Project Manager – PII & Data Leakage Risk Reduction

Job Description: Project Manager – PII & Data Leakage Risk Reduction

Duration: 6 months
Role Overview
Domestic & General is undertaking a critical programme to strengthen visibility, control, and
governance of Personally Identifiable Information (PII) and data leakage risk across our
technology estate.
This programme addresses both:
 the identification and remediation of unstructured PII, and
 the implementation of proportionate Data Loss Prevention (DLP) controls to reduce
recurrence of data exposure and loss.
As part of this effort—supported by our enterprise PII scanning capability (Inventa) and a parallel
DLP tooling initiative—we are seeking a highly capable Project Manager to lead cross-functional
delivery across detection, remediation, prevention, and governance.
The role sits at the heart of our data privacy and information risk agenda, responding to internal
audit actions, risk committee commitments, and evolving regulatory expectations. The role will
work closely with the Group Data Protection Office, Information Security, Technology, and
business stakeholders, and will report directly into the Director of Transformation.
Key Responsibilities
1. Lead the PII & Data Leakage Risk Reduction Programme
 End-to-end project management of initiatives addressing unstructured PII exposure and
data leakage risk.
 Manage delivery across two aligned workstreams: PII exposure detection and DLP.
 Develop and maintain detailed plans, RAID logs, and delivery workstreams.
 Monitor delivery against agreed milestones and risk deadlines.

2. Operate and Optimise PII Detection Capabilities (Inventa)
 Establish periodic PII scanning cycles and tuning activities.
 Reduce false positives through agreed PII definitions and thresholds.
 Ensure findings are validated and assigned to business owners.
 Support long-term embedding of detection capability.
3. Drive Unstructured PII Remediation

 Work with system owners and data stewards to remediate aged or unnecessary PII.
 Track progress and escalate blockers.
 Ensure alignment with retention and minimisation principles.

4. Support DLP Delivery and Implementation
 Coordinate DLP requirements, vendor engagement, and implementation.
 Support phased rollout and operational readiness.
 Help define user workflows for blocked or held content.

5. Governance, Reporting & Risk Management
 Produce executive reporting.
 Maintain alignment with regulatory obligations.
 Support RACI and ownership clarity.

6. Stakeholder Management
 Engage senior stakeholders across Technology, Security, Legal, Risk, and Operations.
 Facilitate workshops and decision forums.
 Act as a key delivery coordination point.

Skills & Experience Required
Essential
 Proven experience delivering data remediation or risk-driven programmes.
 Strong project management and governance capability.
 Experience with PII discovery or scanning tools.
 Ability to translate regulatory requirements into delivery plans.
 Strong stakeholder engagement skills.
 Working knowledge of GDPR and data minimisation principles.
Desirable
 Experience supporting DLP initiatives. Exposure to vendor-led delivery or RFPs.
 Experience in regulated environments.
 Familiarity with Microsoft 365 platforms.
 Experience working with a DPO or privacy bodies.

Role Impact

This role is critical to reducing enterprise data risk and strengthening control over personal data
and data leakage. Successful delivery will directly support audit closure, improved governance,
and sustainable preventative controls.