Sr Global Data Privacy Manager

We are seeking a highly skilled and experienced Senior Global Data Privacy Manager to lead our data privacy initiatives across multiple regions. The ideal candidate will have a deep understanding of global data privacy laws and regulations, and a proven track record of implementing and managing data privacy programs and compliance in a financial services environment.

ROLE AND RESPONSIBILITIES

• The Sr Global Data Privacy Manager will report into the Global Head of Data Privacy and Group DPO and is responsible for ensuring that the CMC Markets Group meets its data privacy/data protection regulatory and legislative obligations around the world in accordance with good industry practice.
• Work with the Global Head of Data Privacy and key business functions including Senior Business Management, Legal, Marketing, Product, Systems Development, IT Security and Compliance on Data Privacy matters.
• Relevant knowledge with proven experience in data protection regulations in the UK and/or across the rest of the World - (Europe, APAC (particularly Australia / Singapore and Dubai), preferably in the financial services/. Fintech industry.
• Seasoned Data Privacy experience with in-depth knowledge of Data Privacy laws and managing in-house data privacy professionals.
• Expertise in assessing 3rd party vendors in relation to Data Privacy and assist with due diligence and third-party vendor contract reviews that have data protection implications, including the sharing of personal data or the integration of any third-party technical system and/or software.
• Ensuring Data Privacy is considered in the new product approval and technology change processes, providing challenge in relation to strategic initiatives to new business propositions on Data Privacy.
• Exceptional technical and regulatory knowledge in the areas of Data Privacy.
• Expertise and experience of utilising Data Privacy by Design (technical knowledge of Apple & Android, cookies, SDKs and APIs).
• Support and maintain a Global Data Privacy Framework reflecting minimum standards and requirements in line with regulatory and legislative obligations and good industry practice.
• Experience of cloud computing, GDPR, PECR, FCA, BaFin, MAS and ASIC regulations and ICO, Hessian and other DP authorities. Assist in advising on the global privacy compliance programme for the Group in each jurisdiction in which it operates.
• Demonstrate strong regulatory research skills, including researching data privacy and data breach laws for individual countries affecting the Group’s clients, employees, and vendors.
• Support Data Privacy Analysts and IT in processing data subject access requests and maintain procedures and systems to support this.
• Maintain procedures to respond to requests for right to be forgotten or for retention and erasure of data. Help maintain personal data inventory ROPA and Data discovery targeting of personal data held by the CMC Group
• Engage in regular communication within the project team, stakeholders and build and maintain collaborative relationships across the Group, working closely with the Legal, Group Operations, Client Management, Marketing, Compliance, IT Security and Systems Development teams.
• Experience with privacy impact assessments and privacy risk and control assessments
• Support Group governance forums for Data Privacy as part of a governance /compliance framework (including GDPR), ensuring required oversight, visibility and escalation.
• Experience with handling and advising and management of data breach or technology related incidents.
• Identify security laws applicable to organisation, based on jurisdictions and activities dealing with international Data Protection Authorities where appropriate.

KEY SKILLS AND EXPERIENCE

• Professional Privacy Certification from the International Association of Privacy Professionals (e.g., CIPP/E, CIPP/M) or equivalent.
• IBITG (International Board for IT Governance) or BCS qualification in Data Protection/GDPR
• 8 plus years’ experience with certifications in one or more of the following disciplines: in Data Privacy, Risk Management, Internal Audit, Legal or Information Technology would be useful.
• Analytical and enquiring nature, ability to solve problems.
• Ability to identify potential risks and design appropriate solutions to remove/reduce them.
• Has a professional demeanour and possesses considerable presence, impact, and gravitas to command respect within the organisation.
• Excellent communication skills, both oral and in writing, with the ability to work across different jurisdictions and with stakeholders across different parts of the group.
• Ability to build business relationships, capacity to influence and convince.
• Effective communication skills with the ability and gravitas to communicate complex issues to Directors and Senior Management.
• Solid understanding of the laws and regulations that cover Data Privacy and financial services.
• Other language nice to have particularly German, but not essential.