We are currently recruiting a Senior Data Protection Risk and Compliance Manager to join our team based in Chiswick, West London. The primary focus will be the overall management of all aspects of data protection compliance including data asset risk assessments, data protection impact assessments, maintenance of Records of Processing Activities (ROPA) and vendor risk management.
* Ensure that all technical staff within business units and regions are adequately trained and supported in completing their data protection compliance obligations.
* Drive and participate in the improvement of the data protection management system and keeping the relevant policies, procedures, tools and communication materials updated.
* Cooperate with the client compliance leads to respond to data protection compliance queries from internal and external stakeholders globally.
* Support certification leads with internal and external audits, including preparation, cooperation with auditors, quality management and contributing to data protection audits globally.
* Advocate the importance of maintaining accurate ROPA to functional heads in products, applications, infrastructure and operations.
* Manage and support the maintenance of ROPA across all business functions and locations.
* Maintain compliance dashboards that reflect the status and effectiveness of the data protection management system and report regularly on key activities such as data protection impact assessments, risk assessment, compliance and related projects.
* Assist product owners, application and infrastructure support to resolve compliance gaps with privacy best practices in products, applications and systems and provide expert opinion and guidance to improve.
* Support Privacy Program Managers with the implementation of Group Privacy compliance projects.
* Identify, record and review data assets and perform information security risk assessment with the help of SMEs across all business functions and locations.
* Initiate and undertake Data Protection Impact Assessments (DPIA) for high risk data processing activities across all business functions and locations;
* Advise on privacy-related risk mitigation and support the development of compliance measures / remedial action plans.
* Lead risk management and DPIA workshops and awareness sessions with internal stakeholders and maintain record of activities in risk management and privacy management software tools.
* Lead and be the main contact for vendor risk assessments.
* Manage third party professional services firms engaged to undertake data asset risk assessments, vendor risk assessments and DPIA.
* Participate in architecture reviews and project discussions to review, advise and recommend risk mitigation to ensure the integration of privacy and security in design, build and operations.
* Support the Chief Security Director with the management and recording of privacy incidents including the monthly reporting to various internal security and privacy committees
You can apply this job via clicking the button below.