Join Our Team: Data Protection Lead at Sureserve

About Sureserve

Sureserve is a trusted partner for housing associations, local authorities, and residents, delivering high-quality compliance and energy services. Our focus on energy efficiency, safe and compliant homes, and enhanced quality of life makes us a leader in the industry. With nationwide reach, regional expertise, and a commitment to excellent service, we are well-positioned to support our clients now and in the future.

Role Overview

As Data Protection Lead, you will serve as the Group’s principal authority on data protection and privacy compliance. Reporting to the Head of Legal and based at our Holborn Head Office (minimum 3 days per week), you will shape, strengthen, and embed a robust data protection framework across our 13 operating subsidiaries and group functions.

You will lead a strategic programme to ensure compliance with the UK GDPR, Data Protection Act 2018, and related regulations, working closely with Privacy Champions, Data Owners, and IT colleagues to promote a culture of compliance, transparency, and accountability. This role combines leadership, advisory, and hands-on operational work, including managing the Group’s Record of Processing Activities (ROPA), Information Asset Register (IAR), and subject access response processes.

Key Responsibilities

• Lead the review and update of data protection policies, privacy notices, and cookie frameworks.
• Establish and maintain accurate ROPAs and a Group-wide IAR.
• Manage the DPIA lifecycle and embed privacy-by-design principles into business processes.
• Provide strategic and day-to-day advice on SARs, breaches, and data sharing agreements.
• Coordinate Group-wide data mapping and internal audits.
• Lead a network of Privacy Champions and drive ongoing training through Sureserve Academy.
• Investigate and report on personal data breaches, engaging with the ICO and affected individuals where appropriate.
• Ensure up-to-date and transparent data practices across the business.

Skills & Experience Required

• Significant experience in a data protection or privacy role within a multi-entity or regulated environment.
• Expert knowledge of UK GDPR, DPA 2018, PECR, and data sharing/international transfers.
• Strong understanding of privacy in IT infrastructure and vendor agreements.
• Experience updating non-compliant documentation and improving governance frameworks.
• Project management skills and excellent cross-functional communication.
• Relevant privacy certification (e.g., CIPP/E, CIPM, or BCS Practitioner in Data Protection).

Why Join Us?

• £55,000 - £60,000 negotiable, plus bonus and benefits, with hybrid working.
• An influential role with Group-wide visibility and executive engagement.
• Opportunities for career growth within a forward-thinking, compliance-led organisation.
• A values-driven, inclusive workplace committed to integrity, stewardship, and employee development.

Committed to Diversity & Inclusion

Sureserve is an equal opportunities employer, fostering a diverse and inclusive workplace. We are committed to fair employment practices, ensuring equal opportunities for all candidates, regardless of race, gender, religion, disability, or background.

Ready to Make an Impact?

If you have the experience, strategic mindset, and passion for privacy and compliance, apply today to help lead and evolve data protection practices at Sureserve.