Deputy Data Protection Officer

Pension Insurance Corporation (“PIC”) provides secure retirement incomes through comprehensive risk management and excellence in asset and liability management, as well as exceptional customer service. Our purpose is to pay the pensions of our current and future policyholders. We achieve our purpose by setting Companywide strategic objectives and driving a healthy culture based on our PIC Values of Resilient, Adaptable, and Loyal.

Role purpose

• Partners with the current Head of Data Protection Office and General Counsel in leading all Data Protection Office activities to maintain and achieve compliance with internal policies and procedures, and regulations and laws relating to data or information processing performed by PIC or third parties on which PIC depends for data processing purposes.
• Defines, maintains and promotes awareness, understanding, adoption of Data Protection within PIC.
• Embeds Data Protection regulations and professional standards across PIC.
• To remain informed of, and assess, industry leading practice, for applicability within PIC and to actively promote its implementation.
• To provide effective and timely challenge and support to key stakeholders and groups across PIC, including CISO and Chief Data Officer
• Our Company values are expected to be reflected in the delivery and performance of every role.

Specific accountabilities assigned to the role of Deputy DPO within the Legal, Company Secretary & DPO function:

• Conduct a full and thorough analysis of PIC’s privacy and data protection systems, processes and governance framework providing a comprehensive report to senior management on the findings and recommendations, including determining:

o   the degree to which PIC meets ICO requirements;

o   the degree to which PIC meets or exceeds industry best practice; and

o   timeline for any remedial and/or enhancement actions, to be agreed with the designated Data Protection Officer.  

• Responsible for the design and roll out of guidance materials and internal training to educate to develop knowledge and understanding of GDPR compliance, data privacy and governance, and AI regulation across PIC.
• Responsible for the completion of data subject access requests in line with ICO requirements and PIC internal governance and control framework.
• Work collaboratively with other centres of excellence to include but not limited to Data Office, Information Security, HR, Business Services, Operations, and Origination to conduct data protection and privacy impact assessments (DPIAs) submitted as part of any change activities, identifying necessary control requirements or actions to be addressed.
• Adequately maintain privacy records and documentation, such as privacy notices, records of processing activities (RoPA), legitimate interests assessments as required.
• Ownership of PIC’s data privacy policy and other related policies relating to GDPR, data privacy and security regulations ensuring legal risk mitigation and operational compliance.
• Take ownership for own learning and development in both technical (e.g. legislation and regulatory guidance, and critical judgement) and non-technical (self-insight and relationship management) skills.
• Keep informed of industry trends, market developments, regulatory changes in the public and private sectors, as well as best practices related to data protection (privacy) by attending industry seminars, reading and sharing relevant published articles.

Knowledge

• Strong technical knowledge, and in-depth understanding, of privacy and data protection legislation in the United Kingdom.
• Good knowledge of legal, regulatory and compliance requirements applicable to data and information, within financial services is desirable.
• Strong knowledge of information management, or records management, practices.
• Strong knowledge of privacy information management systems.
• Knowledge and interest in AI technology, governance, and regulation as it relates to designing and building systems and processes in the area of privacy.

Skills

• Strong organisational skills,
• Strong communication and presentation skills,
• Ability to persuade and influence both directly and indirectly.
• Ability to work on multiple tasks effectively and efficiently.
• Ability to work within defined procedures as recommended by functional teams.
• Ability to act on own initiative.
• Commercial judgement.
• Good working knowledge of MS Access, MS PowerPoint, MS Word

Experience

• Recognised qualification and/or proven track record of experience in law / GDPR compliance / data science / information management / data governance, preferably within Financial Services.
• Proven track record and strong experience in designing and implementing systems, process and technology in GDPR compliance, data privacy and governance, and AI regulation.
• Demonstrated success in stakeholder management at multiple levels of an organisation ensuring legal risk mitigation and operational compliance.
• Evidence of continuous professional development and staying current with regulation in the area of privacy.

DE&I at PIC

At PIC, we believe that true innovation stems from embracing diverse perspectives, backgrounds and experiences. We are committed to building a workplace where every individual, regardless of race, gender identity, sexual orientation, disability, age, religion, or socio-economic background, feels valued, heard and empowered to succeed. We hold ourselves accountable through ongoing initiatives, such as inclusive hiring practices, and equitable career development opportunities that support belonging and community. While we’re proud of our progress, we recognise there’s work ahead, and we remain dedicated to listening, learning and evolving together.

In addition to a competitive base salary and the opportunity to participate in our annual, performance-related bonus plan, upon joining us here at Pension Insurance Corporation, you will get access to some great benefits, including private medical insurance, 28 days' annual leave (excluding bank holidays), a generous pension scheme and much more.