Data Protection Officer (DPO) - Cluster Head for UK and Channel Islands

Are you looking for a career move that will put you at the heart of a global financial institution? Then bring your skills in data protection, GDPR compliance and records management to Citi's Privacy and Responsible Information Management team.

Serves as a senior compliance risk officer for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm's risk appetite and protect the franchise. In addition, engages with the ICRM product and function coverage teams, in order to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the Citi program framework.

Citi is looking to recruit an experienced Data Protection Officer (DPO) to meet its obligations under the Privacy Laws of the United Kingdom and Jersey Channel Islands. Reporting to the International Head of the Office of Privacy and Responsible Information Management. The statutory DPO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the Laws, Rules and regulations for the United Kingdom and Jersey Channel Islands. The DPO will have oversight of staff training, data protection impact assessments, amongst other tasks. The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization.

Essential Duties and Responsibilities:

• Implementing measures and a privacy governance framework to manage data use in compliance with the regulations, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
• Working with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Serving as the primary point of contact and liaison for the ICO and Jersey Channel Islands Data Protection Authorities on all data protection related matters under the regulations.
• Participating in the Data Privacy governance forums and committees where applicable.
• Managing and conducting ongoing reviews of Citi's privacy governance framework.
• Monitoring changes to local privacy laws and making recommendations to senior management when appropriate.
• Setting standards and reviewing policies and procedures globally that meet the requirements under the regulations and any localization requirements in countries of operation.
• Developing and delivering privacy training to various business functions.
• Coordinating and conducting data privacy audits.
• Collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues and providing training on the subject matter.
• Collaborating with the Information Security function(s) to maintain records of all data assets and exports and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).
• Working with designated privacy law attorneys across the Citi's offices and, where necessary, outside counsel to help advise on local data privacy law issues.
• Promoting effective work practices, working as a team member, and showing respect for co-workers.

Requirements:

• Substantial experience within a compliance, legal, audit and/or risk function, with recent experience in privacy compliance.
• Experience in developing policy and compliance training.
• Experience working in a regulated industry.
• Strong knowledge of data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• Sufficient knowledge of information technology and data management systems required.
• Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the firm.
• Experience of working in a large, global organisation.
• Ability to work unsupervised, exercise leadership, and influence change.
• Excellent writing and presentation skills.
• Strong change and project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines.
• Ability to undertake large, long-term projects, develop alternative methods to complete them, and implement solutions.
• Ability to use independent judgment and discretion when making majority of decisions.
• Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
• Ability to handle confidential and sensitive information with the appropriate discretion.
• Knowledge of PC applications, including MS Office.

Education:

• Preferably hold at least one Data Protection and/or Privacy certification such as, CIPP/E, CIPM, AIGP.
• Bachelor’s degree; experience in compliance, legal or other control-related function in the financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof; Advanced degree preferred.

What we can offer you:

• Generous holiday allowance starting at 27 days plus bank holidays; increasing with tenure.
• A discretional annual performance related bonus.
• Private medical insurance packages to suit your personal circumstances.
• Employee Assistance Program.
• Pension Plan.
• Paid Parental Leave.
• Special discounts for employees, family, and friends.
• Access to an array of learning and development resources.

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day. We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive.