Mott MacDonald’s support services are the driving force behind our organisation enabling us to run efficiently and effectively. The team works collaboratively to offer specialist advice, best practice and technology to all areas of our business specifically designed for our global reach.
The Group Head of Privacy and Data Protection and his team operate as a global advisory, compliance, and assurance function. The role of Privacy and Data Protection Analyst – Operations, is focussed on supporting these activities by ensuring the effective and efficient operation of business processes and systems that support the work of the team (and the delivery of the wider privacy and data protection compliance programme).
Job Description
Informing and advising Mott MacDonald colleagues across the globe of their general obligations under applicable privacy and data protection laws (including the UK General Data Protection Regulation and Data Protection Act 2018).
Managing the Privacy and Data Protection Team email inbox and triaging enquiries to ensure they are prioritised appropriately (either using your knowledge and expertise to respond directly, directing colleagues to the appropriate internal resources on the corporate Intranet (Compass) and/or business management system (STEP), or escalating to another member of the team as appropriate).
Acting as the super-user/administrator for Mott MacDonald’s instance of the OneTrust privacy management platform used to manage: Personal Information Risk Assessments (PIRAs), Personal Information Compliance Assessments (PICAs), and Asset Discovery Questionnaires (ADQs); individual rights requests (including ‘Subject Access Requests’); the Group’s statutory ‘record of processing activities’ (ROPA); and data breach incident reporting. This includes adding and training new users, liaising with the OneTrust service desk as required to raise tickets and resolve issues/incidents, and maintaining an advanced level of technical expertise.
Advising colleagues on whether PIRAs or ADQs are required for new projects, initiatives, or systems/applications and providing guidance on how these assessments should be conducted.
Working with internal stakeholders (including IT and cyber/information security teams) to co-ordinate the timely identification, reporting, logging, investigation and resolution of personal data breaches. Capturing and collating statistical information and performance metrics related to privacy and data protection compliance.
Liaising with the Group Risk Team to update associated Key Risk Indicators that are reported to the Group’s Risk Committee and Executive Board. Managing the vendor registration and due diligence process on behalf of the Privacy and Data Protection Team (liaising with vendor contacts and colleagues in Mott MacDonald’s procurement teams). Raising purchase orders and liaising with vendor contacts and colleagues in the Accounts Payable team to ensure that invoices are accurate and processed/paid on time.
Co-ordinating the maintenance and periodic review of privacy and data protection content published: (1) on the corporate Intranet (Compass); (2) on the Group’s business management system (STEP); (3) in ‘Bid FAQs’ used by colleagues when responding to compliance questions from prospective clients; and (4) in a suite of bespoke eLearning courses.
Proactively co-ordinating and supporting the Group’s efforts to achieve certification under ISO/IEC FDIS 27701.
Attending external training sessions; participating in internal gap analysis sessions and external benchmarking audits; mapping existing policies, requirements, and guidance to the standard; and ensuring that supporting evidence of compliance (process maps and other documents/records) is being created, collated, and maintained.
Co-ordinating and supporting the Privacy Practitioner Network (approximately 70 volunteers embedded within the business worldwide).
Ensuring the relevant Intranet page, email distribution list, and DataGuidance subscriptions are updated when members join or leave the group; arranging quarterly regional forums; and helping to maintain global coverage (with at least one practitioner in each jurisdiction where Mott MacDonald operates).
Essential
1. Experience of working with OneTrust or other privacy management systems/applications.
2. A confident and articulate self-starter able to manage and prioritise a large and varied workload, work independently, take decisions on your own initiative within defined parameters, and meet challenging deadlines (whilst managing the expectations of others).
3. Excellent IT and administrative skills (including extensive experience of using SharePoint and other Microsoft applications).
4. Experience of handling sensitive/confidential information with discretion; and a strong commitment to uphold ethical standards and maintain your professional integrity.
5. Able to assimilate and interpret information quickly; and can explain complex processes or requirements to colleagues without using confusing technical or legal jargon.
6. Able to communicate effectively (and respectfully) with colleagues, data subjects, commercial partners and other external stakeholders irrespective of national boundaries and cultures.
Desirable
1. An awareness of privacy and data protection laws (and associated regulatory frameworks) and experience of providing practical advice on the interpretation and application of those laws.
2. Experience of acting as a OneTrust Site Admin or a super/admin user for another privacy management system/application.
3. A certification from OneTrust (for example the OneTrust Expert Certification) and/or the International Association of Privacy Professionals (for example the CIPP/E or CIPT).
4. Experience of supporting the response to personal data breaches; and an understanding of the potential impact this type of incident can have on the individuals affected, as well as the processor(s)/controller(s) involved.
5. Experience of co-ordinating the resolution of individual rights requests (for example Subject Access requests and/or deletion requests).
6. Experience of supporting and promoting behaviour change (focused on building an effective privacy and data protection compliance culture) within a large, complex, multi-site organisation.
7. General awareness of information security and records management issues.
8. Experience of dealing with invoicing/payment processes and using finance/ERP systems.
We are actively recruiting a diverse workforce that is reflective of the communities we serve. We recognise that differences in ability, skills and experience are a strength and encourage applications from people of all backgrounds.
#J-18808-Ljbffr