Senior Data Protection Risk and Compliance Manager
- 566 Chiswick High Rd, Chiswick, London W4 5TS, UK
- Employees can work remotely
International SOS is the world’s leading medical and security services company with over 10,000 employees working in 1,000 locations in 90 countries. We were founded on the principle of putting the patient first and this is still true today. Led by 5,200 medical professionals and 200 security specialists our teams work night and day to find solutions to protect our clients in whatever situation they may be facing; we assess, advise and assist from a medical, security and logistical perspective to help safeguard travellers internationally through providing invaluable local knowledge and expertise on a global scale.
We are currently recruiting a Senior Data Protection Risk and Compliance Manager to join our international Privacy Team. This role has the potential for remote working, and so can be located across Europe. The primary focus will be the overall management of all aspects of data protection compliance including data asset risk assessments, data protection impact assessments, maintenance of Records of Processing Activities (ROPA) and vendor risk management.
- Ensure that all technical staff within business units and regions are adequately trained and supported in completing their data protection compliance obligations.
- Drive and participate in the improvement of the data protection management system and keeping the relevant policies, procedures, tools and communication materials updated.
- Cooperate with the client compliance leads to respond to data protection compliance queries from internal and external stakeholders globally.
- Support certification leads with internal and external audits, including preparation, cooperation with auditors, quality management and contributing to data protection audits globally.
- Advocate the importance of maintaining accurate ROPA to functional heads in products, applications, infrastructure and operations.
- Manage and support the maintenance of ROPA across all business functions and locations.
- Maintain compliance dashboards that reflect the status and effectiveness of the data protection management system and report regularly on key activities such as data protection impact assessments, risk assessment, compliance and related projects.
- Assist product owners, application and infrastructure support to resolve compliance gaps with privacy best practices in products, applications and systems and provide expert opinion and guidance to improve.
- Support Privacy Program Managers with the implementation of Group Privacy compliance projects.
- Identify, record and review data assets and perform information security risk assessment with the help of SMEs across all business functions and locations.
- Initiate and undertake Data Protection Impact Assessments (DPIA) for high risk data processing activities across all business functions and locations;
- Advise on privacy-related risk mitigation and support the development of compliance measures / remedial action plans.
- Lead risk management and DPIA workshops and awareness sessions with internal stakeholders and maintain record of activities in risk management and privacy management software tools.
- Lead and be the main contact for vendor risk assessments.
- Manage third party professional services firms engaged to undertake data asset risk assessments, vendor risk assessments and DPIA.
- Participate in architecture reviews and project discussions to review, advise and recommend risk mitigation to ensure the integration of privacy and security in design, build and operations.
- Support the Chief Security Director with the management and recording of privacy incidents including the monthly reporting to various internal security and privacy committees.
Required Experience & Skills
- Experience in data protection and legal compliance
- Solid knowledge of GDPR and national data protection laws
- Experience working with OneTrust or similar ERM software
- Familiarity with computer security systems
- Good exposure and knowledge on IT security controls and best practices
- Ethical, with the ability to remain impartial and report all non-compliances
- Proven ability to work in multicultural and multi-geographical environment
- Ability to work autonomously or as part of a team, within targets and deadlines
- Required Certifications: CIPM and CIPP-E or CIPT
Diversity & Collaboration
Our company brings together remarkable people and enables them to be themselves.
At International SOS, we offer a great working environment, thanks to our commitment to a flexible working environment, diversity, and development.
We celebrate diversity on a global scale. We encourage every colleague to bring their personal best by creating an environment of inclusion and equal support.
Our success is the result of diverse ideas, skills, and cross-cultural understanding.
International SOS has been recognised as a Top Employer in the UK by the Top Employer’s Institute (TEI) for 2021