My client, a unique financial services SME is looking to add to their existing privacy program with a senior hire in the team –
• Along with other members of the data protection team, advises on and leads personal data protection and data handling standards and on appropriate disclosure, notification and consent mechanisms. Researches and responds to privacy-related questions from business units as these arise.
• Maintains (or ensures maintenance of) data protection program documentation, including personal data records of processing, Data Protection Impact Assessments, data incident records; and conducts periodic compliance assessments of these
• Collaborates with IT, information security, human resources, marketing, and other business units as relevant to ensure incorporation of a “privacy by design” approach into data processing procedures
Responsible for program management of, and compliance with, the firm’s global privacy and data protection program and GDPR, including the following:
• Build, maintain and deliver operational data compliance through a robust control framework supported by a process of continuous improvement.
• Assists in the development and maintenance of policies, standards and standard operating procedures that support global privacy and data protection program objectives and compliance with GDPR.
• Work with the operational and functional business units to help embed the relevant policies and processes that relate to data protection and help them integrate these taking account of the commercial imperatives the business needs to deliver.
• Supports on-boarding due diligence and ongoing measurement and auditing on overall effectiveness of the privacy program, as regards third-party vendors, outsourcing and other partnerships, joint ventures etc
• Supports ongoing measurement and auditing on the overall effectiveness of the privacy program
• Management of International Data Transfer programme (incl. Global data mapping exercise, working with the IT on supplementary measures) and ongoing reviews to ensure compliance with Schrems 2 ruling/EDPB data transfer guidelines.
• With support from the Office of General Counsel, update all existing data transfer agreements with newly published Standard Contract Clauses
• Provide metrics and reporting to DPO on the above
• Leadership of other relevant data protection projects as required
• Data Protection representative in governance committees
Essential Skills and Experience:
• 5 years + in data protection and governance and/or privacy programme management proven to help and support the Company comply with GDPR
• depth of experience necessary to demonstrate an ability to deliver results in advancing corporate privacy programs
• Understanding of IT systems and their connection to data collection and processing
• Ability to deliver and advise on staff training
• Ability to work with business colleagues to devise pragmatic and creative solutions
• Excellent organizational skills and follow-through
• Project management skills
• Proven Audit experience preferred
Qualifications & Training
• CIPP/E and/or CIPM certification and/or qualified privacy lawyer
• Undergraduate degree preferred
• Fluent in oral and written English
• Fluency in other European languages desirable, but not necessary
• Project management qualifications preferred
• Audit qualification preferred
To apply for this job please visit www.cybersecurityjobsite.com.