Data Privacy Manager

The Data Privacy Manager will be a key member of Enstar's Data Privacy function, working closely with the Head of Data Privacy to design, implement and maintain a robust, multi-jurisdictional data privacy programme. The role holder will be instrumental in embedding a culture of privacy awareness across the business, ensuring compliance with applicable data protection laws across all territories in which Enstar operates, and supporting the business in managing privacy risk in a fast-moving regulatory environment. This is a technically demanding role requiring an experienced privacy professional who is performance driven and comfortable operating across both legal and operational dimensions of data privacy. The role requires strong communication and collaboration across all functional areas within Enstar and the ability to support delivery of an effective privacy program and solutions that balance regulatory requirements and business objectives.

What you will be doing

• Regulatory Compliance and Governance: Support the Head of Data Privacy in maintaining compliance with applicable data protection legislation across all operating jurisdictions (UK GDPR, EU GDPR, US privacy laws and Australian Privacy Act), managing the maintenance and updating of the ROPA, monitor regulatory developments as part of the Horizon Scanning Framework and manage regulatory registrations and filings.
• Privacy by Design: Manage the initiative to embed privacy by design default principles across the organisation.
• Data Subject Rights: Manage the end-to-end handling and recording of data subject rights requests across all jurisdictions.
• Privacy Assessments: Manage the end-to-end privacy assessment processes for PIAs, DPIAs and LIAs.
• Third-Party and Vendor Management: Ensure Data Processing Agreements (DPAs) are in place with all relevant data processors, manage privacy due diligence on third-party suppliers as part of the Supplier Engagement Framework.
• Data Breach Management: Support the management of personal data incidents from identification to resolution, if required, support the DPO in the assessment and management of notifiable breaches across jurisdictions, manage the testing of the Data Breach Response Plan, and liaise with Information Security to align incident management processes.
• Training, Awareness and Culture: Design and manage the delivery of data privacy training programmes for employees/contractors at all levels, monitor training completion rates, champion privacy awareness across the business. Assist with the design of the Data Privacy Champions Programme and manage the deployment and development of the Champions Programme.
• Privacy Risk Management: Manage the maintenance and development of the data privacy risk register within the Group’s ERM framework and GRC platform across all jurisdictions. To proactively identify and assess privacy risks, develop proportionate mitigation plans, processes and controls, track and report on risk mitigation actions and collaborate with relevant business functions.
• Policies, Procedures and Documentation: Develop, maintain and review data protection policies and procedures across all jurisdictions, manage the policy review schedule, prepare management information and reporting on the status of the privacy programme for the Head of Data Privacy and relevant stakeholders.
• International Data Transfers: Manage all international data transfer mechanisms across all operating jurisdictions, ensure all transfer mechanisms are current, properly documented and subject to regular review; manage the production of TIAs or TRAs where required; and maintain oversight of cross-border data flows arising from third-party arrangements.

What you will bring

• A minimum of four to six years of substantive, hands-on data privacy experience, ideally gained within a regulated financial services, insurance, or professional services environment.
• Relevant professional qualification CIPP/E, CIPM or equivalent.
• Demonstrable expertise in UK GDPR and the Data Protection Act 2018, with solid working knowledge of EU GDPR and at least one of: US privacy law (GLBA, CCPA/CPRA, state privacy laws), or Australian privacy law (Privacy Act 1988, APPs, NDB scheme).
• Practical experience of managing data subject rights programmes at volume, including SARs in a regulated sector context.
• Proven experience of conducting DPIAs and providing Privacy by Design advice to business stakeholders.
• Experience of negotiating and reviewing Data Processing Agreements and international data transfer mechanisms.
• Demonstrable experience of managing personal data breaches and advising on regulatory notification obligations.
• Experience in the insurance or reinsurance sector, with familiarity with insurance-specific data processing activities (claims, underwriting, fraud prevention databases, actuarial processing).
• Knowledge of the NAIC Insurance Data Security Model Law and state insurance commissioner notification requirements.
• Familiarity with the California Insurance Information and Privacy Protection Act (IIPPA) and its 2023 amendments.
• Experience of working within a multi-jurisdictional privacy programme spanning EEA, UK, US and/or Australian operations simultaneously.
• Legal qualification (solicitor, barrister or overseas equivalent) or privacy law academic background.

Who we are

We are a trusted global re/insurance group and the leading provider of retrospective solutions, with specialist underwriting capabilities. We help our clients manage risk, unlock capital and create the financial freedom to grow. With operations across the world’s major insurance hubs and a global network of close to 800 talented professionals, we bring expertise and fresh thinking to some of the industry’s biggest challenges.

Why Enstar

Learning and development are a fundamental part of every employee's career journey with Enstar. Supporting growth and career progression is key to how we engage our people - helping them to learn, grow and succeed at Enstar. We offer a range of initiatives and resources to support our people throughout their careers:

• Professional Qualifications and Study Support: We support employees who wish to take professional qualifications aligned to their role and career development.
• Training, Conferences & Seminars: As a global organisation, we work with many professional bodies to provide access to training programmes, conferences, seminars and continuing professional development (CPD) opportunities.
• Digital Learning Hub: Our digital learning hub, LinkedIn Learning, offers a wide range of self-serve resources, including courses, videos, eBooks, and audio books, to help employees build new skills and deepen their knowledge.

We also invest in physical, mental and financial wellbeing initiatives for our employees. Supportive teams, inspiring work and a positive working environment all contribute to our collective wellbeing. Beyond the workplace, we strive to make a positive influence in our communities and to continuously reduce our impact on the environment.

Enstar Inclusivity Policy: Our annual Inclusivity Index puts Enstar ahead of the industry in terms of promoting an inclusive and welcome working environment. We’re an equal opportunity employer and believe that our inclusive environment creates an authentic working culture. We don’t discriminate on the basis of age, physical or mental disability, gender reassignment, marriage and civil partnership, pregnancy and carer status, race (including colour, nationality, and ethnic or national origin), religion or belief, sex and sexual orientation. Enstar is committed to providing an accessible recruitment experience for all those interested in working with us. Please let your Enstar Recruitment Partner know if you require any reasonable accommodation during the application process due to a disability to enable you to fully participate in our recruitment process.