Data Privacy Manager

About The Position

Requirements

• A minimum of four to six years of substantive, hands-on data privacy experience, ideally gained within a regulated financial services, insurance, or professional services environment.
• Relevant professional qualification CIPP/US, CIPM or equivalent.
• Demonstrable expertise in US privacy law (GLBA, CCPA/CPRA, state privacy laws) at a state and federal level.
• Practical experience of managing data subject rights programmes at volume, including SARs in a regulated sector context.
• Proven experience of conducting DPIAs and providing Privacy by Design advice to business stakeholders.
• Experience of negotiating and reviewing Data Processing Agreements and international data transfer mechanisms.
• Demonstrable experience of managing personal data breaches and advising on regulatory notification obligations.

Nice To Haves

• Relevant professional qualification CIPP/E
• Demonstrable expertise in UK GDPR and the Data Protection Act 2018, with solid working knowledge of EU GDPR and at least one of: US privacy law (GLBA, CCPA/CPRA, state privacy laws), or Australian privacy law (Privacy Act 1988, APPs, NDB scheme).
• Experience in the insurance or reinsurance sector, with familiarity with insurance-specific data processing activities (claims, underwriting, fraud prevention databases, actuarial processing).
• Knowledge of the NAIC Insurance Data Security Model Law and state insurance commissioner notification requirements.
• Familiarity with the California Insurance Information and Privacy Protection Act (IIPPA) and its 2023 amendments.
• Experience of working within a multi-jurisdictional privacy programme spanning EEA, UK, US and/or Australian operations simultaneously.
• Legal qualification (solicitor, barrister or overseas equivalent) or privacy law academic background.

Responsibilities

• Support the Head of Data Privacy in maintaining compliance with applicable data protection legislation across all operating US jurisdictions and our other jurisdictions if required (UK, EU, Bermuda, and Australia), managing the maintenance and updating of the ROPA, monitoring regulatory developments as part of the Horizon Scanning Framework, and managing regulatory registrations and filings.
• Manage the initiative to embed privacy by design default principles primarily across the US businesses and our other jurisdictions if required.
• Manage the end-to-end handling and recording of data subject rights requests across the US and our other jurisdictions if required.
• Manage the review process and updating of privacy notices and cookie consent management.
• Manage the end-to-end privacy assessment processes for PIAs, DPIAs, and LIAs.
• Ensure Data Processing Agreements (DPAs) are in place with all relevant data processors, manage privacy due diligence on third-party suppliers as part of the Supplier Engagement Framework.
• Support the management of personal data incidents from identification to resolution, if required, support the DPO in the assessment and management of notifiable breaches across jurisdictions, manage the testing of the Data Breach Response Plan, and liaise with Information Security to align incident management processes.
• Design and manage the delivery of data privacy training programmes for employees/contractors at all levels, monitor training completion rates, champion privacy awareness across the business. Assist with the design of the Data Privacy Champions Programme and manage the deployment and development of the Champions Programme.
• Manage the maintenance and development of the data privacy risk register within the Group’s ERM framework and GRC platform across all jurisdictions. To proactively identify and assess privacy risks, develop proportionate mitigation plans, processes, and controls, track and report on risk mitigation actions, and collaborate with relevant business functions.
• Develop, maintain, and review data protection policies and procedures across all jurisdictions, manage the policy review schedule, prepare management information, and reporting on the status of the privacy programme for the Head of Data Privacy and relevant stakeholders.
• Manage all international data transfer mechanisms across all operating jurisdictions, ensure all transfer mechanisms are current, properly documented, and subject to regular review; manage the production of TIAs or TRAs where required; and maintain oversight of cross-border data flows arising from third-party arrangements.

Benefits

• Medical, Dental, and Vision healthcare for single and family coverage.
• Virtual 24/7 urgent care with board-certified doctors and pediatricians.
• Access to Health Savings Account (HSA) or Flexible Spending Account (FSA).
• Access to Dependent Care FSA to cover daycare expenses.
• Access to Employee Assistance Programs (EAP) for health and well-being.
• Optional Pet & Home/Auto Insurance.
• Wellness Reimbursement program (up to $600 annual reimbursement for wellness-related expenses, i.e., gym memberships, massage, etc.).
• 401K retirement plan (company matches up to 6% of employee contribution).
• One paid annual volunteer day.
• Professional Qualifications and Study Support.
• Training, Conferences & Seminars.
• Digital Learning Hub (LinkedIn Learning).