Compliance & Data Protection Officer

Isle of Man
Permanent
 
Our client seeks a Compliance & Data Protection Officer to join their team.  
Role: To fulfil the regulated Compliance Officer role for Isle of Man (IoM) legal entities and to fulfil the role of the Data Protection Officer for the Group by providing input into the Compliance strategy and assist in the strategic execution of the Group's Compliance Plan in IoM and the Data Protection strategy across the region as required by relevant regulatory requirements, applicable codes of practice and minimum standards.    
Key Responsibilities:  
Data
  • The Data Protection Officer (DPO) must have sufficient jurisdiction-specific expertise in EU and global privacy law, to ensure compliance with regulatory requirements and the Group's Data Protection Policy and Minimum Standards to effectively support and advise the Group's business.
  • Develop Data Protection Policies, Standards and Procedures to ensure compliance with regulatory requirements and to mitigate potential data breaches or issues of non-compliance.
  • Monitor and support Business Units in the fulfilment of Data Subject Access Requests (DSAR) and other data subject rights, including quality control checks on DSAR disclosure material.
  • Determine the need to carry out data protection impact assessments and assist Business Units in carrying out data protection impact assessments where required.
  • Develop and deliver privacy training to Business Units to raise employee awareness of data privacy and security issues and to ensure data protection knowledge remains up to date, understood and tailored to business needs.
  • Co-operate with internal stakeholders, including Information Risk Management, Integrated Operational Risk, Compliance, Technology and Legal (or analogous functions).
  • Work collaboratively with designated Data Stewards across the Group to help implement data privacy best practice.
  • The DPO is responsible for leading and promoting data protection compliance across the Group and will serve as the primary contact for supervisory authorities and individuals whose data are processed by the Group.
  • Maintain a Data Privacy Regulatory Universe for the Group and assist in preparing Data Protection Risk Management Plans.
  • Manage and conduct ongoing reviews of the Group's privacy governance framework and regular and ad hoc reporting on data privacy compliance within the organisation.
  • Ensure that data processor contracts include content that adequately regulates the controller processor relationship by having sufficient precautions in place to fairly and adequately protect the Bank.
  • Implement data protection by design and by default that are suited to the risks and nature of processing operations.
  • Manage and conduct ongoing reviews of the Group's privacy governance framework and regular and ad hoc reporting on data privacy compliance within the organisation to ensure compliance to all the relevant policies and procedures of the Bank.
  • Utilise established mechanisms for reporting and resolving non-compliance with data protection regulatory requirements. Immediately report material compliance related matters to the Regional Head of Compliance.
  • Serve as the primary point of contact and liaison with the Information Commissioner's Office and other Data Protection Authorities on all data protection related matters under relevant data protection legislation.
People
  • Develop relationships with the IoM Business Units by being open and available to offer compliance assistance in order to obtain Businesses proactive engagement on issues of compliance during their dealings.
  • Contribute towards the creation of structured compliance monitoring plans for the IoM licenced entities in consultation with the Regional Head of Compliance and the Head of Monitoring.
  • Manage and support the IoM Compliance team in an effective and motivational manner, sufficiently developing, mentoring and coaching compliance team members.
  • Ensure that each Business Compliance Officer in the IoM and the MLRO have appropriate KRAs in place; and stretch goals in assisting in their growth.
  • Build capability by updating the knowledge and skills as per the requirements of the Continuous Professional Development (CPD) standards.
Risk, Regulatory, Prudential & Compliance
  • Analyse and identify compliance risks, processes and controls and provide advice to Business Units to effectively manage compliance issues.
  • Establish a compliance culture that contributes to the overall objective of prudent risk management by the Bank by upskilling staff members across the licensed entities within the Bank in order to reduce the risk exposure to the Bank.
  • Contribute towards the delivery of the annual compliance plan, in partnership with the wider Compliance team.
  • Promote effective delivery and management of Compliance risk through embedment of the Compliance Framework across the IoM licenced entities.
  • Manage interaction with the IoM Regulatory Authorities.
  • Ensure that an effective compliance training plan is adopted and implemented within the IoM licenced entities, covering all compliance risks. Work closely with the broader Compliance Function, Group Capability Build, Human Capital to ensure that the Compliance training plan responds to the business needs and ensure that all Group training capabilities are leveraged.
  • Proactively identify, analyse and track changes to regulatory requirements to ensure that business can respond proactively to regulatory change.
  • Provide induction training to all new recruits and ongoing training on regulatory matters as required to ensure that all members of the Group IoM remain compliant in all aspects of work and fulfil the compliance mandate.
  • Ensure Group Compliance Manuals, Policies and Training Material are aligned with regulatory requirements in the IoM.
  • Develop country and business specific Regulatory Universes and Compliance Risk Management Plans by engaging with the relevant Country and Business Units to ensure historical instances of non-compliance are planned to avoid and future facing risks are mitigated as far as possible.
  • Attend and participate in relevant business committees, meetings and initiatives to ensure that any compliance requirements are appropriately considered.
  • Utilise established mechanisms for reporting and resolving non-compliance with regulatory requirements. Immediately report material compliance related matters to the Regional Head of Compliance.
  • Report to the relevant line managers on adherence to policy and standards within the licensed entities within the IoM by compiling reports regarding individual and entity compliance highlighting cases of non-compliance to ensure risk to the bank is mitigated.
  • Understand the business and the financial regulatory environment to provide specialist advisory services to the business in IoM in discharging their responsibility to comply with applicable statutory, regulatory and supervisory requirements in order to avoid legal and reputational damage to the Bank as well as enhance ethical and trusted Brand creating strong relationships with the regulators and protect the Banks license to operate.
Key Skills & Experience:
  • Educated to degree level holding at least one data protection and/or privacy certification (such as CIPP, CIPT, CIPM, ISEB, PCdp) with proven experience advising as a DPO or as a data privacy compliance officer.
  • Understanding of South African and Africa Region Regulatory landscape and understanding of the South Africa Financial Advisory and Intermediary Services Act. (RE 1 Exams).
  • Understanding of IoM regulatory framework including understanding of: Anti-Money Laundering and Countering the Financing of Terrorism Code 2015, Proceeds of Crime Act 2008, General Data Protection Regulation (GDPR) and the Isle of Man FSA.
  • 5-7 years' experience in Regulatory Engagement; Regulatory approval to act as the Compliance Officer (CO) for the Isle of Man licensed entities, and the requisite skills to fulfil the role.
  • 8-10 years' experience in Compliance Operations; The role requires relevant experience in the financial services industry, specifically Compliance, and preferably with experience in Wealth, Private Clients and Trust services. The role requires expert knowledge on EU data protection laws and practices and sufficient knowledge of information technology and data management systems.
Your specialist: Sally Fenton
Quote job ref: 11432

Hi, I'm Sally and this is one of the job roles I am looking after for this super business. If this job is of interest for you, please submit your CV and we will come back to you to arrange the next staging.