Data Protection & Compliance Officer
Closing Date: 29/10/2021
Department: STM Fidecs Central Services Limited
Reporting to: Gibraltar Head of Compliance
Direct Reports: None
To support the Gibraltar Head of Risk and Compliance in:
- Promoting a positive and consistent Risk and Compliance culture that is in line with STM strategies; and
- Providing Risk and Compliance oversight and support across the Gibraltar regulated subsidiaries of the Group, ensuring that all businesses within Gibraltar remain compliant.
- Acting as Data Protection Officer which involves dealing with the day-to-day management of Data Protection issues including: breach notifications, Subject Access Requests (SAR). The Data Protection Officer will also act as a point of contact for the Gibraltar Licensees
- Ensuring compliance with GFSC rules and Money Laundering Regulations
- Overseeing the monitoring of regulatory developments, which include assessing and ensuring appropriate controls are put in place for changes that impact the firm
- Ensuring the adequacy of the firm’s money laundering and terrorism financing systems and controls via regulatory monitoring reviews
- Assisting in the execution of the firm’s Annual Compliance Monitoring Programme
- Completing compliance monitoring reports which present findings and include suggestions for relevant remedial actions, in a clear, accurate and consistent manner
- Escalating risks and issues to the Gibraltar Head of Risk & Compliance and / or the Group Head of Enterprise Risk
- Assisting in ensuring that regulatory returns are submitted within set deadlines; including the annual Statement of Compliance and Financial Crime Returns
- Assisting in delivering appropriate compliance training to employees
- Other duties as maybe directed and required by the firm
- Investigate data breaches, with a view to identifying remedial actions and ensure these are implemented.
- Acting as a point of contact with the Gibraltar Regulatory Authority (GRA). This may include facilitating access to the documents and information necessary for the GRA to perform their regulatory duties.
- Liaise with the Gibraltar Head of Risk and Compliance to enquire adequate internal audit/Compliance Monitoring coverage.
- Maintain data protection policies and procedures.
- Provide advice and guidance to employees who assist with processing Subject Access Requests (SAR).
- Advise on data protection requests from third parties.
- Liaise with customers and employees who have raised concerns about any matters relating to Data Protection.
- Strong analytical, written/verbal communication, interpersonal, and relationship-building skills
- Ability to work effectively within a team
- Ability to manage various assignments and to quickly adapt to change
- Self-motivated, flexible, and capable of working to deadlines, independently and as a part of a team
- Build, develop, and maintain strong relationships
- Educated to degree level
- Strong administrative experience, attention to detail, and good organisational skills
- Good interpersonal skills, strong IT skills particularly Word and Excel
- Able to manage priorities and time efficiently
- Able to work with minimum supervision
- Confident user of Microsoft Office with good keyboard skills
- A pro-active person who has an eye for detail and is confident enough to suggest improvements to the existing processes
- Understanding of the end to end KYC and client onboarding processes
Knowledge and Experience
- Good knowledge of the regulations governing the Gibraltar Financial Services Industry with particular emphasis on Life Assurance Experience
- Demonstrable experience in compliance monitoring
- Strong communication, report writing and presentational skills
- Ability to produce timely and accurate reports delivering key issues and messages with minimal managerial input
- Ability to take ownership and responsibility for timeliness and quality of delivery of monitoring reports
- Ability to summarise regulatory change in a format that is understandable to its audience
The tasks listed are not meant to be exhaustive and you may be asked to undertake other reasonable tasks of a similar nature, but which are not explicitly listed in the job description.