Data Privacy and Assurance Manager

Our client is focused on developing products and services for the digital assets sector.  Their mission is to build technology and tools that make earning, investing and transacting more rewarding.

To support their expansion, they are in search of a a seasoned Data Privacy and Assurance professional to join their team in Gibraltar. This role will report into the Head of Compliance and Risk.

Key responsibilities

  • Develop and deliver a data privacy and protection framework including policies and procedures, DPIA’s, governance framework, international storage and transfer of information, privacy incident response and data processing agreements.
  • Assist the business in understanding regulatory, statutory, and technical Data Privacy requirements.
  • Perform privacy risk assessment/analysis, mitigation, and remediation.
  • Oversee, develop, and deliver initial and ongoing privacy training to the workforce.
  • Partner with various stakeholders to ensure privacy by design is embedded into the products and services.
  • Contribute to privacy incident management and investigations and partner with the Security team on the security incident response plan.
  • Manage the vendor privacy compliance programme and strengthen oversight mechanisms to ensure third parties are adhering to privacy requirements.
  • Manage the data inventory and records of processing activities process and ensure this is kept up to date.
  • Measure the effectiveness of the privacy programme and implement internal privacy reviews to drive improvements and overcome potential compliance gaps.
  • As the laws evolve and the business changes, identify new privacy requirements and develop strategies for implementing these changes.

Experience & qualifications

  • 5-10 years’ experience in implementing and managing a privacy programme.
  • Prior experience using OneTrust is essential.
  • Law degree and at least one IAPP (CIPP, CIPM and/or CIPT) certification.
  • Demonstrated understanding of international privacy laws (including GDPR, CCPA, PIPEDA, DPO, DPA) and experience in operationalising these laws.
  • Demonstrated experience and thought leadership in:
    • Performing high volume of complex DPIAs
    • Privacy audit
    • Privacy inventories and data flow mapping
    • Privacy programme implementation
    • Privacy strategy and governance
    • Privacy incident response
    • Data protection and cybersecurity training
  • Prior experience in a financial services / technology/ SaaS environment is preferential.
  • Ability to understand technical and financial information and data flows in a blockchain exchange environment.
  • Familiarity with ISO 27001 requirements and implementation process.
  • Demonstrated negotiation skills to interface successfully with Data Protection Authorities.

Other skills:

  • Dynamic problem-solving mindset with exceptional analytical and communication skills
  • Strong stakeholder engagement skills with the ability to connect and communicate at all levels across an organisation.
  • Ability and capacity to absorb large volumes of information and articulate a solution in a verbal and written format.
  • High degree of professional ethics and integrity.
  • Sound judgement and ability to analyse situations and information.
  • Able to work independently, as required.


Job Category: Latest jobs in Gibraltar
Job Type: Full Time
Job Location: Gibraltar
Salary: DOE

Apply for this position

Allowed Type(s): .pdf, .doc, .docx

Filed Under:

About the Author: