Data Privacy and Compliance Lead

Join us to make a difference for all students in NSW

Position details

• Clerk Grade 9/10
• Ongoing full time tole
• Close to Wynyard station & hybrid work arrangements available

About the role

We are seeking a privacy leader to take our program beyond compliance and embed privacy at the heart of strategy, innovation, and decision making. This is an exciting opportunity to lead NESA's privacy program, ensuring compliance with data protection laws while shaping how we use data responsibly in an increasingly complex environment.

As Data Privacy and Compliance Lead, you will oversee Privacy Impact Assessments (PIAs), breach response, consent governance, and training, while building relationships with senior stakeholders, regulators, and external partners. You will play a key role in fostering a culture of trust and accountability, enabling responsible innovation, and embedding privacy into the way we work.

You'll be joining a collaborative and purpose-driven team dedicated to safeguarding information and supporting quality education outcomes in NSW.

On a day-to-day basis you will be responsible for:

• Maintain and enhance NESA's enterprise privacy framework to ensure alignment with NSW and Commonwealth legislation and organisational strategy.
• Lead and coordinate Privacy Impact Assessments (PIAs) across projects, digital solutions, vendor engagements, and system changes, embedding privacy into planning and decision-making.
• Manage the privacy incident response process, including triage, investigation, documentation, and breach notifications, while driving continuous improvement.
• Coordinate statutory information requests such as GIPA applications, subpoenas, and lawful disclosures, ensuring timely and compliant handling.
• Govern the enterprise privacy register and conduct internal reviews and audits of personal data handling to strengthen accountability and adherence to best practices.
• Provide expert advice on privacy risks, regulatory compliance, third-party agreements, and emerging technologies, including AI, automation, and cross-border data flows.
• Develop and deliver engaging privacy education and awareness programs to build organisational capability and embed a strong culture of accountability.
• Drive the privacy maturity uplift program, defining, measuring, and reporting on performance using metrics, dashboards, and maturity models to inform senior leadership.
• Engage proactively in major transformation and change initiatives, collaborating with senior leaders and technical teams to integrate privacy requirements and support responsible innovation.

Our ideal candidate will have:

• Experience leading privacy programs, conducting PIAs, managing breaches and advising on compliance with privacy legislation.
• Strong knowledge of NSW and Commonwealth privacy, records, and information access frameworks.
• The ability to manage competing deadlines and deliver timely outcomes in line with regulatory requirements.
• Strong influencing, negotiation, and communication skills to engage effectively with stakeholders at all levels.
• Proven experience driving cultural change and embedding privacy awareness across an organisation.
• A proactive and resilient approach, with the ability to think critically, solve problems and deliver practical solutions.

Essential requirements:

• Tertiary qualifications in a relevant discipline or demonstrated equivalent relevant professional experience.
• Working with Children Clearance (WWCC) for paid employment (prior to commencement, not required at application stage)

For further information, we invite you to download the role description.

About us

At the NSW Education Standards Authority (NESA) we work with the NSW community to drive improvements in student achievement.

We achieve this by supporting all school sectors with high-quality syllabuses, assessment (including managing the HSC and NAPLAN), teaching standards (e.g., accrediting teachers) and school environments (including setting and monitoring school standards).

To find out more about the important work we do for NSW visit ourwebsite.

Ready to join us?

Select apply and attach an up-to-date résumé (maximum 5 pages) and a cover letter (maximum 2 pages). Also address the 2 targeted questions below in your online application:

• This role requires leading Privacy Impact Assessments (PIAs) and providing expert advice to manage privacy risks in complex projects. Please describe a time when you identified and addressed a privacy or data protection risk in a project or initiative. What steps did you take to assess the risk, engage stakeholders, and implement effective controls?
• A key challenge of this role is driving staff understanding of privacy obligations and embedding a culture of privacy awareness across an organisation. Please provide an example of how you have successfully promoted compliance or cultural change in relation to privacy, information governance, or regulatory requirements. What approach did you use, and what was the outcome?

Advice on applying for NSW Public Sector roles

If you need reasonable adjustments for the recruitment process and workplace, please reach out to the contact person above.

Close date: 29 September 2025 at 11.59pm AEST

Thank you for your interest, we look forward to receiving your application.

Important information

We particularly welcome applications from Aboriginal and Torres Strait Islander people, people with a disability, people of all ages, genders, cultural and linguistic backgrounds, the LGBTQIA+ community, veterans and refugees.

Visa sponsorship is not available for this position. For ongoing roles, you must be an Australian or New Zealand citizen or an Australian Permanent Resident. Australian Temporary Residents may be considered for a fixed term contract for the length of their visa, depending on the requirements of the hiring area and the position.

A Talent Pool (valid for 18 months) may be created for future ongoing and temporary roles.