EMEA Data Privacy Specialist
Note: Individual goals will be agreed with the Head of Data Privacy - EMEA as part of the Performance Management process.
Support the Head of Data Privacy - EMEA and the global Chief Privacy Officer in the rollout of the EU General Data Protection Regulation remediation programme. Assist in the creation of templates and tools to aid with this remediation and provide advice to key stakeholders on the completion/use of such tools.
Support in the creation, maintenance and periodic review of relevant Data Privacy guidance, policy and standards
Support the scoping and execution of the EMEA/Global annual Data Privacy Compliance Monitoring Programme, and help ensure that all reviews are completed in line with requirements, all issues are resolved in line with targets set and all reports produced in a timely fashion
Assist with maintenance of Data Protection Authority notifications, local authorisations for International Transfers and other communications with, and requests from, local DPAs
Evaluate data protection breaches and incidents in a timely manner, assist with route cause analysis and provide credible challenge. Assist in the production of associated MI and trend analysis
Support the team in the completion and administration of Data Protection Impact Assessments
Completion of data protection risk assessments of third party suppliers and/or high risk projects as required
As directed, analyzes existing legislation, regulatory announcements and industry practices in order to ensure the assigned business is in compliance with current requirements.
Support the annual review of Privacy training materials. Provide face to face Data Protection training on an ad-hoc basis dependent on the individual business needs
Assist in the review of data subject access requests and other information requests pursuant to individual rights to ensure that all requests are dealt with effectively and within the statutory time frames
Provide timely, pragmatic and accurate Privacy guidance to business areas as and when required
Preparation and presentation of metrics to indicate the effectiveness of BNY Mellon's Privacy programme across EMEA
Lead on team administration activities, e.g. meeting planning, minutes and actions tracking; records management; Privacy team goals/objectives tracking; creating team delivery plans and preparing progress snapshots, etc.
With minimal guidance, contributes to the compliance efforts of the assigned business units. Helps to bring the business units into compliance with standard regulatory and policy requirements.
Helps the business units respond to and develop compliance reporting, as directed. Based on assessments of controls, works with business units to implement improvements and develop documentation when control changes are made.
Contributes to projects and program tasks intended to improve compliance and enhance the control environment. Analyzes control processes to ensure they are in compliance with all applicable laws, rules and regulations.
Reviews the appropriateness of control processes and may help guide the assigned business units in implementing improvements.
Continues to build working relationships with outside regulators, government officials and business unit managers in order to facilitate the timely delivery of information and increase the likelihood of favorable conditions for compliance activities.
With minimal guidance, contributes to assessments of the effectiveness of controls that help ensure ongoing compliance with key laws, regulations and policies affecting BNY Mellon businesses.
Continues to gain experience preparing risk based reviews of existing and emerging regulatory requirements, concerning issues and control gaps.
Contributes to the preparation of time sensitive reporting and appropriately escalates issues to more experienced professionals
Contributes to the achievement of team objectives.
Generic Staff Responsibilities:
Comply with all corporate policies and procedures within the department;
Alert management immediately of any significant changes to business risks and internal controls effectiveness;
Notify management immediately of any regulatory breach;
Comply with health and safety policies and procedures operating within the business.
Job Specific Competencies:
Investigative and questioning nature
Excellent inter-personal skills
Excellent organisational skills
Ability to manage and prioritise workload
Ability to communicate orally and in writing with various levels of management
Technical Skills, Knowledge, Systems Knowledge:
Experience of the practical application (business operations and technology) of Data Protection and Privacy laws in EMEA within the Financial Services environment
Demonstrable knowledge of current Data Protection and Privacy legislation in EMEA jurisdictions and in respect of the incoming EU General Data Protection Regulation (GDPR) is required
Strong analytical skills, problem-solving ability and attention to detail
Data analysis and metrics presentation skills
Previous exposure to international data protection and privacy laws and regulations, e.g. Americas (including LATAM) and APAC, is advantageous
Strong knowledge of the financial services regulatory environment is essential
Academic/Professional Qualifications: (or equivalent qualifiers)
Data Protection experience is essential
ISEB and/or IAPP certifications are highly desirable
Bachelor Degree educated or equivalent