Data Privacy Manager

About you and the role:

The Data Privacy Manager will be a key member of Enstar's Data Privacy function, working closely with the Head of Data Privacy to design, implement and maintain a robust, multi-jurisdictional data privacy programme. The role holder will be instrumental in embedding a culture of privacy awareness across the business, ensuring compliance with applicable data protection laws across all territories in which Enstar operates, and supporting the business in managing privacy risk in a fast-moving regulatory environment. This is a technically demanding role requiring an experienced privacy professional who is performance driven and comfortable operating across both legal and operational dimensions of data privacy. The role requires strong communication and collaboration across all functional areas within Enstar and the ability to support delivery of an effective privacy program and solutions that balance regulatory requirements and business objectives.

What you will be doing:

• Regulatory Compliance and Governance: Support the Head of Data Privacy in maintaining compliance with applicable data protection legislation across all operating jurisdictions (UK GDPR, EU GDPR, US privacy laws and Australian Privacy Act), managing the maintenance and updating of the ROPA, monitor regulatory developments as part of the Horizon Scanning Framework and manage regulatory registrations and filings.
• Privacy by Design: Manage the initiative to embed privacy by design default principles across the organisation.
• Data Subject Rights: Manage the end-to-end handling and recording of data subject rights requests across all jurisdictions.
• Privacy Notices and Consent Management: Manage the review process and updating of privacy notices and cookie consent management.
• Privacy Assessments: Manage the end-to-end privacy assessment processes for PIAs, DPIAs and LIAs.
• Third-Party and Vendor Management: Ensure Data Processing Agreements (DPAs) are in place with all relevant data processors, manage privacy due diligence on third-party suppliers as part of the Supplier Engagement Framework.
• Data Breach Management: Support the management of personal data incidents from identification to resolution, if required, support the DPO in the assessment and management of notifiable breaches across jurisdictions, manage the testing of the Data Breach Response Plan, and liaise with Information Security to align incident management processes.
• Training, Awareness and Culture: Design and manage the delivery of data privacy training programmes for employees/contractors at all levels, monitor training completion rates, champion privacy awareness across the business. Assist with the design of the Data Privacy Champions Programme and manage the deployment and development of the Champions Programme.
• Privacy Risk Management: Manage the maintenance and development of the data privacy risk register within the Group’s ERM framework and GRC platform across all jurisdictions. To proactively identify and assess privacy risks, develop proportionate mitigation plans, processes and controls, track and report on risk mitigation actions and collaborate with relevant business functions.
• Policies, Procedures and Documentation: Develop, maintain and review data protection policies and procedures across all jurisdictions, manage the policy review schedule, prepare management information and reporting on the status of the privacy programme for the Head of Data Privacy and relevant stakeholders.
• International Data Transfers: Manage all international data transfer mechanisms across all operating jurisdictions, ensure all transfer mechanisms are current, properly documented and subject to regular review; manage the production of TIAs or TRAs where required; and maintain oversight of cross-border data flows arising from third-party arrangements.  

What you will bring:

• A minimum of four to six years of substantive, hands-on data privacy experience, ideally gained within a regulated financial services, insurance, or professional services environment.
• Relevant professional qualification CIPP/E, CIPM or equivalent.
• Demonstrable expertise in UK GDPR and the Data Protection Act 2018, with solid working knowledge of EU GDPR and at least one of: US privacy law (GLBA, CCPA/CPRA, state privacy laws), or Australian privacy law (Privacy Act 1988, APPs, NDB scheme).
• Practical experience of managing data subject rights programmes at volume, including SARs in a regulated sector context.
• Proven experience of conducting DPIAs and providing Privacy by Design advice to business stakeholders.
• Experience of negotiating and reviewing Data Processing Agreements and international data transfer mechanisms.
• Demonstrable experience of managing personal data breaches and advising on regulatory notification obligations.
• Experience in the insurance or reinsurance sector, with familiarity with insurance-specific data processing activities (claims, underwriting, fraud prevention databases, actuarial processing).
• Knowledge of the NAIC Insurance Data Security Model Law and state insurance commissioner notification requirements.
• Familiarity with the California Insurance Information and Privacy Protection Act (IIPPA) and its 2023 amendments.
• Experience of working within a multi-jurisdictional privacy programme spanning EEA, UK, US and/or Australian operations simultaneously.
• Legal qualification (solicitor, barrister or overseas equivalent) or privacy law academic background.

Your Benefits:

• Pension (Enrolment is automatic on joining with a 10% employer contribution)
• Dental Insurance (This is an optional taxable benefit available to employee, spouse, and dependents)
• Medical Insurance (This is an optional taxable benefit available to employee, spouse, and dependents through a private health network)
• Travel Insurance (As an employee you are automatically enrolled with business and leisure travel insurance with single, couple, family, or single parent family coverage options.)
• Eligible company funded annual 360 Health Assessment.
• Voucher for free annual eye examination.
• Option to loan a bicycle and safety equipment tax free.
• Wellness Reimbursement program (up to 700 pounds annual reimbursement for wellness related expenses, i.e, gym memberships, massage, etc.).
• Tusker – Electric Vehicle (A fixed monthly amount is taken directly from your gross salary and, in return, you get the use of a brand new electric car.).
• Optional Critical Illness coverage
• Automatic coverage provided by income protection programme 
• Access to Employee Assistance Programs (EAP) for health and wellbeing 
• One paid annual volunteer day