Financial Services business offering a range of products in both the regulated and non-regulated markets, looking to appoint a Senior Privacy / GDPR Audit professional.Reporting directly to the Head of Department within Group Compliance, the position will play a key role in the planning, managing and delivery of Privacy Assurance audits across the wider organisation to support compliance with privacy legislation including, but not limited to, the UK General Data Protection Regulation (GDPR), Data Protection Act 2018, and the Privacy & Electronic Communication Regulations, as well as Information Security requirements (i.e. ISO27001).
· Delivering individual audit assignments, including the design and executing of appropriate testing strategies to provide a robust opinion on the design and operating effectiveness of the business’ processes and controls, agreeing pragmatic management actions and using knowledge of the business and risk to ensure that the significant issues are identified, and reported.
· Create, maintain, and drive the annual Privacy Assurance Programme working in conjunction with the Head of Assurance, Data Protection Officer, and other Senior Stakeholders.
· Continually and proactively challenging and developing the Privacy Assurance policies and procedures to realise efficiencies and promote continuous improvement.
· Drive, lead and develop this new role to achieve the expected successful outcomes.
· Support ISO27001 Audit activity across the business in conjunction with the wider Assurance team.
· Support/Management of a Privacy Horizon scanning programme to ensure that the organisation is always updated with new/changes to UK Privacy
· Genuine expertise in data protection and privacy developed over several years in a commercially focused role, ideally in an in-house or consulting environment.
· Experience of providing commercially focused, risk-based advice and guidance on a wide range of areas including marketing, consumer facing privacy and commercial issues, and risk management.
· Proven experience of developing and implementing a data protection and/or information assurance framework and testing programme.
· Strong knowledge of UK data protection law and requirements (GDPR in particular) as well as international data transfer obligations.
· Experience examining security controls (safeguards or countermeasures) to provide confidentiality, integrity, and availability of data (knowledge of ISO 27001 required).
· Proven communication and influencing skills with the confidence to liaise with all management levels
· Enhanced report writing
· Computer literate, MS Word, Excel, PowerPoint, Project, Access, Outlook.
· Full driving license essential