Data Sharing and Privacy Steward
City of London (Greater London) Accounting / Management control
Job description
Role Title: Data Sharing and Privacy Steward
Business: HSBC Global Asset Management
New or Existing Role:
Grade: GCB4
Role Purpose
· Data Privacy Stewards monitor, report, advise, and set actions for each country to ensure that HSBC Global Asset Management is fully compliant with HSBC's policies relating to Data Privacy. Data Privacy Stewards act as subject matter experts for any change programmes and business transformations with the business and delivery partners to ensure data privacy is included by design.
· They act as a role model, demonstrating active leadership and communication on data privacy topics, initiatives and developments in both law and regulation. As a subject matter expert they need to be able to communicate and operate at executive level, across regions and global businesses, working closely with Group Data Privacy, Legal, Compliance and the Business and Data Architects and Chief Data Officer.
· Data Privacy Stewards are responsible for embedding and strengthening data privacy controls within HSBC Global Asset Management, working with Risk teams to develop effective monitoring and testing of these controls within established risk frameworks and implementation of any residual post-GDPR actions. The role holder has end to end responsibility for all aspects of data privacy & sharing strategy and the operating model including: definition, execution, establishing and reporting on Key Process Indicators or Key Risk Indicators.
· THE AMG Global Data Privacy and Sharing Steward will work closely with the Regional Business Heads, Project Managers and Global Change Delivery (Transformation) teams to ensure alignment of their programmes with the Data Privacy operating model and the Group Policies relating to Data Privacy Policies, Laws and Regulations.
· Data Privacy Stewards may have line management responsibility for more junior resources within their resource pool (as related to their job family)
Key Accountabilities
Impact on Business
· Engages with stakeholders to create buy-in for implementation of data privacy by design and manages change from order book through to the Data Design Authporities witht eh Chief Data Architect to ensure Privacy and legal basis for any transfers are in place.
· Plans effectively around constraints and optimises the plan/operating model to minimise risk. The objective of the Data Sharing Steward is to open up data transfers within the legal and regulatory boundaries and to challenge appropriately restrictions on data transfers.
· Actively owns, manages and co-ordinates the implementation of operating model to ensure effective tracking of approavals, keeping stakeholders focused on the agreed change outcomes and benefits.
· Baselines the data privacy requirements, designs, budget and scope. Manages changes through the change control process. Challenges and intervenes where there is scope creep, budget overrun and plan slippage for compliance with Data Privacy.
· Proactively determine, analyse and identify data privacy metrics and measurements and dictates improvement plans to ensure compliance.
· Implement related global controls/processes for data privacy e.g. repositories for privacy notices, PIA reviews, maintaining the Record of Processing, information lifecycle management etc where appropriate.
· Influence and collaborates with stakeholders and business partners, building strong relationships to ensure consensus and influence change outcomes. Fosters open and honest communication, and is able to explain complex or abstract requirements in meaningful ways that can be understood easily.
· Act as primary contact point and subject matter expert on behalf of HSBC Global Asset Management with Group stakeholders such as Data Protection Officers, Group Data Privacy Legal teams etc, relating to data privacy.
· Act as primary contact point and subject matter expert for Chief Data Officer.
· Anticipates and identifies existing or emerging risks/issues relating to Data Privacy policy, laws or regulations.
· Acts as a strong advocate for data privacy and data protection – a visible and clear leader for the data privacy operating model and the delivery of its outcomes and benefits.
· Sets the pace and operating rhythm, driving a culture of achievement and ensures pace by identifying and removing barriers to success.
· Promotes pace and energy within the team and leads by example.
Customers / Stakeholders
· Champions activities encouraging effective processing of individual's data privacy requests/issues.
· Acts and consults as data privacy subject matter expert in relation to processing arrangements with third parties.
· Strengthen Stakeholder Relationships. Uses relationship management skills/tools to responsibly influence decisions and stakeholder advocac.
Leadership & Teamwork
· Identifies the resource requirements relating to data privacy, requesting the appropriate resource by skill set and/or experience. Works with the Chief Data Officer and regional stakeholders to ensure adequate resource is provided to the programme
· Ensure effective and appropriate resourcing to data privacy requirements with the right blend of skills and good working relationships
· Ensures good data privacy awareness and orientation, and develops appropriate training materials – i.e. the team understand the data privacy polices, laws, regulations and upcoming/emerging issues and how this links to HSBC Global Asset Management
· Defines high level responsibilities and objectives for teams in terms of data privacy
· As a role model, encourages collaboration and team work
· Able to operate effectively across global and multi-disciplinary teams where required
· Promotes the Group's Values and strategy by creating a positive work environment and promoting teamwork to drive team engagement
Operational Effectiveness & Control
· Produces a well defined approach to embedding data privacy mindset and standards into the organisation, sets the key workstreams/milestones and assigns project managers.
· Ensures most efficient course for delivery by identifying and removing barriers to success.
· Demonstrates financial acumen to develop and manage a detailed business case, including investments, detailed benefits and link to overall finances of the business.
· Provides proactive and timely reports on data privacy status, risks and issues.
· Reviews and constructively challenges status reports and ensures all aspects of relevant processes and procedures are being managed effectively.
· Manages and reports on risks, issues and dependencies, promoting good risk management across the regions.
· Promotes and takes accountability for programme quality; identifies opportunities to improve delivery and oversees the data privacy governance process to reduce risk and ensure effective and timely decisions.
· Ensures programme and project teams follow correct control frameworks relating to data privacy such as privacy impact assessments and associated changes to processing of data.
· Captures feedback to improve data privacy operating model, processes, procedures, risk frameworks and artifcats where appropriate.
· Ensures governance processes and decisions are applied consistently, including:
· Engaging stakeholders effectively
· Use standardised metrics and reporting
Observation of Internal Controls
· The jobholder will adhere to, and be able to demonstrate adherence to, internal controls and will implement the Group compliance policy by adhering to all relevant processes/procedures.
· The term ‘compliance' embraces all relevant financial services laws, rules and codes with which the business has to comply. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
· The following statement is only for roles with managerial or specific Compliance responsibilities
· The jobholder will implement measures to contain compliance risk across the business area. This will be achieved by liaising with Compliance department about business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.
Desired profile
Qualifications :
Knowledge & Experience / Qualifications
· Working knowledge of Data Privacy policies, laws, regulations, processes and related artefacts
· Subject Matter Expertise in data privacy as it relates to Asset Management and broader financial services industry
· Experience of leading and managing data projects/operating models in the financial services industry
As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.
We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies
We are an equal opportunity employer and are committed to creating a diverse environment.
https://www.hsbc.co.uk/1/2/popups/uk-privacy-statement#/ overview