Data Privacy Compliance Manager

Posted:
7/24/2024, 5:00:00 PM

Location(s):
Scotland, United Kingdom ⋅ City of Edinburgh, Scotland, United Kingdom

Experience Level(s):
Senior

Field(s):
Legal & Compliance

Role Description:

Data Privacy SME based within the second line of defence Risk & Compliance team and providing support and consultancy to FNZ (UK) Ltd, FNZ Securities Ltd and FNZ TA Services Ltd (‘FNZ UK’) in relation to data privacy / data protection laws and regulations.

The Senior Data Privacy Compliance Manager’s role is to work with the Data Protection Officer to:

  • promote a culture of data privacy compliance within FNZ UK

  • provide SME advice and consultancy for FNZ UK on maintaining its compliance with data privacy / data protection obligations primarily focussed on FNZ’s responsibilities as Data Processor.

  • provide support to FNZ UK’s Senior Management by providing oversight and assurance on the systems and controls connected with FNZ (UK) Ltd, FNZ Securities Ltd and FNZ TA Services Ltd, data privacy obligations.

Organisational Design:

Senior Data Privacy Compliance Manager reports to the Data Protection Officer

Team Responsibilities:

Providing an independent second line of defence Compliance function and supporting the business in relation to data privacy / data protection laws and regulations.

Specific Role Responsibilities:

Data Privacy Risk & Compliance Oversight

  • Providing consultancy and challenge to the business on data protection / data privacy on behalf of Risk & Compliance.

  • Working with Information Risk Management second line team and Information security first line teams to ensure strong controls over security of personal data.

  • Working with Data Governance first line team and oversight of FNZ UK’s mapping of personal data, and Records of Data Processing.

  • Oversight of Operations first line of defence controls over processing of personal data.

  • Oversight of Client Project teams and Technical Delivery to ensure that data privacy controls are built into platform delivery and change processes.

  • Oversight of Legal, Procurement and Supplier Management to ensure compliance with regulatory requirements applicable to data processor contracts.

  • Oversight of new business initiatives/ propositions, Client Platform releases  and Data Privacy Risk Assessments including those related to Cloud security.

  • Maintaining and updating the Risk & Compliance data privacy policies and procedures in line with applicable legislation, regulations and codes of practice.

  • Planning and undertaking (in liaison with the Compliance Monitoring team) Compliance Monitoring Reviews on Data Protection where required and undertaking BAU monitoring where required. Carry out thematic reviews across FNZ UK identifying and recording issues arising from such work and pursuing them to resolution.

  • Reviewing risk events, providing advice on DPA impacts/ breaches where applicable; oversight of investigation and remediation and completion of actions.

  • Overseeing and advising business owners as required on the investigation and resolution of Personal Data breaches, production of Incident Reports/ Assessments and reporting to clients

  • Providing consultancy and oversight to the business on responding to Data Subject Requests including DSARs

  • Providing consultancy and oversight to the business on the completion of Data Privacy Impact Assessments and International Transfer Impact Assessments.

  • Development and maintenance of training material for mandatory data privacy training modules for FNZ UK

  • Production of MI and reports to the FNZ (UK) Ltd, FNZ Securities Ltd and FNZ TA Services Ltd Board and management committees, as required.

Regulatory Records

To assist the DPO and oversee Business Owners to maintain appropriate records and documentation relating to data privacy, including:

  • Records of Data Processing as a Data Processor

  • Register of Personal Data breaches

  • Compliance Data Privacy Universe to support monitoring activity

  • Compliance Data Privacy Risk Register

  • Compliance Data Privacy Incident Reports/Assessments

  • FNZ (UK) Ltd, FNZ Securities Ltd and FNZ TA Services Ltd Data Privacy Impact Assessments and International Transfer Assessments

Regulatory Developments

  • To monitor the ICO, FCA and EU Commission websites for developments in regulation of data privacy and maintain an awareness of legislative changes and developments in industry best practice regarding data privacy.

  • Contributing as SME to the implementation of data privacy regulatory developments that impact FNZ (UK) Ltd, FNZ Securities Ltd and FNZ TA Services Ltd or its client platforms.

  • Providing impact analysis on data privacy regulatory changes as required.

  • Consultancy to the business to facilitate understanding of data privacy regulatory developments to enable embedding into processes and controls.

  • Assisting the Compliance Regulatory Developments team to ensure that UK data privacy regulatory changes are notified where appropriate to internal Committees and to clients through the Compliance Regulatory Developments team.

Managing Relationships

  • Providing support and challenge to key business stakeholders in managing data privacy risks and issues within the business.

  • Liaising with external stakeholders including clients, auditors, third parties as required.

 

Team working

  • Sharing ideas to enhance cross-team learning and development.

  • Building and maintaining relationships (internal and external)

  • Supporting the team’s efforts to succeed.

  • Balance team and individual responsibilities.

  • Exhibit objectivity and openness to others' views.

Maintaining operational and company standards

  • Supporting the organisation’s key business objectives whilst maintaining regulatory compliance.

  • Encouraging and driving quality and continuous improvement of processes used across the business.

  • Ensuring practices are compliant with regulatory bodies’ expectations.

Personal Effectiveness

  • Ability to prioritise work and manage service delivery targets within tight constraints, maintaining flexibility in respect of shifting business priorities.

  • Taking ownership for workload and is proactive in approach.

  • Strong communication skills, using appropriate language and style of communication that is relevant to the situation and circumstances to influence.

  • Demonstrating sufficient self-awareness to identify personal strengths and areas for development.

  • Ability to analyse and problem solve.

  • Calm, reasonable and professional manner.

  • Ability to work under pressure.

  • Flexible to change, eager to improve and develop new skills.

Performance Assessment

  • Meeting UK regulatory requirements in connection with data privacy.

  • Building awareness of data privacy within FNZ (UK) Ltd, FNZ Securities Ltd and FNZ TA Services Ltd.

  • Positive interaction with and feedback from internal / external stakeholders in relation to data privacy.

Experience required:

  • Previous experience in a data protection oversight, data protection consultancy or GDPR practitioner role, ideally within a financial services environment with experience in IT or Compliance role.

  • Good knowledge of GDPR and UK DPA requirements and related guidance.

  • Understanding of FCA rules and regulatory framework preferably gained through a compliance function.

  • Experience of platforms / investment operations services an advantage

  • Relevant professional or industry qualification.

  • Good communication, relationship management and influencing skills.

  • Ability to build and maintain effective internal and external relationships.

  • Ability to analyse, present and report regulatory information to stakeholders in a clear and concise manner.

#LI-CM1

About FNZ

FNZ is committed to opening up wealth so that everyone, everywhere can invest in their future on their terms. We know the foundation to do that already exists in the wealth management industry, but complexity holds firms back. 

We created wealth’s growth platform to help. We provide a global, end-to-end wealth management platform that integrates modern technology with business and investment operations. All in a regulated financial institution. 

We partner with over 650 financial institutions and 12,000 wealth managers, with US$1.5 trillion in assets under administration (AUA).

Together with our customers, we help over 20 million people from all wealth segments to invest in their future.