Data Privacy Manager

About you and the role:

The Data Privacy Manager - US will be a key member of Enstar's Data Privacy function, working closely with the Head of Data Privacy to design, implement, and maintain a robust, multi-jurisdictional data privacy programme across the US. The role holder will be instrumental in embedding a culture of privacy awareness across the business, ensuring compliance with applicable data protection laws across all US territories in which Enstar operates, and supporting the business in managing privacy risk in a fast-moving regulatory environment.

This is a technically demanding role requiring an experienced privacy professional who is performance-driven and comfortable operating across both legal and operational dimensions of data privacy.  The role requires strong communication and collaboration across all functional areas within Enstar and the ability to support the delivery of an effective privacy program and solutions that balance regulatory requirements and business objectives.   

What you will be doing:

•    Regulatory Compliance and Governance: Support the Head of Data Privacy in maintaining compliance with applicable data protection legislation across all operating US jurisdictions and our other jurisdictions if required (UK, EU, Bermuda, and Australia), managing the maintenance and updating of the ROPA, monitoring regulatory developments as part of the Horizon Scanning Framework, and managing regulatory registrations and filings.
•    Privacy by Design: Manage the initiative to embed privacy by design default principles primarily across the US businesses and our other jurisdictions if required.
•    Data Subject Rights: Manage the end-to-end handling and recording of data subject rights requests across the US and our other jurisdictions if required.
•    Privacy Notices and Consent Management: Manage the review process and updating of privacy notices and cookie consent management.
•    Privacy Assessments: Manage the end-to-end privacy assessment processes for PIAs, DPIAs, and LIAs. 
•    Third-Party and Vendor Management: Ensure Data Processing Agreements (DPAs) are in place with all relevant data processors, manage privacy due diligence on third-party suppliers as part of the Supplier Engagement Framework.
•    Data Breach Management: Support the management of personal data incidents from identification to resolution, if required, support the DPO in the assessment and management of notifiable breaches across jurisdictions, manage the testing of the Data Breach Response Plan, and liaise with Information Security to align incident management processes.
•    Training, Awareness and Culture: Design and manage the delivery of data privacy training programmes for employees/contractors at all levels, monitor training completion rates, champion privacy awareness across the business. Assist with the design of the Data Privacy Champions Programme and manage the deployment and development of the Champions Programme.
•    Privacy Risk Management: Manage the maintenance and development of the data privacy risk register within the Group’s ERM framework and GRC platform across all jurisdictions. To proactively identify and assess privacy risks, develop proportionate mitigation plans, processes, and controls, track and report on risk mitigation actions, and collaborate with relevant business functions. 
•    Policies, Procedures and Documentation: Develop, maintain, and review data protection policies and procedures across all jurisdictions, manage the policy review schedule, prepare management information, and reporting on the status of the privacy programme for the Head of Data Privacy and relevant stakeholders.
•    International Data Transfers: Manage all international data transfer mechanisms across all operating jurisdictions, ensure all transfer mechanisms are current, properly documented, and subject to regular review; manage the production of TIAs or TRAs where required; and maintain oversight of cross-border data flows arising from third-party arrangements.

What you will bring:  

•    A minimum of four to six years of substantive, hands-on data privacy experience, ideally gained within a regulated financial services, insurance, or professional services environment.
•    Relevant professional qualification CIPP/US, CIPM or equivalent.
•    Demonstrable expertise in US privacy law (GLBA, CCPA/CPRA, state privacy laws) at a state and federal level.
•    Practical experience of managing data subject rights programmes at volume, including SARs in a regulated sector context.
•    Proven experience of conducting DPIAs and providing Privacy by Design advice to business stakeholders.
•    Experience of negotiating and reviewing Data Processing Agreements and international data transfer mechanisms.
•    Demonstrable experience of managing personal data breaches and advising on regulatory notification obligations.

Desirable

•    Relevant professional qualification CIPP/E
•    Demonstrable expertise in UK GDPR and the Data Protection Act 2018, with solid working knowledge of EU GDPR and at least one of: US privacy law (GLBA, CCPA/CPRA, state privacy laws), or Australian privacy law (Privacy Act 1988, APPs, NDB scheme).
•    Experience in the insurance or reinsurance sector, with familiarity with insurance-specific data processing activities (claims, underwriting, fraud prevention databases, actuarial processing).
•    Knowledge of the NAIC Insurance Data Security Model Law and state insurance commissioner notification requirements.
•    Familiarity with the California Insurance Information and Privacy Protection Act (IIPPA) and its 2023 amendments.
•    Experience of working within a multi-jurisdictional privacy programme spanning EEA, UK, US and/or Australian operations simultaneously.
•    Legal qualification (solicitor, barrister or overseas equivalent) or privacy law academic background.

Your Benefits:

• Enstar offers best-in-class Medical, Dental, and Vision healthcare for single and family coverage.
• Board-certified doctors and pediatricians are available virtually 24/7 for urgent care.
• Access to Health Savings Account (HSA) or Flexible Spending Account (FSA).
• Access to Dependent Care FSA to cover daycare expenses.
• Access to Employee Assistance Programs (EAP) for health and well-being.
• Optional Pet & Home/Auto Insurance.
• Wellness Reimbursement program (up to $600 annual reimbursement for wellness-related expenses, i.e., gym memberships, massage, etc.).
• 401K retirement plan (company matches up to 6% of employee contribution).
• One paid annual volunteer day.

General Info

The target base salary pay range for this role is $105,000-$145,000*

*Target full-time equivalent base salary range is based on relevant market data. The actual salary offered will depend on applicable market data for hiring location and relevant candidate knowledge, skills/experience. This salary range is not inclusive of applicable discretionary incentives.