Skip to content

Data Protection Consultant

Please Note: The application deadline for this job has now passed.

Job Introduction

The Bank has established a 1st line of defence Privacy Officer Team and a 2nd line of defence Data Protection Officer (DPO).

This role is located within the UK Information Security Team in the 1st line of defence of the Bank, and reports into the Bank’s Data Protection Manager. The team has responsibility for operating and embedding the Bank’s privacy framework and specialist data protection processes, acting on behalf of the Bank’s 1st line Privacy Officer.

 

The role of the Data Protection Consultant supports our UK banking operations implement adequate risk management to comply with UK privacy requirements. This requires a collaborative individual who has both detailed understanding of privacy requirements and practical application. They will be comfortable liaising with staff of all levels, including senior stakeholders.

 

Our UK Information Security Team is growing and its scope includes ownership and maintenance of the bank’s privacy and information security policy frameworks, as well as operating a number of key privacy and information security controls. We already have excellent relationships with our stakeholders, including the 2nd line DPO, product owners, system owners, senior management and IT teams in the UK and Sweden. To help our stakeholders provide excellent support to our branches and customers we are looking for an additional team member who is passionate about privacy and building innovative and pragmatic solutions, and who values our open collaboration with stakeholders.

 

Main Responsibility

  • Act as day to day lead for providing timely and informed policy advice, guidance and requirements relating to privacy and records retention requirements across the UK operations of Handelsbanken (including to branches, departments, Product Owners, System Owners and other stakeholders as required) to ensure the bank processes personal data in compliance with policy requirements;
  • Act as a specialist owner of 1 or more of the team’s processes and controls, such coordinating GDPR Rights requests, ROPA and Records Retention, maintaining specialist knowledge and continually evolving the processes and controls with reference to the bank’s global and local requirements;
  • Managing the provision of management information, as required, to ensure timely reporting of key privacy controls performance to a variety of stakeholders;
  • Maintain appropriate Fair Processing Notices (FPN)s for the bank, and support (and where required drive) branch, Product Owners and other stakeholders implement FPNs within their business processes to ensure fair and transparent collection of personal data by the bank;
  • Support the design and implementation of policy framework initiatives to ensure privacy and information security risk is effectively managed across the bank;
  • Support (and, where required, lead) specific data protection improvement initiatives owned by the UK Information Security team (as agreed with the Data Protection Manager);
  • Support (and lead, where required) business units to undertake Privacy Impact Assessments, and provide privacy support and requirements into processes managed by the UK Information Security team (as required), to ensure appropriate risk assessment and treatment of privacy requirements and risks in business units, projects and change initiatives;
  • Represent the Information Security team with a range of different stakeholders as a trusted privacy advisor, finding pragmatic and cost-effective solutions that efficiently support customer needs, business requirements and privacy best practice and UK regulatory requirements;
  • Act as lead Duty Incident Manager on a shared rota basis to manage information security and personal data breaches in accordance with the information security incident management processes, ensuring impacts and risks are appropriately identified, assessed and mitigated;
  • Support the bank's Procurement, Information Security and Legal teams, as required, to ensure privacy risks are identified and mitigated in third party supplier arrangements and appropriate GDPR requirements are built into contracts
  • Deputise for elements of the reporting manager’s role, on an ad-hoc basis, to cover absences, periods of increased workload, etc

The Ideal Candidate

  • Solid and demonstrable practical experience of applying and interpreting UK privacy law (e.g. DPA, PECR, GDPR, Lawful Business Practice Regulations, ICO Codes of Practice)
  • Strong communicator and ability to successfully communicate complex data protection requirements to non-technical stakeholders
  • Able to work independently, is proactive and can plan, organise and prioritise tasks and projects effectively
  • Pragmatic, and effectively balances risk and control requirements with commercial drivers and customer outcomes
  • Ability to solve problems creatively and effectively
  • Positive, collaborative and builds and maintains effective relationship with stakeholders across an organisation
  • Able to influence decision making to surface and mitigate issues and risks across a wide range of stakeholders
  • Additionally, a working knowledge of information security good practices is preferred

Package Description

Comp + Bens

About the Company

Handelsbanken is a relationship bank with a decentralised way of working, a strong local presence thanks to a nationwide network of branches, and a long-term approach to customer relations. Each Handelsbanken branch operates as a local business enabling it to make decisions at a local level and provide a bespoke service. The focus is always on the need of the individual customer and not on the sale of specific products. 

The Bank is deeply committed to embedding good equality and diversity practice into all of our activities. This is so that we are an inclusive, welcoming and inspiring place to work that encourages everyone to apply, regardless of socio-economic background, age, disability, pregnancy and/or parental status, race (including colour, nationality, and ethnic or national origin), veteran status, marital and civil partnership status, religion or belief, sex, gender reassignment or sexual orientation.

Data Protection Consultant

  • Salary Competitive
  • Frequency Annual
  • Job Reference hbuk/TP/156/284
  • Contract Type Permanent - Full Time
  • Closing Date 21 June, 2023
  • Business Unit Information Security (UKTI)
  • Location London OR Manchester , United Kingdom
  • Posted on 28 April, 2023

Spread the word

This website is using cookies to improve your browsing experience. Tracking cookies are enabled but these do not collect personal or sensitive data. If you prefer for this not to be collected, please choose to turn cookies off below. Read more about cookies.