Privacy Officer

Two Circles is a global sports agency. We drive growth for sports properties by delivering deeper connections with fans, through the intelligent use of data and technology.

We work with some of the world’s biggest sports organisations – including the NFL, Premier League, Formula 1, AFL, Wimbledon and UEFA – and have been named Sport Industry Agency of the Year on more than four occasions.

We have a team of over 650 Two Circlers work from nine offices across the world (London, New York, Los Angeles, Kansas City, Miami, Paris, Bern, Cologne and Melbourne) servicing our expanding international client base.

Data is at the centre of our approach - helping clients to get a better understanding of their customers and deliver insights that influence top-level decision-making. From there, we develop digital products and integrate data and technology solutions that grow audiences and revenue across ticketing, participation, sponsorship and media.

JOB DESCRIPTION

As a Privacy Officer at Two Circles, you play a key role in monitoring and advising on our compliance with relevant regulations, advising our colleagues on keeping our systems and data safe from external and internal threats, completing DPIAs and maintaining our ROPA, responding to incidents as they occur and guiding our solution design and architecture in a Privacy by Design manner.

You are hands-on with our technology stack as required to proactively protect our data and that of our Clients, working closely with the client-facing teams as well as the Technology Operations and Legal teams to assure the work our Services & Product teams deliver by ensuring we have appropriate policies, procedures and controls that are kept up-to-date and are business enablers, not blockers.

Alongside suitably skilled colleagues, you help train and upskill your fellow Two Circlers on topics such as data protection and information security, as well as understanding and feeding into their processes and workflows to keep good practice on the agenda.

When you are not delivering against specific projects or contributing to effective data protection and information security activities, you'll also be an integral part of supporting the business through our GRC process, and leading and supporting our data protection champions in the business.

This role will be part of the Privacy capability and will report to the Head of Privacy. Your main duties & responsibilities:

1. Creating, reviewing and maintaining security policy, standards and procedures
2. Providing expertise in compliance frameworks, such as GDPR and ISO 27XXX
3. Coordinating internal and external audits for compliance frameworks
4. Conducting vendor and partner due diligence
5. Supporting internal stakeholders with assurance and audit questionnaires
6. Responding to and investigating information security threats and incidents
7. Day to day execution of data protection and information security tasks across multiple areas including DPIA and ROPA updates, third party security reviews, updating the risk register etc.
8. Monitor industry updates, technologies and best practices to improve and audit our IT Security/Article 32 GDPR compliance
9. Support the Technology team to keep information security infrastructure up to date with Privacy by Design principles
10. Increase the levels of understanding of IT Security with end users, leading to improved user interactions and overall experience with IT Security
11. Thinking of and implementing new ways to automate and improve security across the business
12. Protecting the data entrusted to us by our clients at all times

The ideal background and skills we are looking for include:

1. Understanding of UK GDPR, EU GDPR, and PECR
2. Experience with ISO 27XXX frameworks
3. Risk Management and governance
4. Understanding of technical implementations of data protection practices (DLP, backups, MS Purview, MS Endpoint Manager/Intune)
5. Tailoring advice through the lens of risk management to the particular audience
6. Understanding Security by Design and able to influence solution design decisions, e.g. zero Trust principles, least privilege RBAC, comprehensive logging, etc.

Experience with the following would also be beneficial:

1. International regulations and security frameworks (US State privacy laws, Australian Privacy Act, NIST, SOC2, etc)
2. Wider MS Azure security tooling and data warehousing configuration
3. AI Risk Frameworks (e.g. EU AI Act, NIST and the Framework Convention on Artificial Intelligence)
4. Tailoring advice through the lens of risk management and the particular audience
5. Experience of, or a keen interest in, the business of sport

Though these are the basics written down, we will principally be recruiting for energy, values and commitment – both to Two Circles and to your career.

Our recruitment process will be honest & thorough, and so will our roles. In return, we can offer honesty, integrity, and the chance to progress in the organisation as quickly as you develop within it.

Two Circles is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

We have a list of flexible benefits that we offer; as a taste:

• Hybrid working: we'd love for you to come into our office at least 2-3 days a week, especially during your onboarding
• Performance planning: potential to have a salary increase every 6 months and progress your career
• Discretionary company bonus
• Tickets to sporting events
• Renowned Team Days and events (this June, we went to Spain)
• Lunch on a Wednesday, breakfast and continuous supply of snacks
• Cycle to work scheme
• Learning and Development opportunities, including certification in certain areas