Data Protection Compliance Officer

Data Protection Compliance Officer, you will support the Group Data Protection Officer (DPO) through the independent assurance assessment of Together's compliance with the UK General Data Protection Regulations (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communication Regulations (collectively "Data Protection Laws").

You will deliver Subject Matter Expert consultancy and oversight to key data protection related policy standards, owners and high-risk processing business functions, to ensure successful implementation and embedding of the data protection risk processes and controls across the business.

As a Data Protection Compliance Officer, we are looking for someone to:

• Assess and manage the impact of data protection risk, within the current business as usual process, to ensure it is within risk appetite
• Provide assessment and recommendations to improve controls within the BAU process across the three lines of defence
• Monitor and review all aspects of data protection obligations to ensure control, governance and assurance frameworks are compliant with regulatory expectations
• Engage the Group on their Risk and Control Self-Assessment activity to make sure data protection risks are appropriately identified, assessed, control tested and reported
• Provide ongoing monitoring and guidance against the maturity of the control framework
• Develop and maintain appropriate MI to demonstrate adequacy of control effectiveness and escalation in all activities, in alignment with the Enterprise Risk Management Framework
• Provide support, guidance, advice and review of the Data Protection Impact Assessment (DPIA) process - including Legitimate Interest Assessment's (LIA) and Transfer Impact Assessments (TIA)

Qualifications

Essential

• Experience in managing and working with data protection frameworks with particular focus on developing and performing oversight on data protection risk and control environment
• Strong track record in delivering practical and compliant data protection controls / solutions as well as assisting in the development of DPIAs with an organisation
• Expert knowledge of the Data Protection Laws, and industry practices
• Experience of being part of change initiatives and projects, identifying and driving change
• Excellent negotiation, influencing, relationship management and communication skills, both verbal and written, with the ability to translate complex / technical issues to meet the audience's competency level and in their 'language'

Desirable

• Any experience in information governance, information security or audit would be highly advantageous
• A data protection qualification such as BSC/ISEB, CIPP/E, CIPM or GDPR Practitioner would be desirable

]]>