Are you our new Data Privacy Manager?

Working in our fast paced, successful Legal team there has never been a better time to join Pepper Money, a specialist mortgage lender backed by a global financial institution offering first and second charge loans.

We operate a hybrid working model, so you will benefit from both home and office working, the office being based in Cardiff or London office. There may be occasional travel to our other offices around the UK.

What you will be doing 

To be successful in this role you need to have excellent knowledge and understanding of the current data protection laws, as you will be responsible for informing and advising the business as well as our employees about data protection and our obligations to comply with UK GDPR and other data protection laws, you will also be responsible for the data protection policies, including the review of internal data protection activities. In addition to this you will assist with training employees involved in data processing and monitoring compliance conducting regular audits and reviews of these roles.

  • Manage & maintain the Data Protection (DP) Policy ensuring it is reviewed and updated at least annually, and monitoring the necessary controls are operated to monitor / achieve compliance with the policy
  • To provide advice on whether DPIAs are required to identify, minimise, and manage the DP risks in the projects we undertake as an organisation
  • Ensure the relevant Standards, Procedures, training, and guidance are in place to support compliance with the DP policy
  • To advise Pepper Money on its obligations under data protection laws and for monitoring compliance with such
  • To undertake reviews of data protection compliance – through a DPIA or a similar exercise – of third parties that process data on behalf of Pepper Money
  • To review identified risks in processing activities, providing management audit reports related to data protection risks and compliance with applicable laws
  • To ensure the promotion of data protection awareness, with training and education programmes to cover data protection
  • To ensure appropriate processes for responding to and the handling of Data Subject Access Requests, or other requests, under the UK-GDPR individuals’ rights
  • To review data processing activities and seek out opportunities for continuous improvement in relation to these activities
  • To serve as the point of contact and liaison for the data protection supervisory authority, the Information Commissioners Office (ICO), and data subjects on data protection related matters under the UK-GDPR and related data protection legislation

What we are looking for

  • Good Knowledge of information risk analysis and management.
  • Understanding of and practical experience of applying the Data Protection and other related legislation, standards, and codes of practice
  • Knowledge of EU/UK GDPR and associated data protection requirements, especially any potential changes following Brexit
  • A good working knowledge of ISO/IEC27001.

Please note this role is classed as a Certified role under the FCA’s Senior Management & Certification Regime.  More information about what this means can be found at the FCA’s website