Rothesay is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £60bn of assets and securing pensions for over 830,000 people. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.
At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.
Job title: Data Protection Specialist
Reporting into: Head of Data Protection
The Data Protection team, forms part of the Information Security team. It works across the operational, development and business team to maintain the confidentiality, integrity and availability of Rothesay’s data. This ensures Rothesay meets its obligations with all data protection laws and regulations.
Under the leadership of the Chief Technology Officer, Rothesay is incrementally delivering a multi-year project - Project Quest to redevelop and modernize the full technology stack, encompassing pricing and other analytics, risk management, market data and trade capture and reporting.
Project Quest is progressing well and we are in the early stages of migrating functionality onto cloud infrastructure, which provides an exciting opportunity for the information security team to become even more closely involved in the project. This includes defining and implementing data security controls, designing and establishing secure data handling processes, managing data requirements in a cloud first ecosystem, and designing best in class data privacy operations.
We are looking for a Data Protection Specialist to join this high performing team and help deliver exceptional value to the business. The Data Privacy Specialist is a demanding hands-on role that requires a good level of experience in privacy and data protection laws and operational processes. The successful candidate will work closely with the Data Protection Lead in building a world class Data Protection Team. The successful applicant will be expected to integrate into a small team and hit the ground running, and will be responsible for identify and raise privacy-related risks, track progress of any remedial actions identified. This role will interact closely and frequently with internal business units at all levels of seniority, external service providers and other stakeholders across the organisation.
- Provide support to the Data Protection Lead to operate the privacy processes.
- Participate in the design of the controls to support the data separation program and helping to shape the data security strategy.
- Managing the Subject Right Requests process by working collaboratively with all internal stakeholders and communicate outcomes effectively with data subjects and any other applicable parties.
- For Data Subject Access requests, accurately screen, redact and record reasoning for withholding personal data in line with applicable legal, regulatory and sectoral requirements.
- Coordinate the completion of the Data Risk Assessment process with stakeholders.
- Identify privacy and data protection related risks to processing and advise business stakeholders on appropriate controls to take to improve risk posture.
- Conduct Data Breach investigations and manage the process.
- Participate with the wider security team and business to maintain required registers of processing.
- Woking with the Data Champions to manage the periodic review of the processing to ensure records are accurate.
- Manage the review and update of the Privacy Notices with the Business.
- Participate with the wider team in project, procurement and other business processes to identify and capture risks in the data processing activities.
- Escalate any identified risks to the Data Protection Lead and Data Protection Officer as appropriate.
- To identify privacy process enhancement opportunities and lead the design and implementation.
- Support the Data Protection lead to educate all stakeholders on the data protection processes.
- Manage the generation of monthly metrics and reports.
- To carry out any other ad hoc duties consistent with the position that may be required.
Skills and Experience:
- Previous experience in Privacy assurance or Privacy operational roles.
- Passionate about data protection and building a culture of data protection.
- Excellent analytical skills, the ability to analysis data for patterns and trends and able to deliver findings in a range of styles and format to various levels in the organization.
- Strong operational knowledge of the GDPR and UK DPA 2018.
- Dedicated to the discipline of data privacy but pragmatic and adaptable with the tenacity to get things done.
- Technical understanding of technologies and their data protection and privacy implications.
- Confident in dealing with deadlines and delivering to targets and objectives.
- Excellent attention to process and detail, with good time management.
- Strong influencing and stakeholder management skills and ability to challenge others and be challenged.
- Adaptable to change and flexibility to deal with any tasks as required and a good team player.
- Good organization, focus with strong attention to detail.
- Committed to continual improvement for themselves and those around them.
- Providing excellent customer service is a passion.
- Previous experience in an in financial services is considered a plus.
- Understanding with relevant security frameworks and standards such as ISO27001 and NIST standards desirable.
- Data Protection / Privacy Qualifications: CIPP/E, CIPM, or equivalent.
Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.
Disclaimer This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level. The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request. There are no specific health risks associated with the role.