Head of Compliance and Data Protection

60000.00 - 75000.00 GBP Annual
10 May 2019
31 May 2019
Contract Type

Responsible for providing oversight, advice, guidance and leadership across the company on all aspects of Data Protection and regulatory compliance risks including FCA, OFCOM, OFGEM. The role holder will be expected to lead the strategic development of all data protection and regulatory compliance arrangements for the firm, providing assurance and oversight of risks and issues to the Board of Directors.


FCA Compliance:

  • Provide a range of FCA compliance services to the business
  • Annual RMAR reporting
  • Approved person's administration
  • Oversight of systems and controls including annual review of compliance policies
  • Horizon scanning, and communication of regulatory change and requirements
  • Lead implementation of regulatory changes such as SMCR
  • Identify and escalate regulatory risks to the Board

Data Protection: Provide subject matter expertise for all data protection related activities:

  • Data Protection Impact Assessments
  • Responsible for ensuring appropriate Data Sharing contractual agreements with clients and suppliers
  • Support the tender and on-boarding of new clients by providing assurance regarding the firm's data protection arrangements
  • Work with key stakeholders responsible for management of data protection risks
  • Maintain a record of all data processing activities and categories of data
  • Support the delivery of an effective Information Security Management System, ensuring ongoing compliance with the ISO 27001 standard


  • Devise and maintain an enterprise level risk identification and assessment process and embed this within the business
  • Work with the exec team to define business risk appetite
  • Facilitate regular review and update of risks and control with all risk owners Chair exec team risk review meetings, providing effective reporting of risks over appetite and tracking actions to ensure risk treatment and mitigation activities are effective Define and develop group level reporting of strategic risks

Experience Required:

  • Extensive experience of Data Protection and FCA compliance in the consumer lending sector
  • Experience leading key second or third line of defence assurance activities across Risk and Audit Assurance activities
  • Significant experience distilling complex regulation into key requirements for the business and senior leaders, and leading projects to deliver regulatory changes