Director, CFCC Data Conduct, Privacy & Sovereignty

at  Standard Chartered

JOB SUMMARY

The Director will play an essential role in the Group’s Data Protection Office (GDPO) / Data Conduct Compliance team.
To be successful, the candidate should have subject matter expertise (SME) in privacy and sovereignty, have experience in interpreting and advising on privacy or other data-related laws, or on data governance good practice including advising on new and emerging privacy and sovereignty laws, regulations and market trends.
The candidate should understand risk management and how to assess privacy and sovereignty risks, apply such assessment to daily work and advise relevant stakeholders accordingly.
The candidate should have broad understanding of the role of the Compliance Officer. The candidate must be a problem-solver, self-starter, a strong communicator, a team player, lead projects, work independently and with minimal supervision, and be results and goal oriented.

SKILLS AND EXPERIENCE

• Experience as a Privacy Practitioner advising on a wide range of privacy & data sovereignty compliance related matters; managing risks and developing pragmatic solutions to problems.
• Technical knowledge of privacy & data sovereignty laws and regulations in the UK, Europe & Asia.
• Ability to interpret and assess laws and regulations including recommendations from Data Protection Authorities and translate those into practical guidance for the relevant internal stakeholders.
• Ability to lead projects and manage stakeholders.
• Practical understanding of financial services.
• Ability to understand and map a process and to determine how privacy obligations impact a process.
• Ability to draft guidance and translate complex, regulatory concepts into practical, easy to understand recommendations that can easily be implemented by a variety of stakeholders.
• Experience of advising on data protection and data sovereignty related topics.
• Experience of implementing Privacy by Design.
• Practical knowledge of key information security principles.
• Proven ability to identify and articulate privacy & data sovereignty requirements, risks and issues, and to make pragmatic decisions / recommendations.
• Ability to understand business drivers and risk appetite and to align privacy compliance accordingly.
• Ability to pro-actively drive change, while being able to anticipate privacy challenges.
• Proven ability to incorporate privacy & data sovereignty considerations into innovative solutions so that the business can continue to function and evolve whilst ensuring the rights and freedoms of individuals are being met.

• Provide advice on the interpretation, application and implementation of laws and regulations pertaining to privacy, banking secrecy and sovereignty, and other relevant emerging laws, regulations and market trends.
• Provide strategic guidance on the impact on the laws and regulations pertaining to privacy, sovereignty, and other relevant emerging laws, regulations and market trends.
• Support the Global Head of Data Conduct, Head of Privacy and Sovereignty and the GDPO with the implementation of the Group’s privacy and sovereignty strategy.
• Provide expert guidance on privacy and sovereignty risk, and risk assessment, and management.
• Oversight and escalation of privacy and sovereignty risks and issues at relevant risk committees.
• Provide SME guidance to Businesses and Functions, and colleagues in Conduct, Financial Crime and Compliance (CFCC) on privacy, banking secrecy and sovereignty risks and other applicable privacy and data protection legislation across the Group’s footprint.
• Monitor relevant legislative and regulatory changes and advise on associated impact to the Group’s business and operational functions.
• Actively engage in and contribute to the relevant workstreams of the Group’s Data Shield.
• Develop and implement a robust plan for privacy, and sovereignty risks.
• Advise on Privacy Impact Assessments (PIAs), Records of Processing Activities and data incidents.
• Lead global initiatives as requested by the GDPO.
• Develop and deliver training where required.
• Draft mandatory documentation, such as Standards and guidelines, and help maintain a library of mandatory documentation including an Obligations Register.
• Draft and maintain additional, non-mandatory documentation such as FAQs, Privacy.
• Sovereignty-related communications including content for the Group’s intranet (Pulse) site.