Privacy and Compliance Consultant

About the Company

We are a boutique cybersecurity, privacy, and AI governance consultancy serving enterprise clients across financial services, healthcare, technology, telecommunications, energy, insurance, and government sectors. Our practice operates across Nigerian, EU, US, and other international markets, with deep specialization in multi-jurisdictional data protection compliance, AI governance, ISO management system implementation and audit, cybersecurity framework consulting, and outsourced Data Protection Officer services.

About the Role

We are hiring a Privacy and Compliance Consultant to work directly with global enterprise clients on data protection compliance, AI governance, security assessments, ISO management system implementation, and regulatory advisory across multiple jurisdictions. This is a foundational role on the Lagos team. The successful candidate will help build the privacy and compliance practice, work directly with mid-market and enterprise clients in Nigeria, the EU, the US, and other markets, file regulatory documentation across jurisdictions, and contribute to the firm's growth across multiple service lines.

This is a 6-month fixed-term contract, renewable, with conversion to permanent employment at the 6-month mark based on performance and business growth.

Key Responsibilities

• Conduct privacy compliance audits, data protection impact assessments, transfer impact assessments, and gap analyses against the Nigeria Data Protection Act 2023 and GAID 2025, EU GDPR, UK Data Protection Act and Data Use and Access Act 2025, US state privacy laws including CCPA, CPRA, TDPSA, NYDFS Part 500, HIPAA, ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 42001, and applicable sector regulations
• Design and implement privacy programs, AI governance frameworks, and information security management systems that satisfy multiple regulatory regimes simultaneously, including controller and processor obligations under GDPR, NDPA, and equivalent laws
• Develop and maintain privacy and security documentation including records of processing activities, data sharing agreements, data processing addenda, standard contractual clauses, binding corporate rules guidance, transfer impact assessments, and statements of applicability
• Prepare and file regulatory submissions on behalf of clients across jurisdictions, including NDPC Compliance Audit Returns, NYDFS Part 500 annual certifications, SEC cybersecurity disclosures, and equivalent filings
• Serve as a designated day-to-day data protection point of contact for assigned client organizations, including outsourced Data Protection Officer engagements for clients regulated under NDPA, GDPR, UK GDPR, CCPA, and HIPAA
• Conduct privacy and security risk assessments and produce executive-level reports with prioritized remediation recommendations mapped to applicable regulations
• Implement and audit ISO/IEC 27001, 27701, and 42001 management systems for clients pursuing certification readiness, including SOC 2 cross-mapping where applicable
• Advise clients on EU AI Act obligations including Article 9 to 15 high-risk AI requirements, NIST AI Risk Management Framework alignment, US state AI laws including Texas TRAIGA and Colorado AI Act, and emerging global AI governance standards
• Deliver privacy, AI governance, and cybersecurity awareness training sessions to client executives, managers, technical staff, and board members across multiple jurisdictions
• Monitor regulatory developments in Nigerian, EU, UK, US, Canadian, and other jurisdictions and advise clients on business impact, required action, and compliance deadlines
• Support data breach response, regulatory notification across multiple jurisdictions, and post-incident remediation activities
• Prepare semi-annual data protection reports, annual compliance reports, audit return submissions, and regulator-facing correspondence for client organizations
• Contribute to business development including proposal writing, scoping calls, client presentations, RFP responses, and thought leadership content

Required Qualifications

• Bachelor's degree from a recognized university in Law, Computer Science, Information Technology, Cybersecurity, Data Science, Information Systems, or Business Administration
• Minimum 3 years of professional experience in data protection, privacy, compliance, audit, or cybersecurity consulting
• Active possession of at least one of the following privacy or data protection certifications:
• IAPP Certified Information Privacy Manager (CIPM)
• IAPP Certified Information Privacy Technologist (CIPT)
• IAPP Artificial Intelligence Governance Professional (AIGP)
• ISO/IEC 27001 Lead Implementer or Lead Auditor (issued by PECB, BSI Group, DNV, Schellman, SGS, or any IRCA-registered certification body)
• ISO/IEC 27701 Lead Implementer or Lead Auditor (issued by PECB, BSI Group, DNV, Schellman, or SGS)
• ISO/IEC 42001 Lead Implementer (issued by PECB, BSI Group, DNV, Schellman, or SGS)
• PECB Certified Data Protection Officer (CDPO)
• Data Protection Officer Certificate issued by the Data Protection Institute (DPI)
• Nigeria Data Protection Commission Data Protection Officer Certification
• Working knowledge of at least one of the following regulatory regimes: Nigeria Data Protection Act 2023 and GAID 2025, EU GDPR, UK GDPR and DUAA 2025, US state privacy laws (CCPA, CPRA, or equivalent), HIPAA, NYDFS Part 500, EU AI Act, and one ISO management system standard (27001, 27701, or 42001)
• Demonstrated experience conducting privacy or compliance audits, data protection impact assessments, or readiness reviews across at least one international regulatory regime
• Excellent written and verbal communication skills in English, with the ability to produce regulator-grade documentation and client-facing reports for international audiences
• Ability to manage multiple client engagements across jurisdictions simultaneously, work independently across time zones, and meet regulatory filing deadlines
• Proficiency in Microsoft Office Suite, Google Workspace

Preferred Qualifications but not required

• Two or more privacy, security, or compliance certifications from the qualifying list above
• IAPP Fellow of Information Privacy (FIP) designation
• Nigerian-qualified legal practitioner (LL.B and Bar Part II) with privacy specialization, or equivalent legal qualification in another jurisdiction
• Prior experience at a Big 4 firm, top Nigerian or international law firm, accredited certification body, or specialist privacy consultancy with multi-jurisdictional client base
• Direct experience with EU GDPR Article 30 records of processing, Article 35 DPIAs, Chapter V transfers, and supervisory authority engagement
• Direct experience with US state privacy law compliance, NYDFS Part 500 attestation, or HIPAA Security Rule readiness
• Familiarity with cloud security frameworks (AWS, Azure, Google Cloud, Oracle Cloud Infrastructure) and cloud privacy controls
• Direct experience filing NDPC Compliance Audit Returns or serving as a designated DPO for a Data Controller of Major Importance under NDPA
• Sector experience in financial services, fintech, healthcare, telecommunications, insurance, technology, or government
• Project management certification (PMP from Project Management Institute, or PRINCE2)
• Familiarity with EU AI Act high-risk obligations, NIST AI Risk Management Framework, OECD AI Principles, Singapore Model AI Governance Framework, and emerging US state AI laws
• Public speaking, training delivery, conference presentation, or published thought leadership track record
• Working knowledge of at least one additional language relevant to international privacy practice (French, Spanish, Portuguese, Arabic, or German)

What We Offer

• 400,000 to 1,000,000 Naira per month gross salary, commensurate with experience and certifications held at hire
• Guaranteed 6-month performance review with salary adjustment and conversion to permanent employment based on performance
• Health Maintenance Organization (HMO) coverage for the employee
• Hybrid work arrangement with flexible schedule
• Client exposure to mid-market and enterprise organizations across Nigerian, EU, US, and other international markets from day one
• Clear career progression path: Consultant, Senior Consultant, Manager, Senior Manager
• Annual leave, public holidays, and statutory benefits
• Opportunity to contribute to global thought leadership through publications, conference speaking, and training delivery

<