About Ashurst:

Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit www.ashurst.com

In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.

Department/Role overview:

This role will be focusing on developing our current Data Tech and Regulatory (DTR) Team and leading on DTR Team BAU work as well as supporting the Head of Data Tech and Regulatory with strategic initiatives. As this team sits within the Risk and Compliance function, you will also be helping to drive the Risk & Compliance objectives relating to Data and Tech to ensure compliance, enable and support the successful delivery of the firm's digital transformation and data strategy underpinning the 2027 business plan.

While based in the UK, this role is set in the context of a global international firm, with the aim to gain maturity in the Data and Tech space globally. A maturity which will serve to:

• better inform strengthen key activities of the Risk & Compliance Framework, and
• support design and delivery of key strategic projects (amongst others, Digitalisation, maturity of our data foundations and the Data Strategy).

The Risk & Compliance function is commercially minded and focuses on adding value to the business as well as the clients.

The successful candidate will work collaboratively across functions to ensure the continued delivery of strategic objectives.

Main responsibilities:

Supervision, management and coaching:

• Support and lead the Glasgow DTR team development, review and monitor team work to identify development needs.
• Assist all team members with queries, provide guidance on the resolution of difficult queries, spot-check analysis and debrief
• Manage priorities and meeting deadlines as well as provide clear direction to achieve outcomes
• Ensure the continued development of the team members with training, education and development sessions.
• Available outside of business hours to provide support when required

Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.

Policies, procedures and processes:

• Ensure the team conducts consistent review, gap analysis, remediation and changes of all the suite of data protection and privacy policies, procedures and processes as appropriate and on an annual basis at a minimum
• Review and actively promote refinements in the design of all policies, processes and controls which ensure compliance with data subjects rights (incl. technical improvements in the management of DSARs)
• Actively participate in the design of policies, controls and mechanisms in relation to data destruction and retention and classification
• Ensure full analysis of relevant data and technology related regulations (and reporting mechanisms therein) applicable, ensure pertinent adjustments in policies, procedures and processes relevant to the expansion
• Incidents response management
• Actively participate in the review and enhancements to our incidents, events and breaches management across the relevant functions globally. Working with Information Security and IT, ensuring that ISO standards are met for ISO27001 and leverage the work performed to contribute to achieving ISO31000 and 9100 certification

Modernising key processes:

• Regularly review and, where necessary, enhance the templates and management of DPIA, LIA or TIA and Privacy and Security by Design assessments to ensure timely reporting and controls across the firm
• Work with the relevant security, IT and architects team as well as within the Data Strategy workstream to refine our firm's mapping suite. Ensure alignment wherever appropriate with our ROPA, adequately and systematically testing the review and updates

Corporate governance compliance:

• Ensure compliance with the obligations set out in our Intra-Group Transfer Agreement which govern the flow of data across our global firm
• Advise and ensure compliance with data sovereignty and data residency requirements from our clients
• Advise on any changes to the geographical footprint of the firm and compliance with the Data, Tech and IS legal and regulatory obligations

Clients commitments, audits and firm's supply chain:

• Ensure that all input relating to data and tech are adequately inserted in clients commitments and RFPs
• Ensure that all input relating to supply chain obligations are complied with at onboarding, and in auditing activities
• Ensure client audits are successfully conducted and remediated in line with our obligations and the firm's strategic direction

Project work and cross-functional workstreams:

Data security: support all DTR Team's work with a data security nexus as directed by the Programme Team. Participate in all current projects (DLP, CASB, security extensions of Teams and Intapp Walls amongst others)

Data Management: work with the ASC team to test implementation of data management initiatives (e.g. consents) across our technology estate, geographical footprint and requirement as required.

Information and Data Governance: supporting the Head of DTR to work collaboratively across legal and business services teams to raise and devise or refine information and data governance plans to drive and embed a data culture across people, processes and tech

Data Strategy: supporting the Head of DTR to work collaboratively with stakeholders to provide input in the relevant workstreams, advising and informing the relevant key stakeholders as directed and working closely with the Data Program board

Data architecture: assist as required the relevant teams in new initiatives: new geographical offering, relocation to any systems design or programme governance, with the view to ensure agile implementation and sound execution

Digital transformation: supporting the Head of DTR in ensuring that any work under the Digital Transformation strategic projects benefits from this Team recommendations, review risk assessment to enable delivery and successful change management

Ashurst Advance and Ashurst Digital Ventures: supporting the Head of DTR in ensuring Data and Tech Reg support in our Ashurst Advance and Ashurst Digital Ventures offering and embedding privacy and security by design.

Training and raising awareness:

• Supporting the Head of DTR Team in seeking opportunities for regular and consistent engagement both within function and wider business:
• Raise awareness, champion and conduct meetings with partners and/or clients as well as other leaders in our business services functions in relation to Data & Tech regulatory requirements and their impact on the effective implementation and pursuit of our business strategy
• Raise awareness and educate on Data and Tech regulation, policy and procedure worldwide in a relevant and engaging manner: design, implement, improve and deliver training sessions to our wider business as required
• Develop and continually enhance a commercial understanding of the practice areas of the firm and relevant commercial strategy to assist in anticipating and devise mitigation plans of data and tech risk issues presented in compliance with regulations, clients requests and firm's risk posture

Essential skills and experience:

• At least 5PQE in data protection and some tech/IT legal experience in-house and/or within a law firm and experience of managing a small team
• Deep expertise in Data Privacy and corresponding information security issues faced by international global law firms and sound experience in dealing with these issues at all level of the organisation
• Expert understanding on the partnership model and the challenges faced by today's legal industry
• Ability to put an argument across in a clear, articulate way showing sound business acumen to the partnership, senior management or clients of the firm
• Discrete and professional in handling sensitive, confidential situations
• Strong interpersonal skills, able to liaise effectively at all levels across the firm and offices
• Commitment to supporting the team as a global function and ability to strengthen those connections globally
• Strong organisational and research skills, attention to detail and able to work well under pressure
• Ability to work efficiently, prioritise and meet deadlines
• Flexible and able to adapt quickly and positively to new situations

Education and requirements:

• UK/Overseas risk, data or legal qualification with strong relevant experience in Data, Tech or Information Security
• In depth knowledge of key rules influencing the governance of law firms: SRA rules, GDPR, PIPPa, CCPA/PR, including data protection laws impact on AML regulations; FCPA and Anti-Bribery Act UK; Tax transparency regulations; financial sanctions (US, EU, UK, Australia);
• Expertise in data compliance and governance framework
• Experience in data related enterprise risk and compliance issues