Data Privacy and Compliance Lead

Overview

Data Privacy and Compliance Lead - 0000B1RJ

Join us to make a difference for all students in NSW

Ongoing full time tole

Close to Wynyard station & hybrid work arrangements available

We are seeking a privacy leader to take our program beyond compliance and embed privacy at the heart of strategy, innovation, and decision making. This is an exciting opportunity to lead NESA's privacy program, ensuring compliance with data protection laws while shaping how we use data responsibly in an increasingly complex environment.

As Data Privacy and Compliance Lead, you will oversee Privacy Impact Assessments (PIAs), breach response, consent governance, and training, while building relationships with senior stakeholders, regulators, and external partners. You will play a key role in fostering a culture of trust and accountability, enabling responsible innovation, and embedding privacy into the way we work. You'll be joining a collaborative and purpose-driven team dedicated to safeguarding information and supporting quality education outcomes in NSW.

On a day-to-day basis you will be responsible for:

Responsibilities

• Maintain and enhance NESA's enterprise privacy framework to ensure alignment with NSW and Commonwealth legislation and organisational strategy.
• Lead and coordinate Privacy Impact Assessments (PIAs) across projects, digital solutions, vendor engagements, and system changes, embedding privacy into planning and decision-making.
• Manage the privacy incident response process, including triage, investigation, documentation, and breach notifications, while driving continuous improvement.
• Coordinate statutory information requests such as GIPA applications, subpoenas, and lawful disclosures, ensuring timely and compliant handling.
• Govern the enterprise privacy register and conduct internal reviews and audits of personal data handling to strengthen accountability and adherence to best practices.
• Provide expert advice on privacy risks, regulatory compliance, third-party agreements, and emerging technologies, including AI, automation, and cross-border data flows.
• Develop and deliver engaging privacy education and awareness programs to build organisational capability and embed a strong culture of accountability.
• Drive the privacy maturity uplift program, defining, measuring, and reporting on performance using metrics, dashboards, and maturity models to inform senior leadership.
• Engage proactively in major transformation and change initiatives, collaborating with senior leaders and technical teams to integrate privacy requirements and support responsible innovation.

Ideal candidate

• Experience leading privacy programs, conducting PIAs, managing breaches and advising on compliance with privacy legislation.
• Strong knowledge of NSW and Commonwealth privacy, records, and information access frameworks.
• The ability to manage competing deadlines and deliver timely outcomes in line with regulatory requirements.
• Strong influencing, negotiation, and communication skills to engage effectively with stakeholders at all levels.
• Proven experience driving cultural change and embedding privacy awareness across an organisation.
• A proactive and resilient approach, with the ability to think critically, solve problems and deliver practical solutions.
• Tertiary qualifications in a relevant discipline or demonstrated equivalent relevant professional experience.
• Working with Children Clearance (WWCC) for paid employment (prior to commencement, not required at application stage).

Organisation context

At the NSW Education Standards Authority (NESA) we work with the NSW community to drive improvements in student achievement. We achieve this by supporting all school sectors with high-quality syllabuses, assessment (including managing the HSC and NAPLAN), teaching standards (e.g., accrediting teachers) and school environments (including setting and monitoring school standards).

To find out more about the important work we do for NSW visit our website.

Application instructions

Ready to join us?

Select apply and attach an up-to-date résumé (maximum 5 pages) and a cover letter (maximum 2 pages). Also address the 2 targeted questions below in your online application:

• This role requires leading Privacy Impact Assessments (PIAs) and providing expert advice to manage privacy risks in complex projects. Please describe a time when you identified and addressed a privacy or data protection risk in a project or initiative. What steps did you take to assess the risk, engage stakeholders, and implement effective controls?
• A key challenge of this role is driving staff understanding of privacy obligations and embedding a culture of privacy awareness across an organisation. Please provide an example of how you have successfully promoted compliance or cultural change in relation to privacy, information governance, or regulatory requirements. What approach did you use, and what was the outcome?

If you need reasonable adjustments for the recruitment process and workplace, please reach out to the contact person above.

Close date: 29 September 2025 at 11.59pm AEST

We particularly welcome applications from Aboriginal and Torres Strait Islander people, people with a disability, people of all ages, genders, cultural and linguistic backgrounds, the LGBTQIA+ community, veterans and refugees.

Visa sponsorship is not available for this position. For ongoing roles, you must be an Australian or New Zealand citizen or an Australian Permanent Resident. Australian Temporary Residents may be considered for a fixed term contract for the length of their visa, depending on the requirements of the hiring area and the position.

A Talent Pool (valid for 18 months) may be created for future ongoing and temporary roles.

Location

Sydney Region-Sydney City

Work Type

Full-time

Number of Positions

1

Total Remuneration Package: $129,464 - $142,665 plus employer's contribution to superannuation and annual leave loading.

Closing Date

29-Sep-2025, 1:59:00 PM

Job Category

Information and communications technology

We pay respect to the Traditional Custodians and First Peoples of NSW, and acknowledge their continued connection to their country and culture.

#J-18808-Ljbffr

---