- Company Name
- Close Brothers Asset Finance
- Job Title
- Data Protection Analyst
- Job Description
-
Job title: Data Protection Analyst
Role Summary: Subject‑matter expert on data protection for the Asset Finance & Leasing division, supporting the Governance Manager to deliver the programme, promote a culture of compliance, and embed consistent standards across the business.
Expactations: Deliver a robust data protection framework, manage risk governance activities, provide assurance on controls, conduct DPIAs and audits, create training materials, and ensure adherence to UK‑GDPR and related regulations.
Key Responsibilities:
• Advise on compliance, technical and organisational measures, and operational effectiveness of data protection controls.
• Identify, measure, track, monitor and report operational and conduct risks from risk governance and first‑line controls.
• Conduct thematic reviews, flag regulatory risk to senior management, and partner to resolve issues.
• Ensure adherence to data protection processes, embed Group frameworks, and satisfy internal stakeholder requirements.
• Support enhancements from a first‑line risk perspective, ensuring new projects and products consider customer outcomes and data protection.
• Support product risk reviews and report to the relevant committees.
• Maintain and review the business information asset register.
• Ensure systems comply with all relevant privacy laws, including data retention and destruction.
• Create and deliver training on UK‑GDPR and other regulations.
• Support DPO and local businesses with DPIAs and audits.
• Partner with stakeholders across the three Lines of Defence, key business contacts, and management.
• Stay current on FCA, CCA, OFT, FLA and other regulatory changes.
• Manage risk logs, follow‑up outstanding actions, and conduct root cause analysis of risk events.
Required Skills:
• Up‑to‑date knowledge of data protection legislation and regulatory requirements.
• Proven record selecting and implementing privacy controls.
• In‑depth experience completing Privacy Impact Assessments.
• Experience responding to Subject Access Requests.
• Strong independent judgment and discretion in recommendations.
• Project and change management skills, with ability to prioritise and meet multiple deadlines.
• Excellent interpersonal, communication and stakeholder‑management skills.
• Self‑motivated, delivery‑focused, persistent, and able to handle confidential information with discretion.
• Proficient in MS Office, particularly Excel.
Required Education & Certifications:
• Bachelor’s degree in Law, Information Technology, Business, or related field.
• GDPR or equivalent data protection certification highly desirable.