Data Risk Manager

Job Title : Data Protection Risk Manager

Job Type: Permanent

Hiring Manager:Colin McLean, Head of Line 1 Risk & Governance, Europe

Location: Dublin (Hybrid), with a mix of time working in the office when business needs require it and the rest working remotely. We believe that benefits both you and our business, helping ensure that you can balance a successful career with your life outside of work while maximising the value of face-to-face stakeholder engagement.

Flexible working: All of our roles are open to part-time, job-share and other types of flexibility. We will discuss what is important to you and balancing this with business requirements during the recruitment process.

Who are we?

We want to be the best place that any of our 6,800 colleagues have ever worked.

We’re the UK’s largest long-term savings and retirement business. We offer our 12 million customers products across our market-leading brands, including Standard Life, SunLife and ReAssure, with c.£259 billion of assets under administration. We’re a FTSE 100 organisation that is tackling key issues such as transitioning our portfolio to net zero by 2050, and we’re not done yet.

The role

You’ll be part of a small team of risk professionals providing advice and guidance on Data Protection Risk matters and supporting compliance of the Group Data Protection Risk Policies across the Ireland branch of Standard Life International.

Using your knowledge to provide Data Protection Risk advice and guidance within large financial services organisations, you will evaluate and review areas of material risk in a dynamic and fast-paced business environment. Making valuable recommendations for improvements and supporting with Group Wide Data Protection Policy compliance interacting with stakeholders across the three lines of defence and senior business leaders across Phoenix Group.

You will provide advice, insight and challenge to promote and positively influence informed decision making and controlled risk-taking, improving customer outcomes and delivering long term value for shareholders.

Key Responsibilities

• Lead on maintaining and developing the business focus on managing and addressing Data and Records Management risks across the various Data Policies (Information Security, Data Governance, EUCs and Data Protection). Act as a point of contact and excellence for line 1 colleagues for Data Policy queries.
• We are looking for professionals with experience working in financial services and who have a strong understanding of Operational and Regulatory Risk associated with Data.
• Influence stakeholders across the European business to drive positive risk outcomes and gain buy-in on risk management initiatives.
• Provide advice and support which promotes informed decision-making and controlled risk-taking that improves customer outcomes and delivers long-term value to shareholders.
• Liaising with European Data Protection Officer and Group Data Protection Team as appropriate for Data Protection issues and matters arising in the European business.
• Manage the implementation, embedding and ongoing application & enhancement of the Information Security, Data Governance, and Data Protection Control Framework across the European business, including all related processes and methodologies, and related risk systems.
• Supporting the European business with completion of key Data Protection artefacts including Data Protection Impact Assessments (DPIA), Legitimate Interest Assessments (LIA), Transfer Impact Assessment (TIA), and Record of Processing Activity (RoPA).
• Undertake Line 1 Risk Reviews on key Data Risk focus areas, and presenting conclusions and findings back to senior stakeholders
• Prepare and present reporting to risk management committees on the key Data Risks of the European business, the application of the Control Frameworks, exposures against appetite and appropriateness of actions taken on incidents/breaches.
• Act as the Data Protection SME advising on key strategic projects for European business.
• Organise and deliver workshops/meetings/training sessions to promote a clear and consistent understanding of Data Risk and to promote discussion on risk issues and possible solutions within the European business.
• Work collaboratively with Line 2 and Line 3, forming strong relationships to ensure a collegiate and efficient approach to Data Risk and Control management

What We’re Looking For

• Managing of a variety of Data Risk related tasks concurrently with minimal support, meeting expectations on agreed deliverable and timescales.
• Expressing technical information in plain language for stakeholders with a range of technical and business experience.
• Able to plan and manage workload and deliverables of self in line with time and quality targets, with minimal support/supervision.
• Experience of operating in a regulated Financial Services organisation and of providing Data Risk advice and guidance in both BAU and Change activity whilst displaying a sound understanding of commercial objectives.
• An understanding of current best practice in Data Risk Management and policy implementation across a multi discipline business.
• Proven experience of building and maintaining stakeholder networks and credible relationships at all levels.
• Influencing and impacting internal business leaders; driving change to mitigate risk within commercial constraints.
• Continuously maintaining and developing technical knowledge (regulatory, legislative etc.) and applying this in conjunction with significant business awareness to provide review, challenge, and advice.
• Ability to embrace change and be able to manage and react quickly and appropriately to unforeseeable challenges and issues.

Essential

• Experience of working in a Risk related role within financial services

Desirable

• Knowledge of EU Data Protection Regulations along with any domestic Ireland legislation requirements.
• Knowledge of business processes fundamental in managing Data Protection Risk, such as Data Subject Access Request (DSAR) and Breach Management.
• Experienced with Data Protection Impact Assessments (DPIA), Transfer Risk Assessments (TRA), and Record of Processing Activities (RoPA).
• Knowledge of associated risk areas which impact upon Data Protection, such as Third Party Management, Records Management, and Data Security.
• This role has been identified as CF-2 under the Central Bank of Ireland’s Fitness & Probity regime. The successful candidate will be required to comply with the Central Bank of Ireland’s Fitness and Probity Standards on an ongoing basis. Further details are available on request from the HR Team or directly from the Central Bank of Ireland.

We want to hire the whole version of you.

We are committed to ensuring that everyone feels accepted and welcome applicants from all backgrounds. If your experience looks different from what we’ve advertised and you believe that you can bring value to the role, we’d love to hear from you.

If you require any adjustments to the recruitment process, please let us know so we can help you to be at your best.

Find out more about #LifeAtPhoenix

• Find or get answers from our colleagues: www.thephoenixgroup.com/careers/talk-to-us
• Find out more about Phoenix Flex, our approach to flexible working, here: https://www.thephoenixgroup.com/careers/flexible-working/

Key Competencies

• Customer At The Heart
• Impact & Influence
• Planning and Organising

We value diversity in our workforce and welcome enquiries from everyone.