Founded in 1882, Tottenham Hotspur Football Club is an English Premier League Club, based in North London.

Led by the late great Bill Nicholson, the Club became the first in England to win the League and FA Cup Double in 1961, and the first in the UK to win a European Trophy two years later. Spurs has since been home to some of the game’s great entertainers, including Jimmy Greaves, Glenn Hoddle, Paul Gascoigne, David Ginola, Gareth Bale, Heung-Min Son and Harry Kane.

In April 2019, the Club opened an iconic new stadium that sits at the heart of a £1billion sport-led regeneration of North Tottenham. The stadium is the largest football club stadium in London and is a multi-use venue with the ability to host a variety of events 365 days a year, including NFL, boxing, rugby, concerts and other major events, plus visitor attractions including Stadium Tours and the Dare Skywalk.

The stadium development scheme has to date created more than 4,000 new jobs for local people, with circa £300m pumped into the local economy each year.

Tottenham Hotspur has:

  • A clear strategy to develop talent from within its Academy, showcased by a strong track record of Academy players graduating to the first-team squad.

  • A £100m state-of-the-art Training Centre that supports the Club’s ambition to attract, develop and retain the best talent.

  • Commercial partnerships with globally-recognised brands including AIA Group Limited (AIA), one of the world's leading providers of life insurance services, and Nike, the world’s leading sports footwear and apparel company

  • A commitment to minimizing its environmental impact across Club operations, being named as the greenest in the Premier League for the past three years. Tottenham Hotspur is a signatory of the UN Sports for Climate Action Framework, committing to halve carbon emissions by 2030 and become net zero carbon by 2040

  • An award-winning Foundation that is renowned for creating opportunities to help enhance the lives of people in its local community through education, employment, health and social inclusion programmes.

The Club is seeking a Risk, Compliance and Data Protection Officer to jon it's Legal, Risk and Compliance team. As the Risk, Compliance and Data Protection Officer you will have responsibility for the management of the Club’s risk and compliance obligations, ensuring all statutory requirements are being met or exceeded and delivered to the highest of standards.

Safeguarding is fundamental to the success in all that we do. Successful candidates are subject to an enhanced DBS check.

Tottenham Hotspur Football Club welcomes applications from anyone regardless of age, disability, race, colour or ethnic and national origins, religion or belief, or sexual orientation.

Key Responsibilities

  • Managing the Club’s digital risk register.

  • Monitoring compliance with data protection and privacy legislation.

  • Advising and supporting internal teams across to meet their obligations to protect personal data in line with legislation.

  • Managing the Club’s GRC platform (One Trust).

  • Monitor regulatory and legislative developments to devise and maintain policies and procedures to regulate the processing of personal data and set out how to interact with external bodies, regulatory authorities, and data subjects.

  • Establish and maintain influential working relationships at all levels necessary to successfully promote compliance strategies, and continuous improvement opportunities.

  • Review contracts to ensure that appropriate data protection wording is included.

  • Manage all data subject access requests within stipulated timeframes.

  • Investigate data incidents within the stipulated timeframes.

  • Document new processes and assisted the business in completing relevant privacy assessments, e.g., privacy impact, legitimate interests, and data protection impact assessments.

Personal Attributes

  • Thinks ahead, generates innovative ideas

  • Values & respects others, builds relationships, collaborates

  • Gets things done, delivers to highest of standards, takes responsibility

Skills & Experience


To be considered for the role Applicants must be able to demonstrate experience that they have:

  • Delivered sustainable compliance frameworks.

  • Managed a digital risk register end-to-end.

  • Worked autonomously in creating and executing strategies.

  • One Trust (configuration, form design and workflow).

  • Performed assessment reviews (PIA, DPIA, LIA etc.)

  • Performed contract reviews.

  • Managed DSARs from receipt to completion.

  • Investigated data incidents.

  • Performed granular data mapping.

  • Managed third party relationships for the maintenance of existing Risk & Compliance platforms and create business requirements for any identified enhancements.

  • Managed the compliance on-boarding of new vendors to ensure adherence with policy.

  • A solid understanding of European and UK data protection law.

  • Worked closely with a Cyber Security Team in reviewing new technology suppliers.

  • Managed ad-hoc customer compliance analysis requirements.


  • Minimum of 5 years’ experience in managing a compliance function with a focus on data protection.

  • CIPM and CIPP/e qualifications or relevant alternative.

  • An understanding of other relevant compliance functions such as ESG, PCI-DSS, AML and EDI.

  • Overseen internal PCI DSS audit processes and subsequent ongoing management.

  • Acted as a key stakeholder for an ISO 27001 implementation.

  • Performed ongoing compliance reviews of all active vendors to cover a broad range of compliance checks.

  • Carried out rationalisation exercises to identify any overlap in vendor services and, where appropriate, question business plans to change existing arrangements.

  • Overseen and implemented ongoing staff compliance training program.

  • Acted as a key stakeholder on compliance related projects e.g. new system implementations, brand protection and Net Zero initiatives legal.

  • Developed and articulate sound proposals to key stakeholders which influence and drive timely decision making.

  • Overseen an organisation’s insurance policy portfolio, identifying gaps in current cover, and making informed recommendations to mitigate.

  • Carried out low level process and data flow mapping.

  • Co-managed an organisation’s risk register along with other departments, e.g., Safeguarding, EDI, Health & Safety etc.