Data Protection & Compliance Officer

Closing Date: 29/10/2021

Department: STM Fidecs Central Services Limited 

Location: Gibraltar

Reporting to: Gibraltar Head of Compliance

Direct Reports: None



JOB OBJECTIVE

To support the Gibraltar Head of Risk and Compliance in:

  • Promoting a positive and consistent Risk and Compliance culture that is in line with STM strategies; and 
  • Providing Risk and Compliance oversight and support across the Gibraltar regulated subsidiaries of the Group, ensuring that all businesses within Gibraltar remain compliant.
  • Acting as Data Protection Officer which involves dealing with the day-to-day management of Data Protection issues including: breach notifications, Subject Access Requests (SAR). The Data Protection Officer will also act as a point of contact for the Gibraltar Licensees

KEY RESPONSIBILITIES

  • Ensuring compliance with GFSC rules and Money Laundering Regulations
  • Overseeing the monitoring of regulatory developments, which include assessing and ensuring appropriate controls are put in place for changes that impact the firm
  • Ensuring the adequacy of the firm’s money laundering and terrorism financing systems and controls via regulatory monitoring reviews
  • Assisting in the execution of the firm’s Annual Compliance Monitoring Programme
  • Completing compliance monitoring reports which present findings and include suggestions for relevant remedial actions, in a clear, accurate and consistent manner
  • Escalating risks and issues to the Gibraltar Head of Risk & Compliance and / or the Group Head of Enterprise Risk
  • Assisting in ensuring that regulatory returns are submitted within set deadlines;  including the annual Statement of Compliance and Financial Crime Returns
  • Assisting in delivering appropriate compliance training to employees
  • Other duties as maybe directed and required by the firm 
  • Investigate data breaches, with a view to identifying remedial actions and ensure these are implemented.
  • Acting as a point of contact with the Gibraltar Regulatory Authority (GRA).  This may include facilitating access to the documents and information necessary for the GRA to perform their regulatory duties.
  • Liaise with the Gibraltar Head of Risk and Compliance to enquire adequate internal audit/Compliance Monitoring coverage.
  • Maintain data protection policies and procedures.
  • Provide advice and guidance to employees who assist with processing Subject Access Requests (SAR).
  • Advise on data protection requests from third parties.
  • Liaise with customers and employees who have raised concerns about any matters relating to Data Protection.

KEY COMPETENCIES

  • Strong analytical, written/verbal communication, interpersonal, and relationship-building skills
  • Ability to work effectively within a team
  • Ability to manage various assignments and to quickly adapt to change
  • Self-motivated, flexible, and capable of working to deadlines, independently and as a part of a team
  • Build, develop, and maintain strong relationships 

QUALIFICATIONS

Ideally

  • Educated to degree level

Skills

  • Strong administrative experience, attention to detail, and good organisational skills
  • Good interpersonal skills, strong IT skills particularly Word and Excel
  • Able to manage priorities and time efficiently
  • Able to work with minimum supervision
  • Confident user of Microsoft Office with good keyboard skills
  • A pro-active person who has an eye for detail and is confident enough to suggest improvements to the existing processes
  • Understanding of the end to end KYC and client onboarding processes

Knowledge and Experience

  • Good knowledge of the regulations governing the Gibraltar Financial Services Industry with particular emphasis on Life Assurance Experience
  • Demonstrable experience in compliance monitoring
  • Strong communication, report writing and presentational skills
  • Ability to produce timely and accurate reports delivering key issues and messages with minimal managerial input
  • Ability to take ownership and responsibility for timeliness and quality of delivery of monitoring reports
  • Ability to summarise regulatory change in a format that is understandable to its audience

The tasks listed are not meant to be exhaustive and you may be asked to undertake other reasonable tasks of a similar nature, but which are not explicitly listed in the job description.

Apply for this job