This is a senior position responsible for establishing and maintaining the Group’s Data Protection and Privacy Program. The role is appointed to support the Bank through a complex, evolving privacy environment; develop a records management framework in the organization; and support the overall security strategy as data protection requires coordinating security activities across many areas such as data classification, data loss prevention, encryption, access management, business impact analysis, and data retention.
Principal Responsibilities, Accountabilities and Deliverables of Role:
- Monitor compliance with data protection laws and Group policies
- Follow evolution of data protection and records retention laws and regulations
- Inform and advise on data protection laws, regulations and Group policies
- Supervise and perform data protection GAP assessments to enable compliance with protection and retention requirements
- Develop, document and maintain data protection and retention standards and procedures
- Oversee the maintenance of records required to demonstrate data protection compliance
- Define and manage an awareness program to foster a data protection and privacy culture within the Group
- Manage an assurance program to remediate activities that are not in compliance with policies and procedures
- Support the data incident response and data breach notification procedures
- Build relationships with data protection authorities to assist in maintaining the Data Protection and Privacy Program
- Provides updates on the data protection programme to the CISO and other senior managers as appropriate
- Participate in the Data Protection and Privacy working party, and other working groups as needed
Job Context (Circumstances & environment surrounding the job):
Following the introduction of GDPR similar legislation is in the process of being introduced in several jurisdictions within which the Bank operates and it is anticipated that others will follow. The Bank is creating a function within the Security organization to ensure the Bank has a strategy and resources to discharge its global obligations under the data protection and privacy requirements in every location where the Bank operates.
- Expert knowledge of General Data Protection Regulation (GDPR), gathered from leading and/or actively participating in GDPR implementation projects.
- Strong knowledge of the European Union Data Protection Directive, obtained from at least one of UK, Ireland, Spain, Italy, Germany or France.
- Strong knowledge of the UK data protection Act.
- Good knowledge of Records management and retention
- Good understanding of data processing and new technologies (e.g., Cloud, Blockchain)
- Good understanding of information security principles, cyber security risks, and PCI DSS.
Education / Certifications
- University degree with a legal, compliance, or IT background
- Recognized data protection/privacy qualifications (e.g., CIPP, ISEB).
- At least 3 years in a leadership role in a multinational financial institution.
- 5+ years of experience in a similar type of role in a Data Protection Function
- Experience in dealing with Data Protection Authorities (DPAs), regulators and industry bodies
- Experience in implementing Europe’s data protection requirements applicable to the Financial Service sector, including GDPR
- Ability to plan, organise and prioritise tasks and projects
- Able to conduct the role with minimum supervision
- Strong team player and proven ability to lead working groups
- Fluent in English (mandatory)
- Strong communication skills capable of dealing with wide range of internal and external stakeholders.