Location: London
Contract Type: Permanent
Work Pattern: Full Time and Hybrid
About The Role
MS Amlin Corporate Services Limited (the “Company”) is looking to recruit a Data Protection Manager (DPM) to work proactively as the Company’s Data Protection subject matter expert, promoting best practice and developing policies and procedures to support this.
The DPM will report to the Head of Risk and Assurance and will monitor compliance with data privacy practice internally to ensure that the business functions within the Company comply with applicable requirements under relevant data privacy legislation.
The DPM will be responsible for matters including but not limited to leading on the implementation of Records of Processing Activities, Transfer Impact Assessments and Data Protection Impact Assessments, updating and drafting policies/notices.
In addition to supporting the Company in relation to compliance with its privacy obligations, as the Company is a service provider providing intragroup services to other MS Amlin legal entities, the DPM will be providing support to the other DPOs which have been appointed by the other legal entities.
MS Amlin is part of a global top-10 insurance group, MS&AD. We’re made up of four distinct businesses covering Global Reinsurance, Lloyds Franchise, Local Specialty Insurer, and Business Services.
MS Amlin Business Services (MS ABS) supports the organisation through legal, HR, facilities management, IT, risk management, compliance, and finance. Our vision is to be a trusted partner and solution provider of choice.
What You’ll Spend Your Time Doing

The DPM will be expected to work closely with the Legal, Compliance, Information Security and Procurement functions within the organisation to develop, review and monitor policies and standards applicable to the business and to support the DPOs of the Company’s legal entity customers (“LE DPOs”). The DPM’s duties will include:

• Supporting the LE DPOs in developing, maintaining and implementing essential elements of the UK GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default
• Supporting the LE DPOs in developing and ensuring a privacy governance framework to manage data use in compliance with applicable legislation including drafting templates for data collection, assisting with data mapping and maintaining a record of all data processing activities conducted by the business
• Taking a lead role in assessing new legislation or other regulatory changes relating to data privacy and making recommendations as necessary to ensure that any risks are identified and mitigated, as well as ongoing compliance
• Supporting Procurement in reviewing supplier contracts to ensure that there are relevant provisions in all contracts to cover off data privacy and advising on standard contractual clauses and consents needed to implement projects in partnership with the Procurement and Information Security functions
• Working with key internal stakeholders to ensure compliance with data privacy laws in relation to any projects and completing and advising on data privacy impact assessments, legitimate interest assessments and transfer impact/risk assessments as required
• Acting as a point of contact within the Company for all data privacy queries
• Supporting the LE DPOs in managing and conducting ongoing reviews of their business’s privacy governance framework
• Setting standards and reviewing policies and procedures to ensure that these meet the requirements of any applicable data legislation
• Fostering an awareness of a data privacy culture within the Company
• Co-ordinating and working with business functions in conducting data privacy audits
• Supporting the maintenance of records of all data assets and maintain a data security incident management plan to ensure timely remediation of incidents including conducting impact assessments, providing security breach responses and responding to data subject access requests
• Ensuring that the business’s internal IT systems comply with all relevant data privacy and protection law, regulation and policy, including in relation to the retention and destruction of data
• Working with colleagues from other MS Amlin legal entities (some based in other jurisdictions) in relation to local data privacy law issues

You’re Going To Enjoy This Job If You…

• Have a strong knowledge of information technology and data management systems
• Are self-starter including the ability to effectively manage time well, prioritise efficiently and handle multiple deadlines
• Have a detailed oriented approach needed
• Are a strong team player with good managerial skills

What We Need From You

• Expert knowledge and in-depth understanding of data privacy legislation
• Experience in a similar type of role
• Experienced and able to work with One Trust software
• Good experience and understanding of the data processing operations carried out
• Ability to make good judgments regarding data privacy risks and to prioritise resources and activity around managing those risks
• Excellent command of written and spoken English so as to enable full and effective engagement with a wide range of stakeholders, including senior management
• Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
• Robust and resilient but with the ability to remain calm and controlled in difficult situations
• Well developed and professional interpersonal skills
• Knowledge and experience of working with EU and other jurisdictions in a data protection advisory capacity
• Hold at least one Data Protection and/or other Privacy certification such as CIPP, CIPT, ISEB or equivalent

We are stronger together because of our common interests and rich differences. You may be the strength we didn’t know we needed. Believe in yourself, and click apply today!

What Can You Expect From Us?

• Competitive Base Salary
• Performance Related Discretionary Bonus
• Holiday: 28 days core annual leave, and you can buy up to 5 days
• Pension: A minimum 2% employee contribution plus 7% MS Amlin contribution (9%) up to a maximum of 5% employee contribution plus 13% MS Amlin contribution (18%)
• Private Medical: cover for yourself. Family members/dependants can be added
• Flex Fund: £1,000 (pro-rated based on start date) to spend on flexible benefits
• Life Assurance: 10 x annualised base salary

Each one of us is unique because of our backgrounds, what we have learned so far and how we express that. Establishing an inclusive attitude helps us, organisationally, to ‘think outside the box’ because it calls on that diverse range of ideas, perspectives and lived experiences.
We commit to continuing our work towards a more diverse and inclusive future by recognising that our business, our teams and every colleague has a part to play in driving the positive change we all want to see.
Our values demonstrate our commitment to providing an environment in which each and every colleague is respected for who they are and what they can contribute to the business, regardless of nationality, race, ethnicity, religion/faith, sexual orientation, gender identity, gender expression, disability, socio-economic background, sex or age.

LI-hybrid #MSABS

• Supporting the LE DPOs in developing, maintaining and implementing essential elements of the UK GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default
• Supporting the LE DPOs in developing and ensuring a privacy governance framework to manage data use in compliance with applicable legislation including drafting templates for data collection, assisting with data mapping and maintaining a record of all data processing activities conducted by the business
• Taking a lead role in assessing new legislation or other regulatory changes relating to data privacy and making recommendations as necessary to ensure that any risks are identified and mitigated, as well as ongoing compliance
• Supporting Procurement in reviewing supplier contracts to ensure that there are relevant provisions in all contracts to cover off data privacy and advising on standard contractual clauses and consents needed to implement projects in partnership with the Procurement and Information Security functions
• Working with key internal stakeholders to ensure compliance with data privacy laws in relation to any projects and completing and advising on data privacy impact assessments, legitimate interest assessments and transfer impact/risk assessments as required
• Acting as a point of contact within the Company for all data privacy queries
• Supporting the LE DPOs in managing and conducting ongoing reviews of their business’s privacy governance framework
• Setting standards and reviewing policies and procedures to ensure that these meet the requirements of any applicable data legislation
• Fostering an awareness of a data privacy culture within the Company
• Co-ordinating and working with business functions in conducting data privacy audits
• Supporting the maintenance of records of all data assets and maintain a data security incident management plan to ensure timely remediation of incidents including conducting impact assessments, providing security breach responses and responding to data subject access requests
• Ensuring that the business’s internal IT systems comply with all relevant data privacy and protection law, regulation and policy, including in relation to the retention and destruction of data
• Working with colleagues from other MS Amlin legal entities (some based in other jurisdictions) in relation to local data privacy law issue