Carlisle Support Services
Data Protection Officer & Compliance Manager

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Job Introduction
The Benefits
Health and Wellbeing Plans
- 23 days paid holiday increasing to 25 after 2 years
Discounts and Cashbacks
Paid Volunteering days
Employee Assistance Program
Refer a Friend Scheme
Cycle to Work Scheme
Bonus
The role
Carlisle Support Services is looking for a Data Protection Officer & Compliance Manager who will be responsible for leading the organisation's data protection, privacy, and compliance framework, ensuring compliance with UK GDPR, the Data Protection Act 2018, and other relevant regulatory obligations. Acting as the designated Data Protection Officer (DPO), the role provides expert advice and guidance across the business, drives a culture of compliance, manages data subject rights requests, and ensures robust governance processes are maintained.
Your core role will include but not be limited to the following activities:
- Act as the formally appointed Data Protection Officer for Carlisle Support Services, ensuring all statutory responsibilities under UK GDPR and the Data Protection Act 2018 are effectively discharged.
- Serve as the primary point of contact for the Information Commissioner's Office (ICO) and other regulatory bodies on all privacy and data protection matters.
- Provide independent and expert advice to the Executive Team, senior management, and operational stakeholders on data protection obligations, privacy risks, and compliance requirements.
- Promote and embed a culture of data privacy, accountability, and responsible data handling throughout the organisation.
- Maintain oversight of the organisation's privacy governance framework and ensure data protection considerations are incorporated into strategic business decisions.
- Develop, implement, review, and maintain GDPR policies, standards, procedures, and guidance documents.
- Monitor legislative developments and regulatory guidance, assessing organisational impacts and implementing required changes.
- Maintain the Record of Processing Activities (ROPA).
- Lead and coordinate Data Protection Impact Assessments (DPIAs).
- Take full ownership and accountability for all Subject Access Requests and data subject rights requests.
- Manage SARs internally wherever possible and within statutory timescales.
- Provide guidance to managers responding to privacy-related enquiries.
- Identify opportunities to streamline SAR processes and reduce external support costs.
- Monitor compliance and adherence to GDPR requirements across the business.
- Identify areas of non-compliance and support corrective actions.
- Produce an annual GDPR and Data Protection Report outlining risks, incidents, trends and areas of concern.
- Develop and present an annual Data Protection Strategy and Improvement Plan for the following 12 months.
- Report compliance performance and emerging risks to senior leadership.
- Lead investigations into data protection incidents, complaints, breaches and near misses.
- Assess incidents against regulatory reporting thresholds.
- Coordinate root cause analysis and corrective actions.
- Maintain the Data Breach Register.
- Review privacy risks and implement proportionate controls.
- Develop and deliver GDPR and data protection training programmes.
- Create awareness campaigns, guidance notes and supporting materials.
- Provide practical advice to operational teams.
- Build effective relationships with internal stakeholders, clients, suppliers, auditors and regulators.
- Support tenders, audits, questionnaires and due diligence activities.
- Partner with HR, IT, Operations, Commercial, Finance and Procurement teams.
- Provide subject matter expertise on data protection and compliance matters.
- Identify opportunities to improve compliance controls and governance processes.
- Benchmark practices against industry standards and best practice.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
The ideal candidate


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Essential
- Significant experience in Data Protection, Compliance, Risk or Governance.
- Strong knowledge of UK GDPR and Data Protection legislation.
- Experience acting as a DPO or leading data protection programmes.
- Proven experience managing Subject Access Requests.
- Excellent communication, report writing and stakeholder management skills.
- Ability to develop policies, procedures and compliance frameworks.
Desirable
- CIPP/E, CIPM, GDPR Practitioner or equivalent qualification.
- Experience within facilities management, security, cleaning or outsourced services.
- Experience liaising with the Information Commissioner's Office.
Successful candidates will be required to provide original documentation for detailed screening and vetting processes.
This could include the following: passport / driving licence / utility bill dated in the last 3 months / HMRC letter / original bank statement / original payslip / birth certificate / a valid share code.
About Us
Join a growing market-leading brand of support services to work with the UK’s largest brands such as Tottenham Hotspur Stadium, Jaguar Land Rover, Tesco, BBC StudioWorks, and many more.
Carlisle currently employees over 5,000 dedicated and enthusiastic staff members to deliver events, security cleaning, and retail facilities support services across the UK’s most renowned sites and critical infrastructure.
Apply today to find out more and embark on an exciting career journey filled with unrivalled recognition schemes and progression opportunities aimed at helping you achieve your true potential.
Equality, Diversity, and Inclusion
At Carlisle, we are committed to Equality, Diversity, and Inclusion in all areas of employment, recruitment and selection, training, development, and promotion.
In all situations people will be judged solely on merit or ability.
#priority
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location