• Profile

Job Description

Arbuthnot Latham has been associated with banking since 1833. We combine private and commercial banking, wealth planning and investment management. We believe in traditional relationship and service-led banking powered by modern technology.
 
Job Purpose

The purpose of this role is to develop, maintain and implement a privacy framework and the resulting privacy policies, procedures and documentation for the processing of personal data in coordination with appropriate members of the organisation (e.g., business process owners, legal, information security, operational risk, compliance officers and supplier management).

Where applicable, to place the interests of customers at the centre of all activities, act in a way that is consistent with achieving good outcomes for consumers; and to comply with the FCA and PRA's Conduct Rules.

Job Description

Key Responsibilities:

Governance

  • Devise and update policies and procedures for customers, employees and data breach response activities, ensuring alignment with the actual implementation of personal data processing activities.
  • Monitor continuous adherence to the privacy framework requirements.
  • Work to ensure the organisation maintains the appropriate privacy and confidentiality consent procedures, authorisation forms, and information notices.
  • Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, security and other internal stakeholders to ensure enterprise-wide coverage of the privacy discipline.
  • Work with procurement, vendor management and legal to ensure that third-party suppliers' contracts and operating-level agreements meet [international] privacy requirements.
  • Implement and maintain an internal reporting mechanism for intended (new or changed) personal data processing activities, to which business unit/process owners must adhere. Part of this mechanism will determine when and how to conduct the necessary impact assessment(s).
  • Notify data protection authorities of the organisation's processing activities and/or obtain guidance where required.
  • Inform/direct response to privacy-related emergencies and other potentially damaging events.
  • Communicate with regulatory authorities and the public concerning privacy issues (for example, answering data subject’s questions and requests).

Privacy Impact Assessment

  • Determine the enterprise's specific privacy-related requirements and potential vulnerabilities.
  • Receive and manage internal reports from business stakeholders to maintain insight over all project and innovative initiatives, including change management, to ensure timely attention for privacy bottlenecks and hiatuses.
  • Develop, improve and manage the privacy impact assessment process, in close collaboration with business stakeholders.
  • Conduct regular privacy policy compliance assessments to ensure that AL’s privacy policies are being adhered to.

Personal Data Inventory and Usage

  • Oversee the creation of an inventory that documents how and why the company collects, shares and uses personal data.
  • Build processes to continuously update and re-evaluate the extent to which customer and employee information is collected and shared internally and externally.
  • Maintain AL’s registry of all personal data stores and processing activities.
  • Strengthen alignment between privacy and data-centric stakeholders by assisting them in refining and operationalising AL’s retention schedule using output from privacy management activities (e.g. PIA) to facilitate deletion or anonymisation of personal data that is no longer needed for identified purpose(s), and in accordance with applicable requirements.

Information Technology

  • Ensure that data security practices — in particular, logging, monitoring and auditing practices — do not conflict with privacy requirements.
  • Work closely with the technology service teams to anticipate potential privacy problems embedded in the use of emerging technologies.

Managing privacy risks in the context of new technologies and change initiatives:

  • Assessing the privacy implications of emerging technologies like artificial intelligence (AI), machine learning (ML), and blockchain.
  • Developing and implementing privacy-by-design principles into the development of new technologies and products.

Risk:

  • Responsible for managing risks inherent to the role by diligently observing internal policies and procedures.

Key Interfaces

  • Data Protection Officer
  • Chief Information Officer & CISO
  • Compliance Officers
  • Supplier Management and Supplier Managers

Person Specification

Knowledge/Experience/Skills:

  • Highly developed Strong analytical and problem resolution skills.
  • Advanced business judgment, with the ability to think strategically and give practical advice by balancing business needs with privacy risks.
  • Developed written and verbal communication skills, as well as the ability to work well with a diverse client base.
  • Detailed Understanding of the privacy aspects of the product development life cycle, data handling and asset classification, and knowledge of the role of a privacy professional in ensuring that customer data is properly managed.
  • Advanced Interest in national and international privacy developments, constitutional privacy guarantees, international privacy guidelines and principles, privacy by design, protection by default, data subject's rights, privacy accountability and minimal disclosure.
  • Advanced Ability to articulate the importance of customer privacy. Comfort with promoting privacy at all levels, including audiences who have varying levels of familiarity with the topic.
  • Developed Ability to maintain proper documentation, relevant records and archives in an orderly, transparent fashion.
  • Advanced Comprehensive understanding of data privacy principles, such as data minimization, data purpose limitation, and data subject rights.
  • Advanced skill with data protection frameworks, such as NIST Privacy Framework and ISO 27701, and methodologies for implementing data governance framework within organisations.
  • Extensive Experience implementing a privacy program in a business that engages in business-to-business (B2B) and business-to-consumer (B2C) transactions.
  • Extensive experience in understanding business process flows and to provide recommendations for operationalizing compliance requirements.
  • Extensive Experience conducting privacy and data protection impact assessments and audits to identify and evaluate privacy risks within organisations.
  • Substantial Experience with and/or adequate knowledge of data protection technologies, such as encryption, anonymization, and privacy-enhancing technology.

Qualifications (one or more of the below qualifications, or a recognised equivalent)

  • Certified Information Privacy Professional (CIPP)
  • Certified Information Privacy Management (CIPM)
  • Certified Information Privacy Technologist (CIPT)

Competencies

  • Change Focus
  • Judgment & Problem Solving
  • Leading Others
  • Planning & Reviewing
  • Communication & Confidence

About Us

Life, Work and Benefits

Arbuthnot Latham is committed to equal-opportunities for all staff and candidates. We embrace inclusion & diversity and understand why they are critical for the success of our business and people.

  • Agile working
  • Competitive salary, pension & holiday allowance
  • BUPA Health cover
  • 4x Life Assurance
  • Income Protection scheme
  • Discretionary bonus
  • Market leading maternity/paternity and menopause policies
  • Flexible benefits

Data Privacy and Reasonable adjustments

We take keeping your data security seriously.  For more detail on how we may keep your data please refer to our Privacy Notice

https://careers.arbuthnotlatham.co.uk/files/RecruitmentPrivacyNotice.pdf

Reasonable adjustments: Please let us know of any adjustments or arrangements that you may need to help you apply to this role or that will help you during the recruitment process. If you wish to discuss any particular requirements or concerns you have because of a disability or medical condition please contact us at [email protected]. Information you provide about any disability or medical condition will remain confidential unless it is necessary to disclose it to other members of staff or outside agencies to ensure the health and safety of yourself and others, or to implement the adjustments you require. In these circumstances we will first discuss with you how and to whom the information may be disclosed.

Apply
Copyright © 2025 Powered by Eploy
Privacy notice