Data Protection Manager
Moneycorp
full-time
Posted on:
Location Type: Hybrid
Location: London • 🇬🇧 United Kingdom
Visit company websiteJob Level
Mid-LevelSenior
About the role
- To ensure Moneycorp’s data is appropriately protected and processed in accordance with data protection laws and regulations.
- This role sits within Legal, working closely with the Senior Legal Counsel and Data Protection Officer, to embed the Group’s Data Protection framework and approach for effective data protection management across the organisation.
- The role acts as a bridge between Group-level data protection activities and business-specific management of related risks.
- It assists specific businesses units in managing their data protection risks in line with group-wide requirements, and managing their related risks.
- Set and deliver the Data Protection Strategy: Assist with delivering the Group data protection strategy and work with key stakeholders on identifying acceptable levels of privacy risks.
- Plan and develop strategies to improve the Group’s data protection compliance programme.
- Put in place appropriate technical and organisational measures to implement the data protection principles effectively and safeguard data subject rights (data protection by design and default).
- Identify the processes, controls and resources (both internal and external) required to facilitate the medium/long term goals and aims of the data protection function within the Group.
- Develop, maintain and publish up-to-date internal and external data protection policies, notices and procedures.
- Providing timely and considered advice and guidance on the processing of personal data in line with data protection laws and regulations.
- Handle a range of data protection matters relating to the Group, including dealing with data subjects (complaints, right of access requests, erasure requests and data portability requests), investigating data incidents and breaches, maintaining risk registers and data maps and conducting third party vendor management.
- Conduct internal audits to monitor compliance with data protection laws and regulations as well as with our own data protection policies.
- Increase knowledge and awareness of data protection together with delivering training across the Group.
- Assist the DPO on an ongoing basis including understanding the technical and operational measures that should be in place to ensure the security of personal data and assist with the implementation of such measures.
- Identify the Group’s information assets and maintain an information asset register.
- Assist with data protection audits from external auditors.
- Create, communicate and implement a Privacy Impact Assessment process including the assessment and treatment of privacy risks that may result from vendors, suppliers and other service providers.
- Advise business stakeholders when completing Data Protection Impact Assessments for new and revised processing of personal information, especially regarding assessment of risk and associated control implementation.
- Assist the DPO with providing regular reporting on the current status of the Group’s data protection compliance programme to key stakeholders.
- Develop and enhance a privacy framework based on appropriate best practice and guidance from regulators and external data protection specialists.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Manage data protection incidents and breaches, including liaising with key stakeholders and regulators where appropriate.
- Liaise with external agencies and other advisory bodies as necessary, to ensure that the organisation maintains a strong data protection compliance programme and culture.
- Coordinate the use of external resources involved in the information security program.
- Create a framework for roles and responsibilities with regards to information ownership, classification, accountability and protection.
Requirements
- A minimum of 3 years' experience working in a data protection role.
- Knowledge of data protection concepts, principles, regulation and legislation, specifically including in-depth understanding of the General Data Protection Regulation and Privacy and Electronic Communications Regulations.
- Experience building, implementing and managing data protection programmes within an international organisation.
- The ability to work under pressure in a fast-paced environment.
- Excellent report writing skills.
- Ability to liaise with all stakeholders across a business organisation.
- Good organisational and time management skills including the ability to prioritise effectively.
- A recognised qualification in Data Protection (CIPP, CDPO, CIPM or equivalent) would be preferred but not essential.
Benefits
- competitive salary
- private medical health insurance
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
data protectiondata protection compliancedata protection strategydata protection policiesdata protection auditsPrivacy Impact Assessmentrisk managementdata protection by designdata protection regulationsdata protection programmes
Soft skills
report writingstakeholder liaisonorganizational skillstime managementability to work under pressurecommunication skillsstrategic risk guidancetraining deliveryproblem-solvingcollaboration
Certifications
CIPPCDPOCIPM