About Us
A career at Hitachi Rail will help create a legacy. With operations in every corner of the world, our work goes to the cutting-edge of digital transformation and technology. From the multi-cultural strength of our global organisation to the sustainable and innovative ways we work to bring people together, there’s something for everyone to get stuck into. And that’s where you come in.
Description

Here at Hitachi Rail, we have a unique and exciting opportunity for a Global Head of Privacy and DPO. This role will be a key member of the Legal, Contracts and Compliance team at Hitachi Rail. The successful candidate will be a technical specialist and global expert in data privacy responsible for leading a world class Data Privacy programme, having designed and implemented a holistic upgrade to, and streamlining of current practices. They will be the “go to” adviser on all topics relevant to data management and regulation globally.
The role will report to the Group Chief Compliance Officer and work closely with the Global Group General Counsel and their team plus other stakeholders (HR, IS/IT, etc.)
This role will require a unique blend of technical and regulatory expertise, passion for the subject, and an ability to balance tactical problem-solving with strategic vision and leadership. The successful candidate will need to navigate a large and diverse organisation which has been through several mergers, focusing on priorities, advocating for best practice and adapting to local conditions where needed.
A clear thinker who can balance rigour with pragmatism while remaining motivated by the challenge, they will need to engage effectively with all levels of the organisation. Once a common global Data Privacy programme is implemented and functioning, there will be opportunities to expand into supporting adjacent areas such as data management, product regulation and cybersecurity.
The position is based anywhere in UK (some travel to London)

Specifically, you will be responsible for the following deliverables:

• DPO: Serve as Global Data Protection Officer for all Hitachi Rail data privacy/protection matters with oversight, global accountability and responsibility for the appointment and active management of local DPOs where local law or regulation requires it, with appointees from either legal and compliance, HR, or other functions from within in the organisation as appropriate.
• Regulatory Compliance: Ensure regulatory obligations are fulfilled and monitor Hitachi Rail’s ongoing compliance with all applicable data privacy/protection laws, regulations and policies globally. Act as the global contact and escalation point for any engagement with relevant regulators or supervisory authorities.
• Privacy Governance: Develop and implement a global data privacy/protection governance model that is pragmatic, concise, efficient and effectively suited to business needs and constraints, as well as multi-jurisdictional challenges.
• Policies, Procedures, Standards, Tools: Manage (update, draft, harmonise, integrate) and control all policies, procedures, notices and standards for Hitachi Rail’s data privacy/protection programme. Ensure employee-facing resources are accessible and easy to understand. Recommend and implement tools for effective management of the programme, and to respond to audit or regulator requests.
• Agreements and Transactions: Execute data transfer agreements and advise on data privacy/protection issues and standard contract provisions in complex commercial transactions or agreements.
• Advisory: Provide expert legal guidance on data privacy/protection matters, advise on privacy implications in business projects and support various teams to ensure alignment with industry best practices. Monitor compliance with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations.
• Cross-Functional Engagement: Engage with IS/IT and cybersecurity incident response teams in matters concerning data privacy/protection. Prepare for, and respond to incidents concerning data privacy/protection, including providing legal advice concerning impact analysis, response, and communications.
• Culture, Communications and Training: Drive a “privacy-first” and data privacy/protection culture and awareness through targeted training programmes and privacy campaigns.
• Assurance: Develop KPIs to monitor and measure the programme. Conduct data privacy/protection compliance reviews or audits, monitor internal controls, and present findings and recommendations to relevant leadership teams.