Job description

  • Location:
    Leeds, Liverpool
  • Department:
    IWI Business Protection
  • Division:
    IWI Compliance & Risk
  • Employment Type:
    Full time
  • Salary:

Data Privacy Manager (6261)

We're one of the UK's leading investment management companies, with responsibility for over £40 billion of client assets. We've worked closely with clients and their trusted advisers for many years and gained a unique understanding of the specific needs of our clients.

Investec Wealth & Investment seeks to deliver exceptional levels of customer service and has been trusted to meet the needs of private investors for almost 200 years. But our eyes are focused on your future.

Right now we're a team of over 1400 dedicated professionals located across 14 sites in the UK. We're looking to strengthen our team and need you to come on board and make a difference.

Embedded in our culture is a sense of belonging and inclusion. This creates an environment in which everyone is free to be themselves which helps to drive innovation, creativity and ultimately business performance. At Investec we want everyone to find it easy to be themselves, and to feel they belong. It's a responsibility we all share and is integral to our purpose and values as an organisation.

Research shows that some candidates can be reluctant to apply to a role unless they meet all the criteria. We pride ourselves on our entrepreneurial spirit here and welcome you to do the same – if the role excites you, please don't let our person specification hold you back. Get in touch!

Team description 

  • What does the IWI UK Data Privacy team do?

The UK GDPR requires data controllers (such as IW&I) to adopt organisational and technical measures to meet their various data protection obligations, and be able to demonstrate that they have done so.

It is vital that IW&I's efforts to not only meet but also maintain compliance with data protection laws, which are properly co-ordinated by staff with suitable expertise, who are supported by the organisational structure they work in. Implementation and maintenance of privacy-supporting measures, appropriate records keeping, regular audits of compliance, and responses to privacy-relevant events (such as change requests, subject access requests and data breaches) should all be co-ordinated via a suitably staffed and supported office.

Description of role and key responsibilities As part of the Data Privacy team, the Data Privacy Manager will help to embed and manage the data protection framework for effective management of data protection risks across IW&I UK, including the following duties:
• Managing the day to day data protection queries, informing and advising the business in conjunction with the DPO about its obligations to comply with data protection law.
• Conducting Data Protection Impact Assessments and advising on high risk processing activities.
• Ensuring data subject access requests are dealt with promptly and in compliance with data protection law.
• Managing the data breach risk event process and advising the business on an appropriate cause of action.
• Engage with the Third-Party management team during the onboarding process of third-party vendors.
• Monitoring the business' compliance with data protection law and its privacy framework, including awareness-raising and training of employees.
• Undertake annual reviews of Records of Processing Activities to ensure they remain accurate and up to date.
• Conduct annual monitoring reviews with the business and issue reports on Data Protection risks and controls
• Assist with the on-going maintenance and review of the Data Protection risk assessment in accordance with the ICO accountability framework
• Liaising with legal counsel to ensure contracts with clients and third parties have the relevant data protection clauses, where required

  • Core skills and knowledge

A proven track record in:
• Managing and providing subject matter expert advice on data protection and privacy matters.
• Aligning business practices to Data Protection Legislation, including both the GDPR and the broader UK/European Data Protection frameworks.
• Demonstrable experience of assessing and advising on the impact of data protection risks and actions required to address impact.
• Engaging with different stakeholders across multiple disciplines and mind-sets, from Operations to Legal, Compliance, Security and IT, adapting flexibly as required.
• Familiarity with principles of Information Security and how they relate to Data Protection.

  • One or more of the following are preferred:

• Do you hold a practitioner certificate in Data Privacy/Protection or equivalent?
• Are you CIPP/E or equivalent certified, showing familiarity with European Data Protection Legislation?
• Are you CIPM or equivalent certified showing familiarity with principles of Privacy Programme Management?

Close map

Meet the recruiter

Jess Sheehan


We commit to ensure that everyone is fairly assessed during our recruitment process.

Let us know if you need any reasonable adjustments to complete your application.

Share this page
Share with linkedin
Share with facebook
Share with twitter
Share with email
Job Alerts
Create an alert subscription based on this Job


Private Medical Cover
Virtual GP
Gym Discounts
Psychologist Service
Annual Leave
Life Assurance