Location: Leeds
Risk Directorate
The Bank of England is a diverse organisation. Each of its 4,000 plus people are committed to public Risk management in its broadest sense is at the core of the Bank’s mission and is central to everything we do. As well as the diverse policy risks managed by the Bank’s three policymaking committees, the Bank is also exposed to a wide array of financial and non-financial risks.
The Risk Directorate was created following the 2018 internal Risk Governance Review and houses the second line of defence risk and compliance functions charged with providing effective oversight of the Bank’s financial and non-financial risks and ensuring compliance with its policies. The Directorate brought together various second line functions – Bankwide Risk, Financial Risk & Resilience, and the Bank’s central Compliance Division, including Privacy. The Risk Directorate also includes Business Continuity Management.
Internal Audit forms the third line of Defence for the bank and is part of the Risk Directorate for administration purposes but operates independently.
Department Overview
The Compliance Division sits within the Risk Directorate. Risk management in its broadest sense is at the core of the Bank’s mission and is central to everything we do. The Bank’s reputation for integrity and impartiality are key to maintaining our ability to discharge our mission.
The Compliance Division is a second line independent oversight function, responsible for reinforcing a culture of compliance across the Bank.
The Division
The Compliance Division:
- maintains a bank of clear, accessible and sensible policies, overseeing the quality and consistency and enforcing adherence to appropriate governance;
- acts to increase staff understanding of the Bank’s key policies and controls, designing a training programme to address key compliance risks / breaches / lack of understanding;
- fosters an environment of integrity and ethics and acts as a guardian of the Bank’s reputation;
- ensures that key policy-linked controls are effective and efficient; and,
- ensures that breaches are appropriately and consistently managed.
The Privacy team is part of the Compliance Division and is led by the Bank’s Head of Privacy and Data Protection Officer. The Privacy team owns the Bank’s privacy framework and shares accountability with business areas to enable the Bank to use personal data efficiently whilst maintaining compliance.
Job Description
Reporting to the Bank’s Data Protection Officer and working closely with other Privacy Managers and internal stakeholders across the Bank, this is a key role enabling the compliant use of personal data in support of business objectives. This role has a focus on accountability and how the Bank demonstrates compliance with data protection law, including implementation of the Bank’s internal data protection policy.
Core responsibilities include:
- Applying expert knowledge to provide high-quality and timely advice on compliance with all aspects of the Data Protection Act 2018, the UK General Data Protection Regulation, and related legislation, often in relation to complex matters requiring significant analysis in the context of central bank activities;
- Leading on the completion of Data Protection Impact Assessments and other privacy risk assessments to assess and clearly explain the consequence of proposed changes to business processes, make recommendations and agree appropriate mitigating actions with the Risk Owners;
- Where required, providing advice on the management and resolution of incidents involving personal data and if necessary, escalating breaches to the Data Protection Officer for review;
- Preparing and drafting reports on privacy risks and compliance for senior management including Bank-wide committees.
Additional responsibilities include:
- Leading on the review and development of the data protection policy, including the identification of key supporting controls;
- Supporting the Bank’s Data Protection Officer to ensure that the Bank can demonstrate compliance with UK data protection law and leading on regular compliance self-assessments using recognised frameworks;
- Identifying and collecting relevant metrics to provide demonstrable assurance to Bank oversight committees that data protection controls are operating effectively and are appropriately designed;
- Reviewing and developing efficient frameworks to ensure appropriate documentation is available to demonstrate compliance e.g. ROPA
Number of direct reports: 0
Role Requirements:
Minimum Criteria
- Demonstrable depth and breadth of privacy expertise gained through experience in roles as a privacy practitioner in large or complex organisations;
- Completion of relevant professional qualifications e.g. CIPP/E, CIPM, CIPT;
- Experience of carrying out Data Protection Impact Assessments.
Essential Criteria
- Ability to work to tight deadlines and respond to competing priorities in a fast paced environment, staying calm under pressure;
- Proven ability to analyse complex problems and propose pragmatic solutions;
- Be able to work autonomously;
- Confidently take responsibility for and ownership of risk based judgements and critical thinking in relation to privacy risk;
- Be able to understand broader perspectives and context of privacy risks whilst retaining an eye for detail;
- Excellent verbal and written communication skills, able to explain technical matters to stakeholders in a way that is straightforward, concise and meaningful to the audience.
Desirable Criteria
- Ability to build and maintain internal relationships and networks based on credibility, respect and trust. Strong business focus with the ability to work closely with and influence senior management and key decision makers, with the confidence to challenge, negotiate and persuade where appropriate.
- Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year. The Bank has the discretion to vary standard accrual rates and dial up and dial down rates at any time and to withdraw dial up and dial down options at any time.
- A discretionary performance award based on a current award pool.
- An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
- 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits.
- Private medical insurance and income protection.
The Bank of England welcomes applications from all candidates, but as a UK Visas and Immigration (UKVI) approved sponsor, we have a responsibility to comply with the Immigration Rules and guidance. As such, our ability to employ individuals who require sponsorship for immigration purposes is limited. The Bank cannot guarantee that you and / or the role you are applying for will be eligible for sponsorship and that any application made to UKVI will be successful. Eligibility will therefore be considered on a case by case basis.