cover image
Heathrow

Heathrow

www.heathrow.com

3 Jobs

5,372 Employees

About the Company

There’s no place like Heathrow. We are Europe’s largest airport and the world's most connected airport. Heathrow is home to more than 80 airlines and is the UK’s most valuable port by value, connecting passengers, businesses and cargo to more than 200 destinations around the world.

Listed Jobs

Company background Company brand
Company Name
Heathrow
Job Title
Data Protection Manager
Job Description
**Job Title:** Data Protection Manager **Role Summary:** Lead data protection strategy and operations, ensuring full compliance with UK GDPR, PECR and other relevant regulations. Act as the internal expert for privacy, advising on regulatory changes, guiding risk assessments, and shaping data protection policies. Coordinate across business units, manage stakeholder relationships, and oversee training, incident response, and third‑party DPIA management. **Expactations:** - Maintain and enhance GDPR compliance framework. - Translate regulatory requirements into actionable projects delivering measurable benefits. - Build and sustain relationships with internal stakeholders, external regulators, vendors, and cybersecurity teams. - Demonstrate continuous improvement in data protection practices within a complex, multi‑supplier environment. **Key Responsibilities:** - Conduct and maintain Data Protection Impact Assessments (DPIAs) and Data Protection Impact Assessments (DPICAs). - Lead risk assessments, privacy impact assessments, and incident management processes. - Develop, update, and enforce privacy policies, guidelines, and procedures. - Deliver data protection training and awareness campaigns. - Manage data subject access requests (DSARs) and other privacy data requests. - Oversee and coordinate the work of external DPIA suppliers. - Produce regular compliance reports for management and regulatory bodies. - Participate in cross‑functional projects, ensuring new initiatives meet privacy standards. - Represent the organization at internal and external privacy events and forums. **Required Skills:** - In‑depth knowledge of UK GDPR, PECR, and privacy regulations applicable to emerging technologies (e.g., AI). - Proven experience designing, implementing, and maintaining DPIAs/DPICAs. - Ability to translate statutory requirements into tangible project outcomes. - Strong stakeholder engagement skills, including the ability to influence senior leadership. - Experience working across waterfall and agile delivery environments with multiple suppliers. - Excellent written and verbal communication, including policy drafting and training delivery. - Familiarity with privacy incident management and risk mitigation strategies. **Required Education & Certifications:** - University‑level qualification in Law, Compliance, Information Security, or a related discipline. - Professional certification in privacy such as CIPP/UK, CIPM, or equivalent highly regarded data protection credential.
London, United kingdom
Hybrid
25-11-2025
Company background Company brand
Company Name
Heathrow
Job Title
Marketing Data Protection Analyst
Job Description
**Job Title**: Marketing Data Protection Analyst **Role Summary** Support end‑to‑end data protection processes within the CRM & Data team, ensuring compliance with GDPR and related legislation. Manage DPIA exercises, audit monitoring, DSAR handling, contractual clause reviews, and internal communication to embed a strong data protection culture across the Customer Team. **Expectations** - Deliver accurate, timely data protection assessments and reports. - Maintain up‑to‑date knowledge of GDPR and evolving privacy regulations. - Serve as the first point of contact for data protection queries in the customer contact centre. - Foster strong relationships with internal stakeholders, external partners, and suppliers. **Key Responsibilities** - Conduct and manage DPIAs, DPCAs, LIAs and related assessments for new and existing data processing activities. - Proactively identify, record, and report breaches, non‑compliance incidents, and privacy risks. - Support the DPO with compliance monitoring, process audits, and corrective action plans. - Draft, review, and update the Privacy Notice for the Customer Team. - Review and negotiate data protection clauses in contracts with suppliers and partners, working with Procurement and Legal teams. - Develop and deliver training/communication initiatives to educate staff on data protection obligations and legislative changes. - Handle DSARs, ensuring timely and compliant responses. - Maintain accurate documentation in MS Office, Salesforce, and other relevant systems. **Required Skills** - Strong knowledge of GDPR, privacy legislation, and data protection frameworks. - Three years’ experience in data protection or privacy roles. - Excellent interpersonal and communication skills, capable of building effective relationships across functions. - High attention to detail, accuracy, and organizational efficiency. - Proficiency with MS Office (Outlook, Word, Excel, PowerPoint) and Salesforce. **Required Education & Certifications** - University‑level degree in law, data science, information technology, or a related field. - Relevant data protection certifications (e.g., CIPP/E, CIPP/US, CIPT) are an asset.
London, United kingdom
Hybrid
Junior
26-11-2025
Company background Company brand
Company Name
Heathrow
Job Title
Lead Architect, Cyber Identity and Directory services
Job Description
**Job Title:** Lead Architect, Cyber Identity and Directory Services **Role Summary:** Lead end‑to‑end architecture and strategy for enterprise identity and directory services. Own the roadmap and secure governance of Microsoft AD, Entra ID, Entra Connect, and related tools. Drive design, implementation, and optimization of IDAM while ensuring compliance with regulations and industry best practices. Mentor a small cyber team and collaborate with stakeholders to align security architecture with business priorities. **Expectations:** - Champion secure, scalable, and cost‑effective identity solutions across the organization. - Maintain mainstream vendor support for directory products and manage their lifecycle. - Provide technical leadership, project oversight, and incident response support. - Influence security strategy, keeping abreast of emerging threats, technologies, and regulatory changes. **Key Responsibilities:** - Design, implement, and refine IDAM solutions using robust security controls (SSO, MFA, PAM, Conditional Access). - Own the technical direction of Active Directory, AD Certificate Services, AD‑Integrated DNS, Entra ID, and Entra Connect. - Conduct architecture reviews and guide projects, ensuring adherence to organizational priorities and compliance standards. - Lead and mentor a team of two cyber specialists, fostering professional growth and knowledge sharing. - Manage the security roadmap for all directory services, ensure timely vendor support and upgrades. - Oversee audit preparation, regulatory compliance, and security governance of directory services. - Support incident response and post‑incident analysis, driving continuous improvement in security posture. - Engage stakeholders across enterprise functions to prioritize investments and secure enterprise identity initiatives. - Stay ahead of emerging technologies and threats, recommending strategy adjustments and roadmap updates. **Required Skills:** - Deep expertise in Microsoft Active Directory, Entra ID, Entra Connect, Windows Server, and related infrastructure. - Hands‑on experience with SSO, MFA, PAM, Conditional Access, automation (PowerShell, scripting). - Strong knowledge of Zero Trust concepts, NIST, ISO 27001, CAF, and Windows hardening practices. - Proven experience designing and implementing enterprise‑level IDAM solutions. - Demonstrated leadership and stakeholder engagement in complex security environments. - Excellent problem‑solving, communication, and team‑management skills. **Required Education & Certifications:** - Bachelor’s degree (or higher) in Computer Science, Information Security, or related field. - Relevant certifications highly desirable: CISSP, CISM, MCSE, CIAMP, or equivalent security architecture credentials.
London, United kingdom
Hybrid
Senior
27-11-2025