Role Description: In order to support the establishment and strengthening of the KPMG Privacy Office and Network, the UK firm is looking to recruit a network of 1st line Data and Privacy Officers to
In order to support the establishment and strengthening of the KPMG Privacy Office and Network, the UK firm is looking to recruit a network of 1st line Data and Privacy Officers to sit within each business area and key KBS function. Given the overlap between Privacy and Information Protection, Data and Privacy Officers will work closely with Business Information Security Officers (BISO).
The Data and Privacy Officer will apply their skills and experience to act as the main point of contact for their assigned business or function division for activities relating to data protection and privacy, whilst acting as a champion for information protection. There may be some scope to support data governance activities as and when this function develops within the firm.
The Data and Privacy Officer will be a core part of delivering our Trust and Growth strategy for Consulting. The role will sit within the Consulting QRM team which forms part of our first line of defence, helping to ensure our risk and quality processes are effectively implemented. We support our client facing colleagues to ensure that projects we undertake do not put the firm at risk or undermine our reputation.
The successful candidate will have scope to regularly practice complex problem solving and have frequent exposure to a variety of senior stakeholders within client-facing teams; fostering and maintaining these relationships is key to success in the role.
Reporting to: The Data and Privacy Officer will report to the Consulting Business Information Security Officer with functional reporting (dotted line) to the Data Privacy Office.
For their respective business or function:
- Provide hands-on KPMG and client data protection and privacy subject matter expert support. Firm-specific training will be provided by KPMG’s central DP function.
- Respond to internal queries regarding data protection and privacy. Use sound judgment to escalate queries to the Privacy Office (2nd line) as appropriate
- Support and embed Privacy by Design processes (i.e. assist in performing business, information or Privacy Impact Assessments (PIAs) or Legitimate Interest Assessments (LIAs)) within the business where required
- Ensure technical or organisational changes within Consulting go through the relevant design or assurance forums for approval and completion of impact assessments
- Support capture of privacy, information security and data governance risk registers and integration with the rollout of a GRC tool as part of a wider risk and compliance management framework
- Act as custodian and maintain the register of personal data processing activities (GDPR Article 30)
- Support production of risk, compliance and controls reports
- Act as Data Subject Rights (DSR) request lead for respective area. Manage and co-ordinate all Data Subject Rights requests from receipt to conclusion (as per procedure) liaising with Privacy Office as required.
- Co-ordinate data incident actions with relevant internal stakeholders and ensure all required actions are completed (as per procedure)
- Support roll-out of new and updated data protection and privacy policies and procedures
- Assist the firm’s learning and training team for staff and contractors on data privacy and information protection
- Act as a “Data Champion” for Consulting and support data remediation exercises
- Support communication of changes to data privacy and information protection laws and regulations that may impact the UK firm’s (and potentially overseas entities’) operational and strategic practices
- Promote the Data and Privacy Officer Network
- Support continuous data privacy and information protection improvement and change
- Assist the Privacy Office with 2nd line activities where required
Skills and experience required:
- Extensive experience in a complex organisation (e.g. top tier financial organisation, professional services organisation or similar)
- Experience in a data privacy or information management role
- Some experience with conducting data privacy or information risk assessments
- Possess a good understanding or familiarity with DP risks associated with emerging tech: blockchain, AI, machine learning, IOT, etc.
- Risk and compliance experience
- Good understanding of three lines of defence (risk management)
- Experience in assessing and managing data or information risks and adequacy of controls
- Applied knowledge of the GDPR including operational implementation
- Ideally hold recognised data privacy qualifications or willing to obtain
- Excellent skills using MS Word, MS Excel and MS PowerPoint
- Excellent communication skills, both written and spoken
- Well organised and able to maintain a high workload efficiently at a consistently high standard
- Strong attention to detail
- Good understanding of inter relationships between systems, architecture, platforms and security within your assigned business or function
Location: Canada Square / Watford / Nationwide