Head of Data Privacy

The Head of Privacy is a key operational role within the Compliance function, responsible for establishing, maintaining, and continuously enhancing the organisation’s global privacy framework, supporting operations and processes. This role provides leadership, governance, and oversight to ensure personal data is processed in accordance with applicable laws, regulatory expectations, internal policies, and industry best practices. The role ensures that privacy risk is effectively identified, managed, and mitigated across all business operations, supporting the organisation’s commitment to ethical data use and regulatory compliance.

Reporting to the Chief Compliance Officer, the Head of Data Privacy works closely with the Group Data Protection Officer who performs an advisory role for data protection and privacy matters and with the Group Head of Compliance Assurance for monitoring and assurance work on the data privacy and protection framework. The role also works closely with the Data Office which is responsible for overall Data Strategy and Data Protection. Within Enstar, Data Protection is the technical implementation of regulatory requirements, including translating privacy rules into system level controls including data minimisation (stale data), retention automation, access controls and secure deletion.

What you will be doing

• Develop and deliver the global privacy plan aligned with business priorities and regulatory expectations.
• Lead the design, maintenance, and continual improvement of the Privacy Framework, including policies, standards, operating procedures, and governance mechanisms.
• Provide advice to senior leadership on privacy risk and emerging regulatory themes.
• Support and actively participate in the Compliance Horizon Scanning processes relating to Data Privacy and Data Protection laws and regulations, applicable to Enstar.
• Ensure privacy risk is integrated into enterprise risk management processes.
• Oversee and responsible for all privacy operations including DPIAs, LIAs, oversight of RoPA maintenance, data subject rights operations, and vendor privacy due diligence (data sharing).
• Overseeing and responsibility for tracking of data processing and data sharing agreements, such as vendor contract reviews, in compliance with applicable data protection laws, alongside the legal function.
• Providing subject matter expertise in the third-party oversight of data protection over TPAs and material vendors outsourcers.
• Responsible for the correct response to, processing of all Data Subject Access requests (DSARS) working closely with the Data Office and other teams to ensure they are appropriately addressed and responded to.
• Responsible for the delivery of Transfer Impact Assessments (TIA) for appropriate transfer of data from country to country, involving the DPO and legal function as needed.
• Drive the implementation of privacy-by-design and privacy-by-default throughout the organisation.
• Ensure privacy notices are appropriately updated and are in line with legal and regulatory requirements.
• Ensure that privacy process documentation is in place and is regulatory updated to reflect changes in business operations.
• Ensure that data privacy and protection controls are defined and maintained, guiding the business globally on the implementation, design and operation of the controls.
• Work closely with the Group Head of Compliance Assurance to ensure that routine testing and monitoring is appropriate and risk based.

Incident and breach responses

• Support Info Security and Risk management in the investigation of data breaches, both within Enstar and at third parties.
• Determine on the breach for regulatory reporting purposes and support the DPO in reporting obligations.
• Work closely with the Data Office on incident and breach responses as needed.

Business Partnering and Advisory

• Provide subject-matter expertise on data privacy to product, technology, compliance, legal, HR, procurement, and operational teams.
• Be the main point of contact for all data privacy and operational queries, ensuring that the Data Protection Officer (DPO) and the Data Office is aware and informed of such queries as needed.
• Advise on personal data processing within new and existing products, services, and system changes.

Training and Culture

• Design, deliver, and oversee privacy training programmes for all employees and senior stakeholders.
• Promote a strong organisational culture of responsible data use.
• Work closely with Compliance Operations to ensure delivery of a Data Protection and Privacy Training program.
• The role has responsibility for two Data Privacy/Protection Managers and is responsible for coaching and management of the team and fostering a high-performance culture, where talent and motivation thrive.

Reporting and Metrics

• Produce management information, dashboards, and reporting for senior leaders and board committees.
• Work closely with Compliance, Risk, Info Sec and the wider Data Management team to ensure comprehensive and cohesive reporting.
• Oversee remediation of identified privacy risks and gaps.

Collaboration with the Group Data Protection Officer

• Maintain open and transparent communication channels with the DPO.
• Support, but do not direct or influence, the DPO’s independent oversight work.
• Ensure the DPO has access to the information and resources required to perform their statutory duties.

In addition to the above key responsibilities, you may be required to undertake other duties from time to time as the Company may reasonably require.

What you will bring

• Demonstrable experience (ideally c. five years) in leading a Data Privacy/Protection function.
• An audit, compliance, risk management or data-privacy qualification would be desirable such as CIPP/E, CIPP/US or other. (Audit/Compliance/Risk)
• Demonstrable working knowledge of range of data protection legislation, with detailed knowledge of GDPR (UK and Europe) is essential. Knowledge of US and Australia, and Bermuda Data Protection laws is advantageous.
• Capability to evaluate a current state environment across multiple disciplines including finance, actuarial and claims.
• Strong and proven leadership skills.
• Strong gravitas, with ability to work across multiple business units and build consensus and buy-in.
• Excellent presentation skills with ability to provide non-finance stakeholders about current state and future state including tactical and sustainable solutions/benefits.
• Proven data literacy — the ability to describe business use cases/outcomes, data sources and management concepts, and analytical approaches/options. The ability to translate among the languages used by executive, business, IT and other stakeholders.
• Detailed knowledge and understanding of Insurance, financial and accounting data.
• Experienced in developing business cases for data initiatives in line with applicable laws and regulations.
• Ability to work in fast paced environment and manage multiple tasks and deadlines.
• Excellent communication, facilitation, interpersonal and team working skills with the ability to persuade and influence management and staff at all levels.
• Very strong analytical and problem-solving ability.
• Integrity and personal credibility with commitment to effective internal audit.
• Excellent report and documentation (for example policies & procedures) writing skills.

Who we are

Enstar is a trusted, leading global (re)insurance group that delivers innovative solutions that help our clients reduce risk, release capital and achieve finality. We operate through our network of group companies positioned across the world’s major insurance hubs, spanning Bermuda, the US, London, Continental Europe and Australia. We are dedicated to helping some of the world’s largest organisations manage risk, providing new opportunities and supporting freedom to grow. With deep expertise, a highly experienced team and a strong track record in the retrospective (re)insurance market, we are proud of our 30+ year history of building enduring partnerships and bringing fresh thinking to complex challenges. Our solutions are supported by Enstar’s robust balance sheet, as evidenced by our $20.3 billion in assets, financial strength ratings and partnership with Sixth Street, a leading global investment firm.

Enstar Inclusivity Policy

Our annual Inclusivity Index puts Enstar ahead of the industry in terms of promoting an inclusive and welcome working environment. We’re an equal opportunity employer and believe that our inclusive environment creates an authentic working culture. We don’t discriminate on the basis of age, physical or mental disability, gender reassignment, marriage and civil partnership, pregnancy and carer status, race (including colour, nationality, and ethnic or national origin), religion or belief, sex and sexual orientation. Enstar is committed to providing an accessible recruitment experience for all those interested in working with us. Please let your Enstar Recruitment Partner know if you require any reasonable accommodation during the application process due to a disability to enable you to fully participate in our recruitment process.