Data Protection Consultant - London, United Kingdom - Handelsbanken

Handelsbanken
Handelsbanken
Verified Company
London, United Kingdom

2 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description

Job Introduction:


The Bank has established a 1st line of defence Privacy Officer team and a 2nd line of defence Data Protection Officer (DPO).


This role is located within the UK Information Security Team in the 1st line of defence of the Bank, and reports into the Bank's Data Protection Manager.

The team has responsibility for operating and embedding the Bank's privacy framework and specialist data protection processes, acting on behalf of the Bank's 1st line Privacy Officer.


Our UK Information Security Team is growing and its scope includes ownership and maintainance of the bank's privacy and information security policy frameworks, aswell as operating a number of key privacy and information security controls.

We already have excellent relationships with our stakeholders, including the 2nd line DPO, product owners, system owners, senior management and IT teams in the UK and Sweden.

To help our stakeholders provide excellent support to our branches and customers we are looking for an additional team member who is passionate about privacy and building innovative and pragmatic solutions, and who values our open collaboration with stakeholders.


Main Responsibility:


  • Act as day to day lead for providing timely and informed policy advice, guidance and requirements relating to privacy and records retention requirements across the UK operations of Handelsbanken (including to branches, departments, Product Owners, System Owners and other stakeholders as required) to ensure the bank processes personal data in compliance with policy requirements;
  • Act as a specialist owner of 1 or more of the team's processes and controls, such coordinating GDPR Rights requests, ROPA and Records Retention, maintaining specialist knowledge and continually evolving the processes and controls with reference to the bank's global and local requirements;
  • Managing the provision of management information, as required, to ensure timely reporting of key privacy controls performance to a variety of stakeholders;
  • Maintain appropriate Fair Processing Notices (FPN)s for the bank, and support (and where required drive) branch, Product Owners and other stakeholders implement FPNs within their business processes to ensure fair and transparent collection of personal data by the bank;
  • Support the design and implementation of policy framework initiatives to ensure privacy and information security risk is effectively managed across the bank;
  • Support (and, where required, lead) specific data protection improvement initiatives owned by the UK Information Security team (as agreed with the Data Protection Manager);
  • Support (and lead, where required) business units to undertake Privacy Impact Assessments, and provide privacy support and requirements into processes managed by the UK Information Security team (as required), to ensure appropriate risk assessment and treatment of privacy requirements and risks in business units, projects and change initiatives;
  • Represent the Information Security team with a range of different stakeholders as a trusted privacy advisor, finding pragmatic and costeffective solutions that efficiently support customer needs, business requirements and privacy best practice and UK regulatory requirements;
  • Act as lead Duty Incident Manager on a shared rota basis to manage information security and personal data breaches in accordance with the information security incident management processes, ensuring impacts and risks are appropriately identified, assessed and mitigated;
  • Support the bank's Procurement, Information Security and Legal teams, as required, to ensure privacy risks are identified and mitigated in third party supplier arrangements and appropriate GDPR requirements are built into contracts
  • Deputise for elements of the reporting manager's role, on an adhoc basis, to cover absences, periods of increased workload, etc
  • Strong communicator and ability to successfully communicate complex data protection requirements to nontechnical stakeholders
  • Able to work independently, is proactive and can plan, organise and prioritise tasks and projects effectively
  • Pragmatic, and effectively balances risk and control requirements with commercial drivers and customer outcomes
  • Ability to solve problems creatively and effectively
  • Positive, collaborative and builds and maintains effective relationship with stakeholders across an organisation
  • Able to influence decision making to surface and mitigate issues and risks across a wide range of stakeholders
  • Additionally, a working knowledge of information security good practices is preferred
More jobs from Handelsbanken
See all jobs of Handelsbanken