Data Protection Compliance Manager

Company Description

Data Protection Compliance Manager

Based: Cheadle, Greater Manchester

Salary up to £60,000 per annum, plus benefits including annual bonus

We are Together - Proud to be a Financial Services success story based in South Manchester.  Established in 1974, we employ over 600 colleagues.

A specialist lender offering a range of mortgage and secured loan products to individuals and businesses, who are typically underserved by mainstream lenders.  We play our part to turn challenges into opportunities, which make our customers' financial ambitions accessible.

Over 47 years of successful trading has positioned Together as a market leader, thanks to a common-sense approach to lending.

Together is a business that never stands still, providing an exciting place to work for individuals who deliver to a high standard and embrace change

As the Data Protection Compliance Manager, you will support the Group Data Protection Officer (DPO) through the independent assurance assessment of Together’s compliance with the UK General Data Protection Regulations (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communication Regulations (collectively “Data Protection Laws”).

Deliver Subject Matter Expert (SME) consultancy and oversight to key data protection related policy standards, owners and high-risk processing business functions, to ensure successful implementation and embedding of the data protection risk processes and controls across the business.

Job Description

Key Responsibilities

• Assess and manage the impact of data protection risk, within the current business as usual process (BAU), to ensure it is within risk appetite.
• Provide assessment and recommendations to improve controls within the BAU process across the three lines of defence.
• Monitor and review all aspects of data protection obligations to ensure control, governance and assurance frameworks are compliant with regulatory expectations.
• Engage the Group on their Risk and Control Self-Assessment (RCSA) activity to make sure data protection risks are appropriately identified, assessed, control tested and reported.
• Provide ongoing monitoring and guidance against the maturity of the control framework
• Promote and facilitate data protection risk awareness and understanding across the Group through generic and specifically targeted training and communication.
• Remain aware of leading practices on managing data protection risk and include these within the Data Protection Office BAU Operating Model.
• Develop and maintain key stakeholder relationships across the Group.
• Develop and maintain appropriate MI to demonstrate adequacy of control effectiveness and escalation in all activities, in alignment with the Enterprise Risk Management Framework.
• Provide SME oversight, advice and guidance to help colleagues and suppliers achieve desired data protection controls through their BAU activities.
• Provide support, guidance, advice and review of the Data Protection Impact Assessment (DPIA) process – including Legitimate Interest Assessment’s (LIA) and Transfer Impact Assessments (TIA).
• Oversee the Data Protection Third Party Management Process including, for example, review of contracts, assessment of due diligence responses, risk scoring et al.
• Focused and clear articulation and consideration of threats and impacts in making data related risk decisions within the Group.
• Maintain the library of policy and guidance documents to support the Group.
• Provide support and advice to the business in the identification, management and resolution of data related incidents.
• Manage correspondence with the Information Commissioner’s Office (ICO), where required.
• Deputise for the DPO where required.
• Provide matrix management to a team of Data Protection Champions across multiple Group functions.

Qualifications

Experience Required

Essential:

• A strong background of managing and working with data protection frameworks with particular focus on developing and performing oversight on data protection risk and control environment.
• Strong track record in delivering practical and compliant data protection controls / solutions as well as assisting in the development of DPIAs with an organisation.
• The ability to challenge colleagues in a collaborative and constructive manner to drive a pragmatic risk approach to data protection risk mitigation.
• Excellent negotiation, influencing, relationship management and communication skills, both verbal and written, with the ability to translate complex / technical issues to meet the audience’s competency level and in their ‘language’.
• Well organised and able to prioritise workload in line with tight deadlines and work effectively under pressure.
• Passion and enthusiasm to follow developments in privacy and data protection and maintain a professional expertise and personal interest in these subjects.
•  Expert knowledge of the Data Protection Laws, and industry practices.
• Experience of being part of change initiatives and projects, identifying and driving change.
• Demonstrable experience of working in a privacy, compliance or risk oversight role.

Desirable:

• Ideally you will have experience and understanding of financial services, lending products and operating models.
• Any experience in information governance, information security or audit would be highly advantageous.
• A data protection qualification such as BSC/ISEB, CIPP/E, CIPM or GDPR Practitioner would be desirable

Additional Information

Additional Information

We offer a range of company benefits, including shared reward scheme, discretionary bonus, 26 days holiday plus your Birthday - entitlement increases over time, holiday purchase scheme, matched pension contribution, life assurance, critical illness cover, health cash plan, private medical insurance, access to company's holiday homes, regular team/individual incentives, travel season ticket loans, Ride to Work scheme, free gym access and local bar/restaurant discounts.

Career development opportunities are excellent and where possible we offer sponsorship of relevant qualifications.

*please note that all successful applicants will undergo relevant employment reference, financial and criminal record checks.