Data Protection Manager

Arab Banking Corporation Manama, Bahrain Posted 4 days ago Permanent Competitive compensation Data Protection Manager (“DPM”) plays a crucial role in helping ABC Group and its Members to fulfil their data protection obligations. The DPM will essentially assist the Data Protection Officer (“DPO”) with:

• Enhancing the group-wide Data Protection Framework, and keeping it updated;
• Facilitating and supporting the implementation of the group-wide strategic roadmap for data protection;
• The group-wide monitoring of compliance with the data protection laws and regulations and with Bank ABC’s Data Protection Framework;
• Raising data protection awareness and ensuring that relevant training is provided;
• Providing assurance of compliance with the data protection laws.

DPM will maintain contacts with the Local Data Protection Coordinators (“LDPCs”). S/he needs to have a good understanding of how ABC Group is organized, the countries it is operating in, the products offered and the main processes and systems that support the working of ABC Group. S/he needs to be familiar with the practices for sound management of data protection risk and the regulatory requirements related to data protection in the main countries where ABC has a presence.  DPM should be able to articulate data protection related issues and risks and have meaningful discussions with internal and external stakeholders at all levels. S/he should keep sight of the “big picture” of the countries and markets ABC is in and the overall trends in the financial industry. S/he may be required to assume the LDPC role for Bank ABC B.S.C. branches. Scope of the Job Enhance and update the group-wide Data Protection Framework when new regulatory requirements are introduced. 1. Facilitate the implementation of the group-wide Data Protection Strategic Roadmap:

• Assist with coordinating and facilitating the implementation of the Data Protection Strategic Roadmap and all components across all Units of the Group specially the Personal Data Register;
• Providing day-to-day direction, guidance, training, and support to the first line for data protection and the management of related risks;
• Providing assistance with the identification of data protection issues and the definition of appropriate action plans;
• When required, review – and approve – local data protection policies, standards & procedures to ensure compliance and consistency with group policies, standards and procedures.

2. Monitoring and challenging:

• Monitor – and when required – challenge the compliance of the group-wide and local data protection policies, standards & procedures by the Units and raise any exceptions to the appropriate decision level (unit and group level).

3. Personal Data Register/Register of Processing Activities (ROPA):

• Assist with overseeing the regular maintenance of the ROPA by the Units and ensuring that they are always available and ready for inspection by the authorities.

4. Data Protection Impact Assessments: 

• Support / facilitate / monitor / challenge the Data Protection Impact Assessments (or their outcomes) done by the Units.
• Help to ensure that the Units maintain proper processes for providing prompt and appropriate responses to requests and complaints from data subjects.

6. Testing and assurance:

• Challenge / test the effectiveness of the core data protection processes;
• Help with providing assurance that the Units comply with the provisions of the relevant data protection laws and regulations and with the data protection framework.
• Ensure that data protection related incidents across the Group are timely and properly identified, escalated, and resolved, and that when required, authorities are timely notified;
• Ensure that relevant data protection related incidents are analyzed and that proper actions are taken to address the root causes of these incidents.

8. Reporting: 

• Prepare / oversee the preparation of consolidated data protection reports for the various internal and external stakeholders;
• Ensure that relevant data protection matters are timely reported to the local/group senior management and relevant risk oversight committees;
• Report on the global progress by the Units against the approved planning for the implementation of the data protection management framework.

9. Change management:

• Participate in major change projects to ensure that legal requirements for data protection / data retention and related risks are assessed and addressed prior to launch/implementation. 

10. Raise awareness for data protection:

• Ensure that necessary training and guidance are provided to the staff and contractors in the unit, subsidiaries, branches and rep offices on all aspects of data protection and data retention;
• Disseminate – and explaining – policies, standards and procedures for data protection and date retention to the various stakeholders in the units;
• Raise awareness for data protection with employees, contractors and parties working with/ for ABC.

11. Specific applications to support data protection:

• Participate in the selection and implementation of specific applications required to support data protection and the management of related risks
• Carry out “ad hoc” tasks related to data protection and data retention as directed by the GH – Cyber & IT Risk or Senior Management

Job Context

• Data protection and privacy landscape are evolving and changing rapidly due to the continuous advancement in technology, AI, and automation. Most of the jurisdictions where Bank ABC operates have already iterated or are in the process of building on pre-existing or proposed data protection laws to keep up with the developments in this field. 
• There may be other references to privacy/data protection in other sectoral laws, however, this is an overview where countries updated or are in the process of updating their national data protection laws.
• The attention for protection of personal data represents a considerable challenge for international financial institutions, such as Bank ABC, that collect and process personal data. The principles contained in the EU General Data Protection Regulations have impacted all countries where ABC has a presence. 

Areas of Knowledge, Qualification and Experience

• Relevant experience in data protection in the financial industry, supported by:
• Practical working experience security, compliance, legal, risk management or data management;
• Demonstrable understanding of the data protection regulatory environment that applies to Bank ABC Group;
• Relevant knowledge of information security and information technology risk;
• Must demonstrate awareness of changes to the threat landscape and fully comprehend how emerging technologies will impact the management and protection of personal data. Ability to deliver multiple initiatives while maintaining high quality of work.
• Degree of reputable university or equivalent level of expertise through work experience.
• 5+ years of data protection work experience
• A high degree of experience of translating legal and regulatory requirements into practical, operational solutions that can be understood and acted on by various part of the business.
• Experience developing and implementing a data protection framework.
• Ability to work with and across multi-disciplinary teams.
• Strong written and oral communication and presentation skills
• Self-motivation and leadership attributes
• People management and relationship skills
• Experience leading business critical projects
• Ability to maintain confidentiality.
• Assimilating information and identifying risk

Boost your career

Find thousands of job opportunities by signing up to eFinancialCareers today.

#J-18808-Ljbffr