Data & Privacy Operations Manager

Job Description

The Data Management and Privacy Operations team is part of a newly formed 1st line centre of excellence under Group CDO. The role will support the respective businesses and functions assigned & work closely with the 2nd line compliance and the Information Cyber Security (ICS) & Risk assurance teams to design, implement & operationalise capabilities for Data Management & Privacy Operations. The role will ensure that these capabilities are operating effectively in BAU to achieve and manage the respective business objectives in this area. The role will also provide timely feedback / data to all stakeholders to meet any key regulatory obligations and key business priorities.The successful candidate will have an opportunity to work in a multi-disciplinary team aimed to design, build and/or operate data, records and privacy controls to mitigate risks. Responsibilities include but are not limited to, data and privacy risk assessments, business process design and assessments, data protection impact assessments, data incident management, awareness and training, verification that proper risk assessments have been completed and up to date for vendors handling personal data, and verify applicable vendor agreements include required privacy and data protection terms according to global policy, client requirements and applicable privacy law.This is a hands-on, individual contributor role, working very closely with the assigned Business & Functions group and with a team of other data management & privacy experts who provide subject matter expertise and advice, tailored to the businesses, regions and functions of the Bank. Provide Operational Support
• Implement and manage operational processes which delivers outcome focused & timely service delivery.
• Analyse existing business & functional processes to identify automation opportunities in area of data management, data privacy and records management.
• Recommend process improvements to address control gaps and to enhance efficiency where possible.
• Support & coordinate with stakeholders in defining automation or remediation actions / solutions.
• Develop, track & analyse actionable metrics to continuously improve tools, procedures & provide visibility of operations to management.
• Facilitate workshops for assigned Business / Functions with 2 nd line of defence and Technology to source inputs and document outcomes on:
  • current state (e.g. systems, processes, controls, projects, documentation including contractual arrangements)
  • risks and controls,
  • gather / validate requirements for applications supporting data and privacy management,
  • proposed processes, controls, frameworks / templates, solutions
• Conduct assessments / surveys (e.g. on privacy impact / risk & controls) / data gathering and analysis on applications, products, processes, documentation and third parties to evaluate compliance with laws, regulations, and internal standards
• Draft / update policies, guidelines, procedures and documentation as required based on external or internal changes
• Drive change and adoption including, but not limited to, creating communications (e.g. launch campaigns), training materials as well as delivery of training
• Facilitate the choice and implementation of technology solutions, including, but not limited to requirements gathering, driving build vs buy decisions, system implementation, testing
• Monitors any new, or changes to existing, technology applications, products, or operational processes and ensures that data and privacy risks are appropriately managed
Governance & Risk Management
• Support liaison with Risk Assurance team on any Group Internal Audit and any regulatory inspections as required.
• Assist in identifying, assessing, monitoring, controlling and mitigating data management, privacy and record management risks to the Group.
• Adopt a proactive approach to threat risk assessment through appropriate stakeholder engagement and monitoring of the external environment to improve assurance planning.
• Define metrics and dashboards for monitoring and reporting purposes
• Provide write ups and data visualisations to forums to enable decision making
• Participate in related workshops/forums to provide input on privacy processes and requirements for new products/initiatives
• Ensure compliance with privacy processes to deliver swift resolution of privacy related issues and incidents
• Report on relevant privacy process related matters, including metrics, KRIs, issues, incidents and risks
• Provide timely and accurate reporting to internal risk assurance team & appropriate forums /committees
• Design/ re-design processes and controls to ensure compliance with laws, regulations, and internal standards in the most efficient, streamlined and customer centric way for the Group
Training, Awareness & Change Adoption
• • Increase awareness of data & privacy risk and processes within the assigned Business / Functions by supporting training programs, maintaining and uplifting supporting procedures and materials
  • Ensure training needs of Business/Functions are shared with the Training Lead in the Programme and help to support/design appropriate training delivery accordingly.
Regulatory and Business Conduct
• Display exemplary conduct and live by the Groups Values, Valued Behaviours, and Code of Conduct
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Our Ideal Candidate Qualifications/ Skills :
• Extensive experience in a relevant role (e.g. Compliance, Legal, Audit) or experience in a data & privacy domain of a large organisation
• Experience in one of the following Business / Functions will be an added advantage (e.g. Retail Banking; Corporate & Institutional Banking; Wealth Management; Private Banking; Legal; HR; Operations; Risk)
• Good understanding of Information Security Policy, Privacy Policy, Data Management Framework & Records Retention Policy as well as Standards.
• Effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers
• Ability to perform the role of Change Leader
• Confident and courageous to raise/escalate issues in a pro-active, professional, and timely manner
• University degree with professional certification (such as CIPP, CIA, CISA, CISSP, or CISM) preferred
• Highly motivated individual with a strong track record of achievement
• A good team player
• Ability to multi-task and work under tight deadlines
• Excellent stakeholder management skills
Key Stakeholders
• Group COO - Trust, Data, and Automation
• Head Data Management & Privacy
• COO - various Business and Functions
• Chief Data Protection Officer
• Head of Operations - Automation
• Head ICS, Business & Functions
• Global Head of Assurance Cyber, Data & Automation
• 2nd line Risk & Compliance
Chief Information Security Officer,

Keyskills :
3rd party relationshipssubject matter expertisemanagementbusiness process designcustomer relationssalesdata privacymarketingdelivery