Deputy Group DPO
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
As Deputy Group Data Protection Officer (Deputy DPO), the Executive Director will play a pivotal role in shaping and developing the Group's approach to data protection compliance. Reporting directly into the Group Data Protection Officer (GDPO), the Deputy DPO will manage the Group's DPO Office/CFCC Privacy Team and coordinate the Group's network of DPOs.
- Support the GDPO in leading the development of the Group's Data Protection strategy;
- Keep abreast of industry best practice in relation to financial services and provide relevant insight where there is privacy impact to the Group;
- Partner with country DPOs to provide expert guidance on GDPR and other applicable legislation across the Group's footprint;
- Monitor relevant legislative and regulatory changes and advise on associated impact to the Group's business and operational functions;
- Advise on the interplay with, and cross-over between, GDPR and other legislation impacting the Group.
- Review, assess and advise on Protection Impact Assessments (PIAs);
- Review and assess Records of Processing Activities (RoPAs);
- Ensure appropriate logs, processes and systems are in place to be able to respond to individuals when they exercise their rights;
- Develop and deliver training where required;
- Ensure the Group's DPO Office/ CFCC Privacy Team act as the first point of contact for data subjects and the supervisory authority on issues relating to the processing of personal data, including but not limited to data breaches and the consultation of high-risk processing;
- Manage the Group's DPO Office/ CFCC Privacy Team acting as the first point of contact and subject matter expert, giving advice on how to comply with data protection regulations and requirements;
- Oversee appropriate handling of personal data breaches, working closely with key stakeholders;
- Ensure appropriate logs, processes and systems are in place to respond to personal data breaches; and
- Update the UK ICO registration and manage the annual registration fee payment.
People and Talent
- Support the GDPO in managing the CFCC Privacy Team and ensure the team provides effective 2nd line support to the organisation;
- Promote good privacy practice and standards across the Group;
- Provide training to colleagues at all levels to ensure data protection principles and practices are adopted;
- Drive the development of a Privacy Communication & Awareness Raising Plan and ensure its implementation;
- Foster an environment that drives appropriate privacy risk control behaviour, including early anticipation, identification and mitigation of privacy risk, escalating issues in line with the Group's Operational Risk Framework.
- Define and monitor privacy performance metrics and assist in determining whether they indicate a need for corrective action;
- Oversee, monitor and challenge implementation of controls to mitigate risks;
- Ensure data protection controls are regularly tested in accordance with the controls testing plan;
- Lead risk assessments to identify gaps and deficiencies, and help determine remedial action to correct or mitigate risk;
- Provide expert guidance and support on privacy risk identification and management;
- Ensure proactive and timely identification, assessment, advice and dissemination of evolving legal and regulatory changes / practices and associated risks on client privacy issues across the Group;
- Assist in agreeing the scope of audits and Compliance Monitoring Reviews;
- Support with firm-wide internal audits as well as audits of third parties;
- Feed privacy requirements into the third party vendor framework to ensure data protection risks are appropriately integrated.
- Establish strong relationships with key stakeholders at all levels, while independently performing own duties;
- Strengthen the Group's reputation with external stakeholders;
- Represent the Group at industry fora; support the GDPO in engagements with key data protection / privacy authorities;
- Work with Businesses and Functions, and colleagues in CFCC, to identify and develop innovative solutions to personal data processing related matters;
- Support the GDPO in establishing and maintaining the network of country DPOs.
Regulatory & Business Conduct
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Group. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Lead the CFCC Privacy Team to achieve the outcomes set out in the Bank's Conduct Principles: Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- GDPO and the CFCC Privacy Team
- SGCC Leadership team
- CFCC Advisory Leadership team
- Regional CFCC Leadership team
- Country DPOs
- Head, Data Management & Privacy, Operations and team
- CFCC Assurance
- Group Internal Audit
- Connected Policy owners, including CISRO and CDO
- Legal (COO's team)
Our Ideal Candidate
- Embed Here for good and Group's brand and demonstrate the Valued Behaviours in SGCC.
- Perform other responsibilities as assigned.
- Extensive experience as a Privacy Practitioner advising on a wide range of privacy compliance related matters; managing risks and developing pragmatic solutions to problems, including employee privacy related issues
- Technical knowledge of privacy laws and regulations in the UK, Singapore and Hong Kong as a minimum
- Ability to translate UK ICO recommendations, case-law and any other policy developments into workable internal guidelines and documentation
- Practical understanding of financial services
- Ability to understand and map a process and to determine how privacy obligations impact a process
- Ability to draft guidance and translate complex, regulatory concepts into practical, easy to understand recommendations that can easily be implemented by a variety of stakeholders
- Experience of implementing Privacy Impact Assessments
- Experience of implementing Privacy by Design
- Practical knowledge of key information security principles
- Proven ability to identify and articulate privacy requirements, risks and issues, and to make pragmatic decisions / recommendations
- Ability to understand business drivers and risk appetite and to align privacy compliance accordingly
- Ability to pro-actively drive change, while being able to anticipate privacy challenges.
- Proven ability to incorporate privacy considerations into innovative solutions so that the business can continue to function and evolve whilst ensuring the rights and freedoms of individuals are being met
- CIPP certification or other equivalent industry recognised qualification
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .