Data Privacy Manager

Data Privacy Manager

Salary: competitive

The Role:

Dealing with a variety of stakeholders:

• In-House Counsel lawyers, Information and IT Security, Enterprise Risk and Internal Audit, IT, HR, Project Management Office and broader Business Services teams

The Main Responsibilities:

• The role is positioned within the General Counsel & Risk team as part of their global risk and compliance function.
• The individual will be the senior lead in privacy, will develop the firm's data privacy strategy alongside the Leader of the In-House Counsel team and then lead the implementation of the global privacy programme.

The Responsibility of This Role Will Be Across the Firm Globally Including:

Procedures, Policy and Other Privacy Documents

• Developing, managing and implementing global data privacy policies, standards, guidelines and procedures including updating intra-group transfer agreements.

Controls and Privacy

• Understanding the firm's activities in the collection, processing, access, ownership, location, cross border transfers and destruction of personal data and controlling the data map.
• Leading and managing the DPIA process including risk assessing new systems, processing and suppliers, working with project owners and IT Security.
• Maintaining an incident register.

Awareness and Training

• Developing new content and methods for data protection education and awareness.
• Advising senior business services managers on the key privacy risks the business faces both now and in relation to new services and products.
• Leading privacy programmes in all offices/regions, engaging with senior business services managers as needed.

Audit

• Lead and manage privacy concerns in client audits.
• Undertaking privacy compliance reviews of specific offices and business services functions.
• Supporting internal audit on data protection processing and activities and responding to internal and external audit findings.

Advising Lawyers and Other Stakeholders

• Providing (sometimes alongside In-House Counsel) data privacy advice to the business on all new processes and projects globally involving privacy issues. This can cover client matters or new firm projects.

Skills, Experience and Qualifications:

• Degree educated (technical degree or law degree preferred).
• We would expect the successful candidate to have a minimum of 3 years' experience in data privacy, data governance, and information security but may consider those with less experience providing they can demonstrate they meet the required competencies.
• Strong knowledge of the GDPR.
• Good awareness of data protection in other jurisdictions.
• Able to liaise effectively with both lawyers and IT staff.
• Ability to identify and analyse data protection risks and controls.
• Experience of drafting and monitoring adherence to policies, processes and general advice.
• Working knowledge of a broad range of IT issues, technologies, standards (especially ISO 27001), control frameworks and good practice.
• Adaptable, diligent and works with initiative.
• Strong internal relationship builder.