General InformationClose date: Saturday, 30 November 2024
Working pattern: Full time
Contract Type: Permanent
Location: London
Department: 13 - 13 Security
Bravura's Commitment and MissionAt Bravura Solutions, collaboration, diversity, and excellence matter. We value your ideas, giving you room to be curious and innovate in an exciting, fast-paced, and flexible environment. We look for many different skills and abilities, as well as how you can add value to Bravura and our culture.
As a Global FinTech market leader and ASX listed company, Bravura is a trusted partner to over 350 leading financial services clients, delivering wealth management technology and products. We invest significantly in our technology hubs and innovation labs, which inspire and drive our creative, future-focused mindset. We take pride in developing cutting-edge, digital-first technology solutions that support our clients to achieve financial security and prosperity for their customers.
Position PurposeBased in our London Office, this role will be the lead Information Security Officer and expert on Data Protection (DP) matters, focusing on the global DP regulations (e.g. EU GDPR, Australian Privacy Act, New Zealand Privacy Act, Protection of Personal Information Act 4 of 2013 etc.) including the organisation DP Management System (DPMS). The Information Security Officer will ensure that sound policies, procedures, and systems are in place so that Bravura Solutions can demonstrate compliance with the global DP legislation.
Main ActivitiesWhilst we expect all our employees to do what needs to be done to demonstrate their support of Bravura Solutions, below are some specific aspects of your role for which you will be responsible:
Data Protection- Ensure that Bravura Solutions is aware of and complies with DP law, best practice and any case precedents, interpreting law changes into practical policies and procedures.
- Implement measures and a privacy governance framework to manage data use in compliance with applicable legislations.
- Work with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments including developing templates for data collection, assisting with data mapping, and vendor management reviews.
- Identify, test and improve controls on the confidentiality, integrity and availability of personal data.
- Be the first point of contact for enquiries from staff on DP and subject access requests, providing them with appropriate advice and guidance.
- Coordinate and conduct data privacy audits.
- Draw up a DP Policy from the GDPR regulations, paying attention to new concepts and terminology and changed nuances of DP law.
- Work closely with colleagues to render the DP Policy into operational procedures for customer-facing staff to use.
- Undertake proactive work and enforcement measures that promote good DP working practices and compliance with GDPR requirements.
- Enshrine new principles, e.g. Privacy by design and DP by default.
- Consider accreditation to external codes and protocols that may help demonstrate aspects of compliance with the main regulations.
- Create registers as required by legislation, e.g. the type of personal data that we hold, who processes it and who we share it with.
- Look at technical aids that support compliance (e.g. encryption, Data Loss Prevention).
- Carry out DP audits and spot-checks to monitor compliance.
- Ensure subject access requests are responded to within prescribed timescales.
- Deal with more complex and difficult DP complaints, including appeals.
- Act as the primary point of contact between the company and regulatory authorities in all jurisdictions during data protection incidents, ensuring timely communication and compliance with reporting obligations.
- Ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to data subject access requests (DSARs).
Documentation- Design the documentation needed for use with the procedures:
- Data Protection Impact assessments
- Privacy impact Assessments
- Data Inventory Register
- Data Flows
- SAR Process
- Compliance Documents
- Privacy Framework and processes
- Review of client contractual requirements
- Supplier onboarding contract review and support in annual reviews
Third Parties- Examine arrangements for third parties who process the personal data of our residents and employees to ensure compliance with the new regulations.
- Work with legal representatives to ensure that information-sharing with partners/suppliers is lawful and falls under appropriate protocols and codes.
Risk- Ensure that managers are aware of the risk element of data protection, GDPR and any other relevant regulations implementation, including monitoring through the Risk register.
- Maintain a risk assessment process for personal data including DP Impact Assessments.
Training- Design and carry out training programmes to achieve compliance, e.g. Detailed, practical training for client-facing staff.
- More general GDPR awareness training for other staff.
- Carry out ongoing DP and privacy training to maintain awareness.
In addition to the above position-specific responsibilities, all employees are required to undertake any other reasonable duties and responsibilities within your capability and skills, when requested to do so.
Key skills- Experience in Information Security, data protection and legal compliance.
- Work experience in data protection and legal compliance is a plus.
- Solid knowledge of GDPR and applicable governing legislation such as The Australian/ New Zealand Privacy Act, UK DPA, Protection of Personal Information Act 4, The Digital Personal Data Protection Act, 2023 ("DPDP Act"), Personal Data (Privacy) Ordinance, Laws of Hong Kong (Cap 486) or the PD(P)O and Personal Information Protection Act (PIPA) etc.
- Decision Making - capable of reaching timely and effective decisions based on the appropriate use of information.
- Communicating - able to identify key points for interaction which are related appropriately and with clarity.
- Using Information & Communications Technology (and other resources) - able to use ICT and other equipment (tools, materials and services), safely, effectively and efficiently.
- Building Customer Service - able to provide Customer/Stakeholders with a positive experience of the service delivered.
- Embracing Change - can readily identify and embrace change in the drive towards continuous improvement.
- Developing and Maintaining Relationships - able to make working relationships harmonious and productive.
- Maintaining and developing the organisation - able to make a positive contribution to the success of Bravura Solutions.
Working at BravuraOur people are the heart of our business. We work hard to provide a rich employee experience and a robust framework for ongoing career development.
So, what's next?We make hiring decisions based on your experience, skills and passion so even if you don't match every listed skill or tick all the boxes, we'd still love to hear from you.
Please note that interviews are primarily conducted virtually and if you require any reasonable adjustments or would like to note which pronouns you use, please let us know.
All final applicants for this position will be asked to consent to a criminal record and background check. Please note that people with criminal records are not automatically barred from applying for this position. Each application will be considered on its merits.