Group Head of Data Protection

Benefits

Additional Information

We're 1st Central, a market-leading insurance company utilising smart data and technology at pace. Rapid growth has been based on giving our 1.4 million customers exactly what they want: great value insurance with an excellent service. And that's the same for our colleagues too; we won Insurance Employer of the Year at the British Insurance Awards 2024 and our Glassdoor score is pretty mega too! At 1st Central, data sits at the heart of everything we do, so protecting it is both a legal obligation and a core responsibility. We're looking for a Group Head of Data Protection (DPO) who's passionate about privacy, someone who's curious, commercially aware, and ready to shape the future of data protection across our Group. You'll be our senior voice on all things data protection - advising the Executive, Boards and senior leaders, and setting the strategic direction for privacy across the Group. You'll lead a high‑performing Privacy team and make sure we're not just compliant, but confident in how we manage and protect data. We're looking for someone who has: Significant experience as a DPO or from a similar compliance role Expert knowledge of data privacy legislation including GDPR Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001 The ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks What's involved: To be responsible for the development of a high performing Privacy team creating a clear vision whilst building strong relationships inside and outside the Group, in order to collaborate with and influence the executive and senior management across the Group and externally with corporate partners, including data subjects, regulators, suppliers and professional bodies To have an excellent understanding of the key regulatory and statutory rules, regulations, principles and codes of practice incumbent upon Group companies and the jurisdictions in which they are domiciled in so far as they are relevant to the delivery of appropriate Data Protection compliance requirements, and to keep such awareness up to date To define with the Executive, Boards and other senior stakeholders, and implement the Group's Data Protection Strategy To define, scope, gain Audit Committee approval for, and deliver the Group's data privacy programme To report to the Group's Risk Committees on the compliance position highlighting key risks, incidents and matters requiring decisions by the relevant Board or senior management To act as Data Protection Officer for all Group entities where the role is required, and be owner of the Group Data Protection Policy To take overall responsibility for the oversight of Data Protection compliance and related Regulatory matters across the Group Inform and advise Senior Management on data protection laws and policies Monitor compliance with data protection laws and policies, and report on this to the Executive, SICL Management Committee, FCIM Management Committee and Group Audit committees. Oversee the maintenance of records required to demonstrate data protection compliance Supervise the Privacy Team's completion of data protection impact assessments and develop and execute relevant project plans Manage a program of awareness-raising and training to deliver compliance and to foster a data privacy culture within the company Review Data Protection clauses in client terms and supplier contracts Define, implement, and lead a data incident response and data breach notification procedure as well as provide incident management response where applicable Be the contact point with and co-operate with the relevant Data Protection Authorities and to data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests Being the focal point for all activity relating to data protection Promote a culture of awareness of data security throughout the company Comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times Responsibility for maintaining department risk registers, providing evidence and commentary for controls, updates for Mitigation Actions and maintaining control matrices and attestations. Also, to ensure that your employees are aware of their responsibility to identify and report risk. Ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times, including compliance with the Senior Managers Certification Regime (SMCR) Conduct Rules Job-specific Competencies Experience & Knowledge Knowledge of FCA requirements (including individual responsibilities in relation to Consumer Duty) Significant experience as a DPO or from a similar compliance role Proven track record in leading data protection issues at a senior level Project management experience Experience of interfacing with

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at firstcentral? Share your experience