Bravura Solutions Limited

Position Purpose

Based in our London Office, this role will be the lead Information Security Officer and expert on Data Protection (DP) matters, focusing on the global DP regulations (e.g. EU16 GDPR, Australian Privacy Act, New Zealand Privacy Act, Protection of Personal Information Act 4 of 2013 etc.) including the organisation DP Management System (DPMS). The Information Security Officer will ensure that sound policies, procedures and systems are in place so that Bravura Solutions can demonstrate compliance with the global DP legislation.

Main Activities

Whilst we expect all our employees to do what needs to be done to demonstrate their support of Bravura Solutions, below are some specific aspects of your role for which you will be responsible:

Data Protection

• Ensure that Bravura Solutions is aware of and complies with DP law, best practice and any case precedents, interpreting law changes into practical policies and procedures
• Implement measures and a privacy governance framework to manage data use in compliance with applicable legislations.
• Work with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments including developing templates for data collection, assisting with data mapping, and vendor management reviews
• To identify, test and improve controls on the confidentiality, integrity and availability of personal data
• Be the first point of contact for enquiries from staff on DP and subject access requests, providing them with appropriate advice and guidance. Compliance (Achieving and monitoring compliance including any remedial measures)
• Coordinate and conducting data privacy audits
• Draw up a DP Policy from the GDPR regulations, paying attention to new concepts and terminology and changed nuances of DP law, (e.g. right to be forgotten, data portability, additional new types of personal data, explicit consent)
• Working closely with colleagues, render the DP Policy into operational procedures for customer-facing staff to use
• Undertake proactive work and enforcement measures that promote good DP working practices and compliance with GDPR requirements
• Enshrine new principles, e.g. Privacy by design and DP by default
• Consider accreditation to external codes and protocols that may help demonstrate aspects of compliance with the main regulations
• Create registers as required by legislation, e.g. the type of personal data that we hold, who processes it and who we share it with
• Look at technical aids that support compliance (e.g. encryption, Data Loss Prevention)
• Carry out DP audits and spot-checks to monitor compliance
• Ensure subject access requests are responded to within prescribed timescales
• Deal with more complex and difficult DP complaints, including appeals
• Act as the primary point of contact between the company and regulatory authorities in all jurisdictions during data protection incidents, ensuring timely communication and compliance with reporting obligations.
• to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to data subject access requests (DSARs).

Documentation

• Design the documentation needed for use with the procedures:
  • Data Protection Impact assessments
  • Privacy impact Assessments
  • Data Inventory Register
  • Data Flows
  • SAR Process
  • Compliance Documents
  • Privacy Framework and processes
  • Review of client contractual requirements
  • Supplier onboarding contract review and support in annual reviews

Third Parties

• Examine arrangements for third parties who process the personal data of our residents and employees to ensure compliance with the new regulations
• Work with legal representatives to ensure that information-sharing with partners/suppliers is lawful and falls under appropriate protocols and codes

Risk

• Ensure that managers are aware of the risk element of data protection, GDPR and any other relevant regulations implementation, including monitoring through the Risk register
• Maintain a risk assessment process for personal data including DP Impact Assessments

Training

• Design and carry out training programmes to achieve compliance, e.g. Detailed, practical training for client-facing staff
• More general GDPR awareness training for other staff
• Carry out on-going DP and privacy training to maintain awareness

In addition to the above position-specific responsibilities, all employees are required to undertake any other reasonable duties and responsibilities within your capability and skills, when requested to do so.

Key skills

• Experience in Information Security, data protection and legal compliance
• Work experience in data protection and legal compliance is a plus
• Solid knowledge of GDPR and applicable governing legislation such as The Australian/ New Zealand Privacy Act, UK DPA, Protection of Personal Information Act 4, The Digital Personal Data Protection Act, 2023 (“DPDP Act”), Personal Data (Privacy) Ordinance, Laws of Hong Kong (Cap 486) or the PD(P)O and Personal Information Protection Act (PIPA) etc.
• Decision Making – capable of reaching timely and effective decisions based on the appropriate use of information;
• Communicating – able to identify key points for interaction which are related appropriately and with clarity;
• Using Information & Communications Technology (and other resources) – able to use ICT and other equipment (tools, materials and services), safely, effectively and efficiently;
• Building Customer Service – able to provide Customer/Stakeholders with a positive experience of the service delivered;
• Embracing Change – can readily identify and embrace change in the drive towards continuous improvement;
• Developing and Maintaining Relationships – able to make working relationships harmonious and productive; and,
• Maintaining and developing the organisation – able to make a positive contribution to the success of Bravura Solutions.