An exciting fintech platform is bringing experts and institutions together across the payments and banking industry. They are looking to bring in a Compliance and Risk Manager to focus on their data protection programme, with the opportunity to get involved in wider regulatory aspects moving forwards.
Purpose of the role
In this role, you will be responsible for privacy compliance, data protection, risk management, and health and safety to safeguard the organisation’s people, assets, and customers.
Responsibilities will include:
Compliance and Risk Management
- Maintaining, developing, and implementing privacy and risk management policies, protocols, and procedures.
- Planning and coordinating activities for specific compliance requirements.
- Providing subject matter expertise, evaluating proposals/contracts, and authoring amendments/additions.
- Managing the Risk Management process to ensure the right risks are identified, there is a sensible process to mitigate these risks, and appropriate stakeholder engagement.
- Collaborating to develop Privacy, Risk, H&S roadmaps including resource requirements and financial estimates.
- Creating reports for heads of services as to compliance levels, advising on data protection obligations and areas of focus.
- Acting as a project compliance assurance representative on multiple projects simultaneously, ensuring that project compliance objectives are delivered on time and meet stakeholder expectations for quality.
- Developing documentation and training materials required to ensure operational readiness.
- Monitoring organisation’s data protection compliance.
- Delivering an Internal Audit function and conducting regular audits against frameworks, e.g. ISO27K.
- Supporting Records Management processes such as data retention and classification reviews across project records.
- Providing assistance with compiling DPIAs (data protection impact assessments).
- Acting as a contact point for data subjects and the relevant supervisory authority – the ICO (Information Commissioner’s Office) in the UK.
- Acting as the DPO (Data Protection Officer).
- Being the ‘front door’ for any Audit activity from our customer banks, ensuring that they have sensible Terms of Reference in place, the right controls and protection, and that they have mobilised the appropriate internal resources.
Health and Safety
- Maintaining, developing, and implementing health and safety policies, protocols, and procedures.
- Evaluating and implementing measures to ensure that all staff are provided with a safe and secure environment to work in.
- Performing risk assessments.
- Investigating incidents in the workplace and writing-up accident reports.
- Enforcing health and safety laws and regulations.
- Providing in-house training sessions to ensure all staff keep up-to-date with company safety policies.
What we are looking for:
- An understanding of how to build, implement, and manage data protection programmes is essential.
- Expertise in national and European data protection law, including an in-depth knowledge of the GDPR.
- Cyber experience and qualification (e.g. CISSP or equivalent).
- Experience in supporting the management of privacy compliance, as well as general security compliance, preferably in Banking or Financial Services.
- Experience in delivering health and safety in the workplace.
- Knowledge of and ability to deliver operational security and privacy services to support compliance and audit frameworks (PCI, ISO27K, COBIT, NIST, ISF, GDPR etc.).
- Experience of working in an agile development environment is helpful.
- An understanding of how to manage the risks in a third party supply base.