
The role
We are seeking an experienced data privacy professional to join our growing Data Privacy practice at Senior Consultant or Assistant Manager level. You will support and lead client engagements covering GDPR, the Irish Data Protection Acts, ePrivacy, and adjacent regimes such as the EU AI Act, NIS2, DORA and DSA where they intersect with personal data.
Working alongside our Partners, Managers and our outsourced DPO team, you will help organisations across financial services, public sector, healthcare, life sciences and technology to operationalise privacy-by-design, respond to regulators, fulfil data subject rights, and embed continuous privacy compliance monitoring programmes
Key Responsibilities
For all levels:
Deliver GDPR and Data Protection Act compliance assessments, gap analyses and maturity reviews against recognised frameworks (e.g., ICO/DPC guidance, EDPB guidelines, ISO/IEC 27701, NIST Privacy Framework).
Design and operate Data Protection Impact Assessment (DPIA) methodologies, including supporting clients with high-risk processing reviews and remediation tracking.
Support the design and execution of Subject Access Request (SAR) / Data Subject Rights processes, including verification, scoping, data discovery, review and redaction, and secure delivery.
Lead and support Records of Processing Activities (RoPA) development, data mapping, and lawful basis analysis.
Draft and review privacy notices, consent mechanisms, data processing agreements (DPAs), Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs).
Support Personal Data Breach Management — triage, root-cause analysis, regulator (DPC) notification, and post-incident lessons learned.
Contribute to outsourced DPO and DPO-as-a-Service engagements, including privacy compliance monitoring programmes, training, governance committee reporting, and Board-level updates.
Map privacy obligations to adjacent regimes (NIS2, DORA, EU AI Act, DSA) and embed within client GRC operating models.
Contribute to internal methodology development, proposals, thought leadership and client presentations.
Additional Responsibilities at Assistant Manager Level
Manage day-to-day delivery of small/medium engagements; coordinate workstreams, budgets, timelines and quality of deliverables.
Act as primary day-to-day client contact, including liaison with DPOs, CISOs, Legal and Compliance functions.
Coach and review the work of Consultants and Senior Consultants; contribute to performance feedback.
Support business development through proposal authoring, fee modelling, and identification of cross-sell opportunities into Cyber, Risk Advisory and Forensics.
Represent the firm at industry events (IAPP, ACOI, ISACA Ireland) and contribute to GT Ireland's privacy thought leadership.
Skills & Experience
Bachelor's degree in Law, Information Systems, Cybersecurity, Business or related discipline.
Hands-on GDPR/DPA compliance experience gained in consulting, in-house DPO office, regulator, or law firm.
Working knowledge of DPIA methodologies, SAR fulfilment, RoPA, international data transfers (SCCs, TIAs, BCRs), and breach management.
Familiarity with adjacent EU regulation: ePrivacy, NIS2, DORA, EU AI Act, Digital Services Act.
One privacy certification, e.g., CIPP/E, CIPM, or CDPSE.
Excellent written communication, able to draft client-ready policies, DPIAs, board papers and regulator correspondence.
Assistant Manager (Desired Experiences)
All of the above, plus
Demonstrable experience leading multi-stream privacy programmes (e.g., outsourced DPO, group-wide GDPR remediation, BCR design, M&A privacy due diligence).
Two or more relevant certifications, e.g., CIPP/E + CIPM, CDPSE, ISO 27701 Lead Implementer/Auditor, CISM/CISSP (where privacy and security responsibilities overlap).
Desired Skills
Experience engaging directly with supervisory authorities on enquiries, complaints, audits or breach notifications.
Track record of mentoring junior staff and supporting proposal/BD activity.
Sector depth in one or more of: financial services, public sector, health/life sciences, technology/online platforms.
Experience with privacy technology platforms (OneTrust, BigID, TrustArc, Microsoft Purview).
Understanding of AI governance frameworks (ISO/IEC 42001, NIST AI RMF) and the EU AI Act's interaction with GDPR.
Knowledge of cross-border transfer mechanisms post-Schrems II and emerging EU–US Data Privacy Framework developments.
Experience supporting clients through DPC investigations or inquiries.
We are Grant Thornton

Forget what you think you know about professional services. We go beyond what’s expected and help others do the same.
Grant Thornton is the brand name for Grant Thornton LLP and Grant Thornton Advisors LLC the U.S. member firms of Grant Thornton International Ltd, one of the world’s leading independent audit & assurance, tax and advisory firms. That means our network has more than 73,000 professionals in more than 146 countries who are ready to help public and private organizations of all sizes take on today’s challenges. But what sets us apart isn’t just what we do – it’s how we do it. Here, we believe in making business more personal and building trust into every result. We’re collaborators – obsessed with quality and ready for anything – who understand the value of strong relationships. It’s how we challenge the expectations of business and empower our people and clients to do it, too.
One thing we won’t do? Grant Thornton will never request money or any form of payment for services via social media. Please report any concerns at 1-800-810-3503.
Grant Thornton International Limited (GTIL) and the member firms, including Grant Thornton LLP and Grant Thornton Advisors LLC, are not a worldwide partnership. Services are delivered by the member firms. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. Please see www.grantthornton.com for further details.