging with external auditors, legal counsel, or regulators (preferred) Qualities and Competencies • Structured, methodical, and process-driven approach to analysis and problem-solving • Excellent interpersonal and communication skills with the ability to engage senior stakeholders • High attention to detail with strong documentation and analytical capabilities • Ability to work independently and drive progress within tight timeframes • Strong commitment to professional standards, integrity, and continuous improvement • Adaptability to evolving priorities in a dynamic, multi-stakeholder environment • Comfortable working under Risk and Compliance oversight within a 2LOD framework Why Join Us • Join a forward-thinking, innovative company that’s shaping the future. • Play a key role in developing and implementing our GDPR framework and policies. • Collaborate with a talented, driven team in a connected, supportive environment. Our Values at Triple Point High performance at Triple Point means living our values at the top of your game. We don’t just list them we embed them into how we work, connect, and grow together. Our five values • Stay Curious – Always explore, learn, and challenge the status quo. • Be Generous – Share time, ideas, and support freely. • Take Thoughtful Action – Act with intention and integrity. • Pull Together – Succeed as one team, always. • Own It – Take responsibility and deliver with pride. You can read more about how our values drive a high-performance culture on our website.