Reporting to the Data Protection Officer, the role holder will support in monitoring compliance with the Data Protection Act and all applicable data privacy regulations across CIC Insurance Group. The role provides essential operational and analytical support to ensure that the Group and its subsidiaries maintain robust data protection practices in line with regulatory requirements. The role holder assists in developing and maintaining the Group’s data protection framework, managing records of processing activities, supporting data protection impact assessments, coordinating training programmes, and acting as a point of contact for internal stakeholders on day-to-day data protection matters.
Key Responsibilities
- Compliance Monitoring: Support the Data Protection Officer in monitoring and implementing the Group’s Data Protection Framework, including assisting in updating policies, data collection templates, and data mapping exercises.
- Records Management: Maintain and update the Group’s Records of Processing Activities (ROPA), ensuring all data processing activities across subsidiaries are accurately documented and classified by purpose and legal basis.
- Impact Assessments: Assist in conducting Data Protection Impact Assessments (DPIAs) for new or changed processing activities, projects, and systems, documenting findings and recommended mitigating controls.
- Training and Coordination: Coordinate and support the delivery of data protection training programs across CIC Group, maintaining training registers and updating materials as regulatory requirements evolve.
- Data Subject Rights: Support the management of data subject rights requests, including Subject Access Requests, erasure, rectification, or restriction of processing, ensuring responses are prepared within regulatory timeframes.
- Incident Management: Assist in managing data security incidents and breaches, including initial assessment, documentation, and coordination with the Information Security team to ensure timely escalation.
- Privacy Documentation: Support the preparation of privacy statements for processing operations and ensure these are incorporated into company forms, websites, and other data collection touchpoints.
- Audit and Review: Assist in compliance review exercises and audits, identifying gaps, documenting findings, and tracking remediation actions to closure.
- Reporting: Assist the DPO in preparing quarterly status reports on data protection compliance, highlighting emerging risks and incidents.
- Regulatory Liaison: Help coordinate with the Office of the Data Protection Commissioner (ODPC) and other supervisory authorities, assisting in preparing responses to queries or complaints.
- Regulatory Monitoring: Monitor developments in data protection legislation and best practices across the Group’s operating jurisdictions.
General Responsibilities
- Participate in departmental planning and budgeting as required.
- Participate in relevant committees, working groups, and governance meetings as directed.
- Liaise with internal audit, external auditors, and regulators on data protection matters.
- Assist in planning and organizing internal awareness activities and campaigns related to data privacy and protection.
Requirements
- Bachelor’s degree in Law, Computer Science, Information Technology, Business Administration, or a related field.
- A data protection or privacy certification from a recognized body is preferred.
- Additional qualifications in information security (CISA, CISM, or CISSP) are an added advantage.
- At least 2–3 years’ relevant experience in a compliance, legal, audit, or data protection support role within the financial services industry, preferably insurance or banking.
- Demonstrated experience in maintaining compliance records, conducting assessments, or supporting regulatory reporting processes.
