Director – Group Data Privacy

The focus of the role is to assist the DataPrivacy Governance Officer (DPGO) with ensuring the JTC Group complies withData Protection legislation across all JTC offices, specifically how we manage,store, protect and handle our personal data in a compliant manner. This willprimarily involve overseeing and supporting the DPRs by advising on Europeandata protection requirements and how these can be applied across jurisdictionswith differing local data protection/ privacy laws in a commercially efficient manner.

You will be working closely with the DPGO tobuild and enforce a privacy framework for JTC and undertake projects to improvethe Group’s overall privacy maturity. You will also act as a point ofescalation for the other members of the Data Privacy Team and DPRs.

MAIN RESPONSIBILITIES AND DUTIES

Support Data Privacy Representatives: act as an escalation point for DPRs in relation to local data processing activities, providing guidance and assistance to all JTC jurisdictions including:

- Data Breaches: facilitate effective internal breach reporting workflow and provide guidance on compliance with Group breach notification procedures. Advise DPRs on risk assessment of Data Protection breaches and support them in relation to any necessary reports to the regulator and liaising with relevant stakeholders. Escalating any potential impacts of a breach on the wider group to the DPGO/Relevant Risk Committee.

- Data Subject Access Requests: oversee and project manage delivery of completed subject access requests and work with the DPGO to ensure all local data protection law requirements are complied with by the DPR/client teams responding to the request.

- Data Protection Impact Assessments:review Data Protection Impact Assessments (DPIAs) completed by the DPR/project stakeholders to ensure all risks appropriately mitigated and consistency of approach across the Group.

- Data Privacy Policies, Standards and Procedures: provide advice and clear guidance to the DPRs in relation to compliance with the Data Privacy Policies and Procedures set by the DPGO.

- Records of Processing Activity: oversee and project manage updates to the Records of Processing Activity by the relevant DPR to ensure consistency of approach across the Group and compliance with local law requirements

- Client Due Diligence Questionnaires/RFPs: act as an escalation point for the DPRs/other members of the Data Privacy Team in relation to DDQ’s initiated by clients.

- Ad hoc advice around specific areas or queries: act as an escalation point for the DPRs/other members of the Data Privacy Team in relation to complex queries or areas of concern.

- DPR Toolkit:Work with the DPGO to build a toolkit of guidance and templates for use by the DPRs across the Group.

- DPR Management: Oversee and manage DPRs to ensure all areas of the Group’s business are sufficiently and appropriately covered and DPRs are kept up to date with relevant legal changes and Group-wide initiatives that may impact their area. This includes chairing regular meetings with the DPRs and managing all relevant distributions lists for DPRs.

- Contract Review: Undertake first reviews of data protection aspects of contracts (including both client and vendor/supplier agreements) to ensure appropriate data protection clauses are included before escalating to DPGO for final review.

- M&A Integration Project Assistance: Assist the DPGO with any tasks identified as necessary to integrate acquired and/or new entities into the JTC Group structure.

- Expert Advice to Group functions: Provide expert input and resource to JTC’s group functions regarding their role in data protection compliance including Information Security and Risk and Compliance, acting as a subject matter expert in the area of data protection.

- General DPGO assistance: Provide support to the DPGO as required which may include responding to data protection queries from the wider group, conducting research into data protection laws and guidance, collating statistics for internal reporting purposes. This includes acting as an alternate/deputy for the DPGO during leave/absences.

- Adhere to JTC core values and expected behaviours.

- Any other duties as deemed necessary by JTC Senior Management.

ESSENTIAL REQUIREMENTS

- CIPP/E (or equivalent).

- 5+ years Post-Qualified Experience practicing law.

- Min. 1 year in a dedicated data protection role.

- Commercial approach to applying legal concepts.

- Excellent written and communication skills.

- Experience dealing with senior staff members/C-suite.

- Experience working in the financial services sector preferred.

- Knowledge of the California Consumer Privacy Act and / or Singapore Data Protection Act.

OUR COMMITMENT TO INCLUSION & WELLBEING

JTC is committed to fostering a healthy, inclusive organisation where all individuals feel welcome and feel able to participate in the workplace fully. We value different perspectives, backgrounds and lived experiences. This includes supporting employee wellbeing so that people feel equipped to thrive.

Whether you are just starting out or seeking new challenges, JTC offers an environment where you can grow, develop, and succeed at every stage of your career.

Stay up to date with expert insights, latest updates and exclusive content.

#J-18808-Ljbffr