Group Data Protection Officer
Company Description
Fund services | Corporate | Capital markets | Private client | Regulatory & Compliance
We help clients succeed by unlocking new value through expertise, trust and scale. We deliver solutions that solve complex challenges faced by asset managers, financial institutions, corporates, high net-worth individuals and family offices.
With a curious mindset, we ask the right questions to get to the right solution, faster. We collaborate to win together, sharing successes and shaping the future of our global business. Our culture of support and recognition provides the tools and opportunities for you to grow, while unlocking the most value for our clients and making your mark with Ocorian.
Expertise: We deliver specialist, tech-enabled solutions for our clients grounded on deep industry expertise.
Trust: We’re a trusted partner to over 8,000 clients globally. We are proud to have long-lasting partnerships with our clients.
Scale: With more than 1,500 colleagues, we operate across 20+ countries, our scale enables us to support our clients globally and locally, providing a seamless client experience across borders and service lines.
Job Description
Purpose of the role
We are looking for a highly experienced Group Data Protection Officer / Data Privacy Lawyer who is looking for a new challenge and to progress their career, who has a genuine love of data protection, who wants to work on a range if interesting projects, accelerate their professional development, can think innovatively and provide practical and commercial advice in relation to data protection.
Main Responsibilities
Reporting to Head of Group Legal & Governance you will be the designated Group Data Protection Officer (GDPO) for all data controllers and responsible for carrying out the tasks prescribed by Article 39 of the EU/UK General Data Protection Regulation. You will be expected to provide specialist, pragmatic, regulatory and legal guidance and support to ensure that Ocorian has the right policies, processes, procedures and controls in place to operate in line with its obligations under applicable data protection laws and regulations that apply to our global businesses.
The role will include:
- Working collaboratively with the Legal Team, colleagues in Risk & Compliance, Information Technology and Information Security as well as the wider business to ensure that legal and regulatory requirements / best practices relating to data protection laws and regulations are effectively identified and implemented.
- Reviewing, maintaining and providing guidance on the development of compliant policies, procedures, privacy notices, processes and controls to facilitate compliance with applicable data protection laws and regulations.
- Reviewing / providing guidance on data privacy aspect of 3rd party supply contracts including carrying out data privacy due diligence on 3rd party suppliers.
- Working closely with the wider Risk & Compliance team to provide expert guidance on key aspects of data protection, privacy risk strategy, and compliance focussing efforts on areas that present higher data protection risks.
- Providing regular data protection compliance reports to the Information Governance & Security Committee.
- Serving as the primary point of contact and liaison with applicable supervisory authorities in each of our jurisdictions.
- Serving as the primary point of contact for data privacy queries in the Ocorian Group.
- Facilitating the identification, investigation management and resolution of data protection compliance related issues.
- Preparing relevant compliance reporting to meet both internal and external regulatory requirements.
- Engaging with front line operational business teams to inform, advise and train our employees about our obligations to comply with data protection laws and regulations.
- Monitoring compliance with the EU/UK GDPR and other applicable data protection laws, and with our data protection policies, including managing internal data protection activities and conducting compliance reviews.
- Ensuring that Ocorian is appropriately registered in compliance with regulatory requirements and maintains an active Article 30 Register of Processing Activities, and responsible for driving internal audit processes.
- Managing data privacy breaches or near misses, support the identification of the root cause, mitigations and monitor implementation to prevent recurrence.
- Overseeing the data subject access request procedure and monitor individual rights balanced with the legitimate interests of the businesses.
- Consulting with the business acquisition programme with due diligence support activities to ensure compliance with the applicable data protection regulations.
- Developing and delivering data privacy training to the Ocorian Group.
#LI-SM1
#LI-Hybrid
Qualifications Required
Knowledge, Skills & Experience
- Excellent understanding and knowledge of the EU and UK data protection legislation and regulatory regime and a good understanding of other major privacy frameworks and evolving legislation worldwide, with a proven history of working with other applicable data protection regulations.
- Qualified lawyer with 10 + years of post-qualification experience and 5 + years of subject matter expertise in providing compliance support for data protection compliance, and a proven track record in carrying out monitoring reviews.
- Previous experience in a global financial services environment with large client data sets.
- Demonstrable experience in the application and implementation of Privacy by Design and Default, conducting Data Privacy Impact Assessments and independent assessment of data breaches.
- Strong communication and interpersonal skills are essential; a people person skilled at building and maintaining relationships both internally and externally as well as managing key stakeholders.
- Ability to work collaboratively with relevant stakeholders to plan, organise and prioritise activities to efficiently meet business objectives.
- Work well under pressure, you will need to be a self-starter who will fill in gaps in your knowledge through continued professional development, and be flexible and comfortable with ambiguity and manage several tasks at the same time working to tight deadlines.
- It's a bonus if you have but not essential to hold a data protection and /or privacy certification such as CIPP/E, CIPT, ISEB, BCS Practitioner Certificate in Data Protection or equivalent
Additional Information
All staff are expected to embody our core values that underpin everything that we do and that reflect the skills and behaviours we all need to be successful. These are:
- We are CLIENT CENTRIC – Clients are at the centre of our world, and we’re committed to providing expertise and specialist solutions to meet their most complex challenges.
- We are AMBITIOUS – We aim high. We think and act globally, seizing every opportunity to delight our clients and support our colleagues - wherever in the world they may be.
- We are AGILE – We act on our initiative to get things done for our clients. Our independence gives us the flexibility and freedom to keep things simple, efficient and effective.
- We are COLLABORATIVE – With a curious mindset, we ask the right questions to get to the right solution, for our clients faster. We collaborate to win together and share our successes.
- We are ETHICAL – We behave with integrity at all times and assume positive intent, building trust through responsible actions and honest relationships.
Equal Opportunities for Everyone
Please let us know if there’s anything we can do to make the process easier for you. You can reach us at [email protected].
We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.