Data Protection Officer (London)

Company Overview:

Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients’ needs. The business has a clear mission and purpose to offer investors a different approach to achieving their investment goals; one that prioritizes the certainty of meeting their chosen objectives.

Founded in 2002, Insight’s collaborative approach and partnership with its clients has delivered both investment performance and growth in assets under management making it a leading force in investment management. They focus on what they believe they are best at, offering a full-spectrum fixed income capability, risk management strategies including Liability Driven Investment (LDI), absolute return and multi-asset.

Insight is ranked number one in Edelman’s Asset Management Brand Index 2024 as the manager whose brand is most highly regarded in the institutional marketplace. They are owned by Bank of New York Corporation (BNY), a global leader in investment management and investment services.

With $838 billion under management and sitting within BNY, Insight leverages the unique combination of achieving the high-performing, risk-adjusted returns of a boutique with the financial stability of a large, global financial institution for which asset management is a core strategic priority.

Insight has investment decision-making autonomy, operating with an independent management structure and boards with a global network of operations in the UK, Ireland, Germany, US, Japan, and Australia. The business employs over 1,100 people including 285-plus investment professionals.

More information about Insight Investment can be found at: https://www.insightinvestment.com

Division Description:

This team is responsible for the provision of cyber security functions to protect the business on a day-to-day basis and to ensure that technology growth is in line with cyber policy (which is developed with business strategy and risk appetite in mind). This capability covers security governance, vulnerability management, security monitoring and logging, physical and environmental security, cryptography information protection, identity and access management, cyber incident response, 3rd party security compliance (including cloud), mobile and portable security and insider threat (technology misuse). This also covers the growing digital presence that Insight has, both to its existing institutional client basis but increasingly looking at developing products that serve retail clients through financial advisor channels.

Position Description:

Working within the CISO team as the designated Global Data Protection Officer and acting as the Data Security & Privacy subject matter expert, you will have a broad range of expertise across data privacy and security and be able to support and establish good practice data protection processes across the organisation as well as articulate the current risk and data protection maturity posture to senior leadership.

Role Responsibilities

• Ensure personal information is processed in line with applicable regulatory and legal obligations

• Ensure policies and industry good practice through the implementation of appropriate Data Privacy frameworks

• Oversee data protection impact assessments

• Embed privacy by design across all business change processes

• Act as a data breach incident manager and support the identification and mitigation of data privacy risks to the business

• Provide subject matter expert input on data handling and protection areas including data classification, retention, loss prevention and encryption

Experience Required

• Demonstrable professional experience of managing data privacy obligations for a global business

• Expert knowledge of relevant UK, European, US and broader international data protection laws and regulations (such as GDPR, CCPA and UK DPA), implementing appropriate international safeguards and, ensuring up and coming data protection laws and guidance are accounted for

• Ability to perform the duties of a designated Data Protection Officer in an independent manner, including corresponding with regulators and data subjects, providing advice and guidance to the business, and providing training and awareness to all staff

• Relevant certifications such as CIPP/E, CIPM, CIPT, Practitioner Certificate in Data Protection

• Experience of applying practical expert domain knowledge across a number of delivery scenarios, including but not limited to managing processes pertaining to data mapping and Records of Processing Activities, responding to data subject requests, managing personal data breaches, undertaking Data Protection Impact Assessments, undertaking privacy audits and gap analysis, and conducting contract reviews

• Familiarity with key data security technologies including DLP, Data tagging, CASB

• Ability to work with technical teams to define, manage and deploy data protection policies and rules on data protection technology protection technologies

• Experience in monitoring regulatory and legal compliance through data protection and retention policy and procedure adherence and timely reporting to senior leadership

• Experience in providing independent support and advice on a wide variety of privacy issues in language tailored to fit all relevant stakeholders

• The ability to work effectively within a team environment and across various stakeholders, including senior leadership and clients

• Practical experience of applying a range of risk management approaches, conducting risk assessments and being able to articulate risk effectively

• An accomplished communicator with the ability and confidence to present complex issues and influence decisions at all levels within an organisation with excellent analytical, interpersonal and stakeholder management skills

Nice to have:

• Experience in the financial services sector

• Familiarity of information security standards such as the ISO27000 series and NIST

• Previous work experience with regulators or industry bodies

• Developing solutions to address client data protection requirements

Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief, sexual orientation or other factors protected by federal, state and/or local laws. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at TalentAcquisition@InsightInvestment.com