We are a young, innovative and expanding technology business, delivering mobility services and sustainability products through B2B business models (Car-pooling; Ride-pooling/ Shuttle; Sustainability planning and reporting). Our customer base is growing across Europe, our technology being ready to go global. Job Overview We are currently looking for a Head of Privacy, Risk & Compliance and Data Protection Officer to ensure we comply with our regulatory, risk and data protection obligations across the Company. The role includes oversight of compliance monitoring, risk management, regulatory reporting, policy development, and new business reviews, providing expert advisory support to the business and clients. What you'll get to own You will be accountable for the governance of risk, privacy, and compliance frameworks across the organisation, ensuring alignment with its own and parent company Toyota Financial Services UK (TFS UK) Group policies as well as wider regulatory obligations. As DPO, you will have formal responsibility for data protection compliance, privacy impact assessments, regulatory engagement, and breach management. A key aspect of the role is cross-functional collaboration with IT, Information Security, and Regional Audit and Compliance teams, ensuring a cohesive risk management strategy that integrates data security, regulatory standards, and operational governance. This is a senior leadership position reporting to the Chief Executive Officer of KINTO Join Ltd. You will have a strategic, analytical, and proactive mindset, coupled with the ability to engage at all levels of the organisation and drive continuous improvement in risk, compliance, and privacy functions. What you will be responsible for: Strategic Leadership & Governance Lead the development, implementation, and oversight of privacy, risk, and compliance frameworks across KJL. Ensure alignment with regulatory requirements and Toyota Financial Services UK (TFS UK) Group policies. Provide expert guidance on risk mitigation, compliance best practices, and regulatory change management. Develop and maintain risk appetite, governance structures, and assurance mechanisms across the business. Act as a key advisor to senior leadership and the Risk Committee on strategic risk and compliance issues. Privacy & Data Protection (DPO Responsibilities) Act as the formal Data Protection Officer (DPO) for KJL, ensuring full compliance with UK GDPR, EU GDPR, and other relevant data protection laws. Lead Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new projects, processes, and third-party engagements. Oversee data protection policies, procedures, and training to embed a culture of privacy by design. Serve as the primary point of contact for data protection regulators, handling regulatory inquiries, audits, and data breach reporting. Develop and oversee the data incident response framework, ensuring timely and effective breach management. Risk & Compliance Management Own and maintain all risk and compliance-related policies, ensuring their effectiveness, adaptation, and integration within the business. Lead the Second Line of Defence, ensuring robust oversight of risk management and compliance functions. Provide regulatory advisory support to the First Line of Defence, enabling business units to navigate compliance requirements effectively. Conduct risk assessments, internal audits, and assurance reviews to monitor adherence to compliance standards. Establish and manage relationships with regulators, auditors, and external compliance bodies. Cross-Functional Collaboration Work closely with IT and Information Security teams to align data protection, cybersecurity, and risk governance frameworks. Collaborate with Regional Audit and Compliance teams to maintain consistency in regulatory adherence across jurisdictions. Engage with senior management to provide strategic insight on emerging risks, regulatory developments, and compliance trends. Regulatory Reporting & Budget Management Oversee regulatory submissions and reporting obligations, particularly in Data Protection and Information Security compliance. Manage the 2nd Line budget in line with business priorities, ensuring cost-effective compliance initiatives. Requirements Proven experience leading a risk, privacy, and compliance function in a regulated environment. Significant Data Protection, Risk, and Compliance experience. Strong understanding of the ‘Three Lines of Defence’ model and regulatory frameworks. Experience in engaging with regulators, auditors, and compliance bodies at national and international levels. Strong leadership, people management, and change management skills. Excellent communication and stakeholder engagement skills, with the ability to influence senior management, IT, Information Security, and external regulatory bodies. Deep knowledge of UK GDPR, EU GDPR, and other relevant data protection and cybersecurity laws. Practical experience in compliance monitoring, internal audits, and risk assessments. Understanding of information security principles and collaboration with IT security teams on compliance and data governance. Ability to develop and oversee Data Protection Impact Assessments (DPIAs), privacy policies, and risk controls. Prior experience as a regulated DPO or senior compliance officer in a multinational organisation. Hands-on experience working with IT, Information Security, and Regional Audit & Compliance teams. Experience with ISO 27001, NIST, or other information security compliance frameworks. A current CIPP/E, CIPM, CDPO, or equivalent data privacy certification. Benefits At KINTO Join Ltd. we offer more than just an externally bench-marked salary: 25 days' annual leave Pension membership Private medical cover An attractive car scheme, offering Toyota and Lexus vehicles Regular 121s with your manager A wide range of learning & development opportunities A supportive and innovative work environment focused on sustainability and positive impact. How we'll support you: A full KINTO Join induction Provide a great development opportunity to excel in the role and be considered for international positions. Give you the space and opportunity to be your whole self at work. Foster a learning culture, providing you with clear and constructive feedback, and encouraging you to do the same. 25 days' annual leave