Privacy Officer - GDPR specialist

Your business:

Risk Management is responsible for developing the risk frameworks to allow the Group to take conscious exposures to credit, market, operational, compliance and insurance risks within a Board-approved appetite.

Risk Management ensures the Group has appropriate strategies and frameworks in place to assess, manage and report on credit, market, operational, compliance and insurance risks. Compliance sits within Risk Management, and jointly reports through to the business unit Chief Risk Officer, and the Executive General Manager for Compliance.

The role supports the Institutional Banking and Markets business unit (IB&M). IB&M is responsible for managing the Group's relationships with major corporate and government clients and institutional investors, and provides a full range of capital raising, transactional and risk management products and services.

IB&M also performs an important internal role for the Group by providing markets, lending and transaction banking execution capabilities to other CBA business units that allows them to capture opportunities with business customers.

Your team:

IB&M Compliance sits within IB&M but also operates within the broader Group Risk Management function. IB&M Compliance aims to significantly reduce or remove the potential for IB&M and its staff to be exposed to harm arising from compliance breaches. IB&M Line 2 also helps protect IB&M from the risk of loss resulting from inadequate or failed internal processes, people and systems, or external events. It includes legal, regulatory, fraud, business continuity and technology risks but excludes strategic and reputational risks.

IB&M Compliance provides oversight and guidance to the business to ensure that it has sufficient capability to be compliant with regulations, reduce operational risks and build trust with its customers.

The position of Privacy Officer will lead privacy risk agenda within the business and bring privacy and compliance expertise to the IB&M. The Privacy Officer will work closely with the Group Privacy Office, IB&M Privacy Advisor, and Group Compliance

Your impact & contribution:

To support sustainable business growth across IB&M through optimal risk/reward decisions and assurance on key controls.

Your role will provide compliance advice and support for the IB&M businesses.

As a line 2 role, you will work closely with the Business (including Line 1 Risk Management), other Risk functions (Compliance, Market Risk, Credit) and other functions which support the business. Thee Privacy Officer will operate in a leadership capacity, in a role that provides a fantastic opportunity to make a difference by driving the privacy agenda within the business. IB&M is looking for a dynamic leader who will play a crucial role in assuring compliance with relevant privacy regulations and supporting Group-wide privacy governance. The Privacy Officer will review, challenge and advise the business on the establishment of privacy capability and ongoing privacy risk management.

Your reporting lines:

Reporting to the Executive Manager of IB&M Compliance, this role will collaborate with the Group Privacy Office, Centres of Excellence.

This role is required to act with independence and must have the ability to influence senior stakeholders by actively building and maintaining valuable relationships with:

• General Manager, Group Privacy Office
• Group Data Office
• IB&M Compliance team
• IB&M Line 1 Risk team
• IB&M Data teams

Your responsibilities:

Business Outcomes:

The Privacy Officer is a role that provides a fantastic opportunity to make a difference by driving the privacy agenda within the business. IB&M is looking for a dynamic leader who will play a crucial role in assuring compliance with relevant privacy regulations and supporting Group-wide privacy governance. The Privacy Officer will review, challenge and advise the business on the establishment of privacy capability and ongoing privacy risk management. The Privacy Officer will be responsible for the following:

Privacy Governance and Reporting

• Advise on the adequacy of governance over privacy obligations within IB&M
• Conduct independent review of the effectiveness of privacy risk management practices and the control environment within BU, and advice on areas of improvement
• Advise as necessary on privacy related reporting (including metrics and KRIs)
• Review and challenge privacy risk considerations in IB&M strategic planning process in line with privacy risk appetite, escalating issues to the relevant governance forum where appropriate

Privacy Risk Management Oversight and Advice

• Understand the privacy regulation landscape for the jurisdictions in which IB&M operates
• Assist business to identify privacy obligations relevant to BU, and advice on embedding and monitoring of privacy obligations
• Review and challenge IB&M responses to regulator requests, and support the Group Chief Privacy Officer to manage engagements with privacy regulators
• Review and challenge the appropriateness of privacy risk assessments, quality of privacy controls and the portfolio of privacy risk profiles within IB&M
• Review Line 1 material privacy risk mitigation action plans and report on their effectiveness
• Conduct thematic monitoring and assurance review across privacy related business activities within IB&M
• Review and challenge the design and operational effectiveness of privacy controls testing, including testing strategies and plans
• Conduct end to end testing of privacy related controls and report on Line 2 privacy related monitoring and assurance activities
• Review privacy related issue and incident assessment practices with IB&M
• Support the establishment of sufficient capability and capacity within IB&M Compliance
• Provide proactive advice, support and insight to enhance privacy awareness and decision making within IB&M with regards to privacy
• Review the effectiveness of privacy frameworks, tools and training and recommend improvements

Leadership/Management

• Personally role model the expected leadership behaviors and lead through our Vision and Values
• Effective and constructive contribution to IB&M Line 2 Compliance and the broader Risk Management function, with a focus on collaboration and embedding a “One Risk Team” culture across the function
• Lead, manage, coach and develop IB&M Line 2, incorporating direct reports, IB&M partners and their teams
• Apply CBA’s people management systems to effectively manage such issues as occupational health and safety, recruiting and on boarding new staff, setting KRAs and KPIs, creating development plans, supervising work, providing feedback formally and informally, carrying out disciplinary procedures when necessary, recognising and rewarding staff.

Your skills & experience:

• Substantial information governance and risk management experience as well as expert knowledge of data protection, privacy and the risk and control environment
• Demonstrated experience in conducting monitoring activities and assurance reviews
• Extensive working knowledge of national and international privacy laws and regulations and their applicability to the jurisdictions in which IB&M operates
• Successful track record of delivering required business outcomes
• Ability to demonstrate independence, provide oversight and challenge senior management on decisions and processes regarding privacy, strategy and compliance
• Superior communication skills and the ability to manage multiple stakeholders
• Willingness and ability to build and maintain relationships, both internally and externally, across functions and experience levels, and successfully embed and reinforce a strong compliance culture
• Demonstrated ability to work in a fast-paced environment and to make sound judgments under tight deadlines
• Self-starter with the ability to self-direct as needed
• Commercial acumen and the ability to determine the value of data to the BU and its customers
• Experience in privacy strategy definition and governance is highly regarded by not essential

Your qualifications:

• At least 4- 8 years of relevant work experience and a proven track record dealing with privacy related issues for financial services firms and/or multi-national organisations
• Extensive industry experience, preferably with a background in Compliance, Legal, Risk or Controls gained in an international financial institution, regulatory authority or professional services firm
• Relevant privacy and data protection qualification (PDP/CDPP/ECDPO/CIPP/CIPM etc.)

Applications close: 12 Nov 2019 GMT Standard Time

For further information, and to apply, please visit our website via the “Apply” button below.