Data Privacy and Compliance Lead

**Join us to make a difference for all students in NSW**

**Position details**
- Clerk Grade 9/10
- Ongoing full time tole
- ** Close to Wynyard station & hybrid work arrangements available**

**About the role**

We are seeking a privacy leader to take our program beyond compliance and embed privacy at the heart of strategy, innovation, and decision making. This is an exciting opportunity to lead NESA’s privacy program, ensuring compliance with data protection laws while shaping how we use data responsibly in an increasingly complex environment.

As Data Privacy and Compliance Lead, you will oversee Privacy Impact Assessments (PIAs), breach response, consent governance, and training, while building relationships with senior stakeholders, regulators, and external partners. You will play a key role in fostering a culture of trust and accountability, enabling responsible innovation, and embedding privacy into the way we work.

You’ll be joining a collaborative and purpose-driven team dedicated to safeguarding information and supporting quality education outcomes in NSW.

On a day-to-day basis you will be responsible for:
- Maintain and enhance NESA’s enterprise privacy framework to ensure alignment with NSW and Commonwealth legislation and organisational strategy.- Lead and coordinate Privacy Impact Assessments (PIAs) across projects, digital solutions, vendor engagements, and system changes, embedding privacy into planning and decision-making.- Manage the privacy incident response process, including triage, investigation, documentation, and breach notifications, while driving continuous improvement.-
- Govern the enterprise privacy register and conduct internal reviews and audits of personal data handling to strengthen accountability and adherence to best practices.- Provide expert advice on privacy risks, regulatory compliance, third-party agreements, and emerging technologies, including AI, automation, and cross-border data flows.- Develop and deliver engaging privacy education and awareness programs to build organisational capability and embed a strong culture of accountability.- Drive the privacy maturity uplift program, defining, measuring, and reporting on performance using metrics, dashboards, and maturity models to inform senior leadership.- Engage proactively in major transformation and change initiatives, collaborating with senior leaders and technical teams to integrate privacy requirements and support responsible innovation.
- Experience leading privacy programs, conducting PIAs, managing breaches and advising on compliance with privacy legislation.
- Strong knowledge of NSW and Commonwealth privacy, records, and information access frameworks.
- The ability to manage competing deadlines and deliver timely outcomes in line with regulatory requirements.
- Strong influencing, negotiation, and communication skills to engage effectively with stakeholders at all levels.
- Proven experience driving cultural change and embedding privacy awareness across an organisation.
- A proactive and resilient approach, with the ability to think critically, solve problems and deliver practical solutions.

**Essential requirements**:
- Tertiary qualifications in a relevant discipline or demonstrated equivalent relevant professional experience. For further information, we invite you to download the role description.

**About us**

At the NSW Education Standards Authority (NESA) we work with the NSW community to drive improvements in student achievement.

We achieve this by supporting all school sectors with high-quality syllabuses, assessment (including managing the HSC and NAPLAN), teaching standards (e.g., accrediting teachers) and school environments (including setting and monitoring school standards).

To find out more about the important work we do for NSW visit our**website.

**Ready to join us?**
- This role requires leading Privacy Impact Assessments (PIAs) and providing expert advice to manage privacy risks in complex projects. Please describe a time when you identified and addressed a privacy or data protection risk in a project or initiative. What steps did you take to assess the risk, engage stakeholders, and implement effective controls?
- A key challenge of this role is driving staff understanding of privacy obligations and embedding a culture of privacy awareness across an organisation. Please provide an example of how you have successfully promoted compliance or cultural change in relation to privacy, information governance, or regulatory requirements. What approach did you use, and what was the outcome?

If you need reasonable adjustments for the recruitment process and workplace, please reach out to the contact person above_._

**Close date: 29 September 2025 at 11.59pm AEST**

**Important information**

**Visa sponsorship is not available for this position**. For ongoing roles, you must be an Australian or New Zealand citizen or an Australian Permanent Resident. Australian Temporary Residents may be