Privacy Coordinator - Ipswich, United Kingdom - ISG plc

ISG plc

Verified Company

Ipswich, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Business Unit:
Group Enabling

Location:
Ipswich

Role purpose:

Reporting into ISG's Data Protection Officer, the Privacy Analyst is required to assist the data protection team in their remit to ensure the global business is compliant with all aspects of data protection regulations in the countries that ISG operates in.

The role requires strong communication skills, as there will be a need to work with colleagues at different levels of the organisation, from both an on-site/project and Enabling Department perspective.

The role is office based (with some flexibility on exact location) but some travel to ISG offices (particularly Central London and the other regional offices) and to a lesser extent project sites in both the UK/overseas may be required from time to time.

Key Accountabilities:

Analysis of the business needs of stakeholders and applicable regulations; in conjunction with the Data Protection Officer, provide relevant internal advice, using a risk-based approach.

Gather and compile information on ISG's business and supply chain practice, capturing what processing is undertaken, where/purpose, what risks such processing may present, and maintaining records/registers of such activities.

Collaborate with stakeholders to determine privacy requirements and clearly identify what data protection risks are present for any given business activity.

Under the guidance of the Data Protection Officer, conduct Data Protection Impact Assessments (DPIA) to help ISG and its partners make appropriate business and technology change decisions; ensuring they are produced to a high quality, and that risks are correctly identified and then tracked through to mitigation.

Support other colleagues from both Business Units/on-site project teams and Enabling Departments in completing DPIAs, as required.

Take a proactive approach to keeping up to date with changes in data protection regulations to ensure the data protection team aligns their advice with current guidelines and best practice.

Commitment to continued learning and professional development, remaining current with changing legislation both in the UK and internationally that could impact the business.

Work with the ISG's Risk, IT Security, Business Change, Compliance and Internal Audit teams on the information governance agenda.

Assist with Data Subject Access Requests (DSAR), identifying scope, eliciting relevant data from multiple sources, and redacting confidential/unnecessary information, as necessary.

Support the overall compliance program through a variety of tasks, including but not limited to; scoping and planning the delivery of risk mitigation activities, compliance analysis, document control, maintaining trackers for the DPO, researching policy updates, supply chain compliance and progress reporting.

Coordinate the review of contracts, agreements and Terms and Conditions to ensure that they are compliant with data protection legislation.

Participate in the maintenance of the data protection framework through measures such as project planning, document control, policy updates, maintaining records and registers, conducting supply chain checks, and reporting.

Audit processes, practices and documents to identify weaknesses and implement any required mitigations or improvements.

The postholder may be required to work in parallel with ISG's Business Assurance (Internal Audit) team with regard to the auditing of existing data protection processes and play a part in the recommended risk mitigating actions.

Liaise with ISG's external advisers, at the request of the Data Protection Officer, or to stand in for the Data Protection Officer from time to time.

The postholder may also be required to attend other senior forums from time to time, including the Risk Committee, Business Change Board, Data Governance Committee or Serious Incident Group, in support of the Data Protection Officer and/or Company Secretary.

Assist the Data Protection Officer in developing and potentially taking part in the delivery of data protection training to various internal stakeholders.

Skills & experience:

Passion for data protection, past experience is desirable but not essential
Ability to quickly understand core business, organisational processes, and operations
General understanding of change management in a business context
Excellent organisational skills
Ability to manage and work with confidential information in a discreet and professional manner.
Experience with business and technical requirements analysis, risk modelling, and process development.
Effective communication skills (verbal, written and oral) and ability to adapt approach and style appropriately according to audience and environment
Demonstrate initiative and a proactive approach to daily tasks

Experience as an Analyst or Project Manager in a complex technical environment (understanding and awareness of systems, software and information security) is desirable but not essential.

Experience of worki