Job Description

The Role Responsibilities Job Role The Director will play an essential role in the Group\'s Data Protection Office (GDPO) / Data Conduct Compliance team. To be successful, the candidate should have subject matter expertise (SME) in privacy and sovereignty, have experience in interpreting and advising on privacy or other data-related laws, or on data governance good practice including advising on new and emerging privacy and sovereignty laws, regulations and market trends. The candidate should understand risk management and how to assess privacy and sovereignty risks, apply such assessment to daily work and advise relevant stakeholders accordingly. The candidate should have broad understanding of the role of the Compliance Officer. The candidate must be a problem-solver, self-starter, a strong communicator, a team player, lead projects, work independently and with minimal supervision, and be results and goal oriented. Strategy Provide advice on the interpretation, application and implementation of laws and regulations pertaining to privacy, banking secrecy and sovereignty, and other relevant emerging laws, regulations and market trends. Provide strategic guidance on the impact on the laws and regulations pertaining to privacy, sovereignty, and other relevant emerging laws, regulations and market trends. Support the Global Head of Data Conduct, Head of Privacy and Sovereignty and the GDPO with the implementation of the Group\'s privacy and sovereignty strategy. Provide expert guidance on privacy and sovereignty risk, and risk assessment, and management. Oversight and escalation of privacy and sovereignty risks and issues at relevant risk committees. Business Provide SME guidance to Businesses and Functions, and colleagues in Conduct, Financial Crime and Compliance (CFCC) on privacy, banking secrecy and sovereignty risks and other applicable privacy and data protection legislation across the Group\'s footprint. Monitor relevant legislative and regulatory changes and advise on associated impact to the Group\'s business and operational functions. Actively engage in and contribute to the relevant workstreams of the Group\'s Data Shield. Processes Develop and implement a robust plan for privacy, and sovereignty risks. Advise on Privacy Impact Assessments (PIAs), Records of Processing Activities and data incidents. Lead global initiatives as requested by the GDPO. Develop and deliver training where required. Draft mandatory documentation, such as Standards and guidelines, and help maintain a library of mandatory documentation including an Obligations Register. Draft and maintain additional, non-mandatory documentation such as FAQs, Privacy and Sovereignty-related communications including content for the Group\'s intranet (Pulse) site. People and Talent Provide effective second-line SME support and advice to the Group, particularly across Europe, Americas, Africa and the Middle East. Champion good privacy practice and standards across the Group. Develop and provide training to colleagues at all levels to ensure data protection principles, sovereignty principles and good practices are adopted. Collaborate with Businesses and Functions to foster an environment that drives appropriate privacy, b and sovereignty risk control behaviour, including early anticipation, identification and mitigation of privacy and sovereignty risk, escalating issues in line with the Group\'s Operational Risk Framework. Drive training and communications to promote awareness and continuous learning for risk control and governance aspects. Risk Management Oversee, monitor and challenge implementation of controls to mitigate risks. Ensure privacy and data protection, and sovereignty controls are regularly tested in accordance with the controls testing plan. Lead risk assessments to identify gaps and deficiencies, and help determine remedial action to correct or mitigate risk. Provide expert guidance and support on privacy and sovereignty risk identification and management. Ensure proactive and timely identification, assessment, advice and dissemination of evolving legal and regulatory changes / practices and associated risks on client privacy issues across the Group. Assist in agreeing the scope of audits and second-line / Compliance Monitoring Reviews. Support with firm-wide internal audits. Governance Draft committee papers pertaining to privacy and sovereignty, and provide timely and accurate reporting to relevant committees. Establish and maintain strong relationships with key stakeholders at all levels, while independently performing own duties. Work with Businesses and Functions, and colleagues in CFCC, to identify and develop innovative solutions to personal data processing , privacy and sovereignty related matters. Regulatory and Business Conduct Display exemplary conduct and live by the Group\'s Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Group. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Support the CFCC Data Conduct - Privacy and Sovereignty Team to achieve the outcomes set out in the Bank\'s Conduct Principles: Fair Outcomes for Clients Effective Financial Markets Financial Crime Compliance The Right Environment. Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Key Stakeholders Chief Data Office (Data Shield) Strategy, Governance and Core Compliance Leadership team CFCC Advisory colleagues Regional CFCC colleagues Country DPOs Head, Data Management and Privacy, Operations and team CFCC Assurance Group Internal Audit Connected Policy owners, including the Chief Information Security Risk Officer and Chief Data Officer Legal Businesses and Functions Other Responsibilities Embed Here for good and Group\'s brand and demonstrate the Valued Behaviours in the Strategy, Governance and Core Compliance team. Perform other responsibilities as assigned. Our Ideal Candidate . Qualified to degree level in relevant fields is preferred . A proven track record of experience in a Privacy based role preferably with a background in Compliance, Auditing, Legal and/or Risk Management . IAPP certification or other equivalent industry recognised qualification preferred but not essential . Strong interpersonal, relationship building, and influencing abilities . Highly entrepreneurial with a high level of energy, dedication and an unrelenting drive to deliver value, with a track record in creative and successful problem-solving . Ability to collaborate and work dynamically across a broad range of stakeholders . Ability to manage a geographically dispersed stakeholder base with multi-cultural awareness and sensitivity . Ability to participate within a multi-disciplinary team and be a strong team player . Highly disciplined and structured with an outcome orientated mindset and approach . Exemplary integrity, ethics, independent and resilience . Outstanding communication skills, both oral and written. Certification CIPP certification or other equivalent industry recognised qualification. Legal qualification or training preferable but not essential. Role Specific Technical Competencies Experience as a Privacy Practitioner advising on a wide range of privacy and data sovereignty compliance related matters managing risks and developing pragmatic solutions to problems Technical knowledge of privacy and data sovereignty laws and regulations in the UK, Europe and Asia Ability to interpret and assess laws and regulations including recommendations from Data Protection Authorities and translate those into practical guidance for the relevant internal stakeholders Ability to lead projects and manage stakeholders Practical understanding of financial services Ability to understand and map a process and to determine how privacy obligations impact a process Ability to draft guidance and translate complex, regulatory concepts into practical, easy to understand recommendations that can easily be implemented by a variety of stakeholders Experience of advising on data protection and data sovereignty related topics Experience of implementing Privacy by Design Practical knowledge of key information security principles Proven ability to identify and articulate privacy and data sovereignty requirements, risks and issues, and to make pragmatic decisions / recommendations Ability to understand business drivers and risk appetite and to align privacy compliance accordingly Ability to pro-actively drive change, while being able to anticipate privacy challenges Proven ability to incorporate privacy and data sovereignty considerations into innovative solutions so that the business can continue to function and evolve whilst ensuring the rights and freedoms of individuals are being met About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us. Our purpose, to , together with our brand promise, to be are achieved by how we each live our . When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental / maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

foundit