Chief Data Protection and Privacy Officer

This is your opportunity to join AXIS Capital – a trusted global provider of specialty lines insurance and reinsurance.  We stand apart for our outstanding client service, intelligent risk taking and superior risk adjusted returns for our shareholders. We also proudly maintain an entrepreneurial, disciplined and ethical corporate culture.  As a member of AXIS, you join a team that is among the best in the industry.

At AXIS, we believe that we are only as strong as our people. We strive to create an inclusive and welcoming culture where employees of all backgrounds and from all walks of life feel comfortable and empowered to be themselves. This means that we bring our whole selves to work. 

All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex, pregnancy, sexual orientation, gender identity or expression, national origin or ancestry, citizenship, physical or mental disability, age, marital status, civil union status, family or parental status, or any other characteristic protected by law. Accommodation is available upon request for candidates taking part in the selection process.

Job Description: Chief Data Protection and Privacy Officer (CDPPO)

What you will do in this role?

The Chief Data Protection and Privacy Officer (CDPPO) serves as the authority for all data privacy and protection matters within our global insurance and reinsurance operations. This leadership role is responsible for designing and leading a comprehensive privacy strategy that ensures full compliance with the evolving legal landscapes of the EU (GDPR), the UK (UK GDPR/Data Protection Act), and US federal and state laws. The CDPPO directs the professional privacy team within the Data Protection and Privacy Office as well as works with other departments, leaders and Privacy Champions to embed privacy protection into our global insurance operations and lead our response to complex data challenges, including AI governance and cross-border data transfers.  The successful candidate will be able to take on the challenge of coordinating and driving others to think about, engage in and ensure compliance. 

Key Responsibilities

• Strategy & Compliance: Establish, drive implementation and maintain a global privacy compliance and compliance framework that aligns with diverse international regulations while supporting business growth and innovation.

• Regulatory Compliance: Monitor and ensure adherence to the GDPR (EU), UK GDPR, and major US laws. Act as the primary liaison with global supervisory authorities and data protection regulators

• Risk Management: Oversee the execution of Data Protection Impact Assessments (DPIAs), Record of Processing Activities (ROPA) and Privacy Impact Assessments (PIAs), among other risk management activities.  Also alignment and collaboration with Enterprise Risk Management (identifying and mitigating privacy risks as related to the business of AXIS).

• Artificial Intelligence: Provide guidance on and be an integral collaborator with regards to the introduction  and embedding of AI governance into the workspace.

• Incident Response:  Engage with others key stakeholders to respond to data privacy breaches, including determination of notification requirements across multiple jurisdictions as applicable.

• Cross-Functional Collaboration: Partner with the CISO to align privacy and security programs and work with product teams to integrate ‘privacy by design’ into the entire insurance lifecycle.

• Advocacy & Education:  Affirmatively foster a "culture of privacy" through organization-wide training and represent the company’s privacy interests in industry and legislative forums.

• Should include third party data processing management and international data transfers etc.… (legal and contractual management tasks)

What you need to have:

• Experience: 7-10 years of experience in data privacy, legal, or compliance, with management experience a plus.

• Expertise: Deep, verifiable knowledge of EU GDPR, UK GDPR, and US privacy laws (e.g., CCPA, HIPAA). Experience in the highly regulated insurance or financial services sector is strongly preferred.

• Education:  Bachelor’s degree in business,  accounting, finance operations,  risk management or other related , Juris Doctor (JD) or Master’s degree with a post graduate focus on Privacy or Data Protection is highly preferred.

• Certifications:  IAPP certifications: CIPP/E (Europe), CIPP/US (United States), and CIPM (Management) preferred.

• Technical Proficiency: Familiarity with AI governance frameworks (e.g., EU AI Act).

• Focus: Strong analytical skills, with ability to quickly assess key elements of legal and regulatory risk, coupled with good technical drafting and negotiation skills.

• Collaboration: Strong interpersonal, written, and oral communication skills with ability to translate technical concepts to a non-technical audience, gain confidence of business colleagues and perform as an effective team player

Role Factors:

In this role, you will typically be required to:

Be in the office 3 days per week.

What we offer:

For this position, we currently expect to offer a base salary in the range of $165,00 - $245,000 USD (New York), $145,000 - $225,000 (Atlanta). Your salary offer will be based on an assessment of a variety of factors including your specific experience and work location. 

In addition, you will be offered competitive target incentive compensation, with awards based on overall corporate and individual performance. On top of this, you will be eligible for a comprehensive and competitive benefits package which includes medical plans for you and your family, health and wellness programs, retirement plans, tuition reimbursement, paid vacation, and much more.