Senior Compliance Manager

Added: 25 October 2021

Job Location

Our office is located in Hersham, Surrey


Private health care, annual performance-related bonus, 25 days annual leave (plus your Birthday) Life Insurance, pension scheme.


As Qualco operates within the Financial Services Industry any employment offer is subject not only to the usual legal checks (Right to Work and Proof of Address) but also a clear DBS, adverse financial Employee Credit Check, Employee Electoral Role check plus references from previous employers over the last 10 years (where available).

Summary of position

A fantastic opportunity for an experienced professional with a sound level of understanding of GDPR and FCA regulation to join our growing team as a Senior Compliance Manager within a Tech solutions company that caters for clients across multiple markets and industries.

Primary requirements of the position surround building and developing an enhanced regulatory oversight framework that caters for Data Protection and FCA compliance. The position will stand as our appointed DPO and internal/external compliance oversight advisory lead providing timely and relevant analysis and investigation outputs.

Key components of the role cover oversight of all data-led policy requirements, client contractual compliance monitoring and risk assessments.

Key responsibilities

Reporting to the Head of Risk & Compliance the candidate will be required to:

  • Ensure systems and controls are in place to comply with the UK General Data Protection Regulation, alongside any other existing UK Data Protection Law
  • Provide guidance on data protection matters across the organisation and the drive and leadership for a continued programme of review and improvement for data protection and management
  • Coordinate the response to Subject Access Requests and any internal investigations and ensure we have appropriate agreements in place with other organisations.
  • Reporting to management regarding the organisation’s compliance to UK GDPR
  • Offering advice regarding Data Protection Impact Assessments and monitoring performance
  • Maintain appropriate records as required by the GDPR and additionally as necessary to enable the organisation to be able to demonstrate compliance with the law
  • Providing expert advice to key stakeholders on all regulatory compliance matters and their application within Qualco UK, this will mainly include Data Privacy and FCA obligations
  • Providing expert risk based advice on DPIAs and PIAs of new activity across all business functions
  • Proving expert advice on the impact, and associated controls required, for any new use of data Qualco UK considers in support of strategic objectives
  • Assessing incidents or near misses and escalating to the relevant manager where the incident may be reportable to the ICO/FCA and to consumers
  • Developing and delivering risk based Data Privacy and FCA Compliance Awareness training company wide that is tailored to the audience
  • Ensuring all regulatory requirements applicable to Qualco UK are understood and under management within the wider Compliance Framework
  • Ensuring that developments to relevant regulations are effectively communicated to key business stakeholders in a timely manner
  • Informing and providing Expert advice to the business and its employees about their obligations under all relevant regulations
  • Complete full review of new business area(s) data governance (strategy, framework, privacy notices, policies, processes, systems, contracts)
  • Managing, maintaining and continuously improving the central oversight controls for data protection including designing, developing, and keeping under review suitable and consistent policies and procedures with supporting tools and templates.
  • Monitoring and validating that core data privacy controls for specific business functions are implemented and operating effectively, including recommendations for improvements to manage risk.
  • Identify and further improve established tools and mechanisms for customer facing to conduct their duties surrounding DPIA, management of subject rights, and any Breach Reporting commitments.
    Investigate and report data breaches to the relevant Regulators (liaising with data protection offices in other territories, where necessary) within the statutory deadlines specified by Regulators, Data Protection Act and other data protection and consumer legislation. Advising on remediation actions to be taken and responding to any follow up questions or requests for information related to such reports.
    Provide business critical regulatory and compliance advice
    Helping the firm to meets its regulatory and strategic objectives
    Producing risk management bulletins/newsletters/communications to the business
    Produce monthly reporting and commentary on the progress of compliance monitoring
    Themed reviews of core company processes; for example, Financial Crime Prevention, Data Protection (GDPR), Conduct Risk, SM&CR and Vulnerable Customers

Required skills/experience

  • An in-depth knowledge of data protection laws within the UK and experience of working in a Privacy and Data protection focussed compliance role
  • An ability to think strategically, assess risks and explain the potential consequences
  • Experience in drafting policies, interpreting legal contracts and report writing
  • Confident presentation skills
  • Attention to detail
  • Excellent communicator at all levels, ability to deliver a clear message to a wide variety of audiences
  • Ability to challenge the status quo in a constructive manner
  • Ability to work in a fast paced, challenging, dynamic and demanding environment with changing priorities
  • Strategic thinker with analytical and problem-solving abilities
  • Ability to build effective relationships with key stakeholders to ensure privacy related improvement activities are prioritised alongside other projects and constructively challenge and question stakeholders on their approach to compliance.
  • IAPP CIPP/E or equivalent recognised professional standard
  • Proven awareness of privacy legislative framework and its application
  • Microsoft office suite of products including Outlook, Word, Excel, PowerPoint.
  • Information and records management expertise
  • An understanding of audit frameworks
  • Minimum of 4 years’ experience in a data protection role
  • Experience in report creation and confidence to communicate with all stakeholders at all levels of the business
  • Ability to deliver interactive presentations at organisational events to diverse audiences
  • Detailed knowledge of conflicts of interest and proven experience of resolving conflicts
  • Strong stakeholder management skills and ability to influence and deliver excellent results in conjunction with the senior management of the Quality and Risk Directorate
  • Detailed understanding of FCA Handbook, CONC, SYSQ, GDPR, SM&CR and Conduct Rules
  • Experience in regulatory reporting and experience communicating with regulators
  • Compliance advisory & monitoring experience in an FCA regulated environment
  • Show excellent understanding and interpretation of emerging compliance issues
  • Awareness and understanding of wider business, economic and regulatory environment
  • Previous roles as a Data Protection Officer
  • One or more data protection qualifications such as EU-GDPR-P, CIPP/E etc

The following knowledge would be beneficial:

  • Knowledge of IT and cybersecurity and ISO certifications volumes of data at senior level
  • Experience operating at senior committee level for reporting and recording
  • Experience implementing and maintaining SM&CR requirements
  • Knowledge of FCA publications
  • Professional qualification in relevant industry discipline
  • Degree level qualification