Data and Compliance Manager

A vacancy exists for a Data and Compliance Manager to support SMMT Group in the Compliance Programme, Data Protection and Data Security areas.

PURPOSE OF POST:

• To lead, develop and operate the SMMT Group Compliance Programme: ie to promote, safeguard and maintain the SMMT’s approach to data, compliance and cyber security risks (in coordination with the Chief Technology Officer), in accordance with regulatory requirements and guidance, contractual and insurance obligations and to be the authoritative lead on other compliance areas referenced below

• To cover all principle regulatory requirements and processes for the corporate entities within the SMMT group of companies (SMMT Group), ie including Data Protection (UK GDPR, EU GDPR, The Privacy and Electronic Communications Regulations), PCI DSS, UK GDPR, GDPR, The Privacy and Electronic Communications Regulations (PECR), ISO27001 Anit-Bribery, Anti-Trust, Modern Slavery

• To police, safeguard and maintain compliance with SMMT’s & external parties’ vehicle data licences, proactively monitoring and overseeing appropriate action to identify, investigate, and where proven to rectify licence breaches

• To monitor and report results of the compliance/ethics efforts of SMMT Group and support SMMT Group’s Head of Legal in providing guidance for the Board and senior management team on compliance-related matters

• To register as the Data Protection Officer for SMMT Group

• To function as an independent and objective ‘body’ that reviews and evaluates compliance issues/concerns within SMMT Group and relating to external parties (tier one suppliers), providing a regular report to ensure that the Head of Legal may advise the SMMT Group Boards of Directors of any substantive issues

• To keep SMMT Group’s management. employees and third parties (e.g, tier one suppliers) abreast of regulatory and best practice compliance and data developments

• To ensure that all SMMT Group staff, through a training programme, are aware and act in compliance with, the rules and regulations of regulatory agencies, that SMMT Group policies and procedures are being followed, and that behaviour meets SMMT Group’s expected standards of conduct

QUALIFICATIONS / SKILLS / ATTRIBUTES REQUIRED BY JOB HOLDER:

• A positive and enthusiastic manner
• A degree and professional qualification (such as IAPP) required
• Proven experience in a data management and compliance role, with demonstrable management and professional experience;
• Familiarity with financial, quality assurance, and human resource procedures and regulations
• A reliable, highly organised individual, with an eye for detail
• Confident and fluent in report writing and oral presentation
• Flexible, able and willing to undertake a variety of tasks to support the smooth administration of the SMMT Group Compliance Programme
• A self starter, but also able to follow instructions and work effectively without constant supervision
• Excellent interpersonal skills, with an appreciation of sensitivity and confidentiality of some information and importance of avoiding damage to the SMMT’s image, profile and reputation
• ICT competence and willingness to learn and use new technologies

MAIN DUTIES INCLUDE:

• Maintain a documented record of all data flows across SMMT Group, to record how data is received, stored, accessed, shared (as applicable) and ultimately destroyed; To advise and ensure that personal data is managed in accordance with all relevant data protection regulations and required procedures

• Develop and document a programme to maintain customer (and member) compliance with SMMT vehicle data licences

• Maintain, review and revise policies and procedures for the general operation of an SMMT Group Compliance Programme and its related activities to prevent illegal, unethical, or improper conduct

• Collaborate with other departments and the wider SMMT Group, through a Data and Compliance Group to direct data and compliance issues to appropriate existing channels for investigation and resolution. Consult with the SMMT Head of Legal as needed to resolve difficult legal compliance issues

• Respond to alleged violations of rules, regulations, policies, procedures, and standards of conduct by evaluating or recommending the initiation of investigative procedures. Develop and oversee a system for uniform handling of such violations

• Act as an independent review and evaluation body to ensure that compliance issues/concerns within the organisation are being appropriately evaluated, investigated and resolved

• Monitor, and as necessary, coordinate compliance activities (internal and external) of SMMT Group departments to remain abreast of the status of all compliance activities and to identify trends

• Identify potential areas of compliance vulnerability and data risks across SMMT Group and tier 1 suppliers; develop/implement corrective action plans for resolution of problematic issues, and provide general guidance on how to avoid or deal with similar situations in the future

• Provide reports (e.g. compliance reports and cyber security reports) on a regular basis, and as directed or requested, to keep SMMT Group Boards and senior management informed of the operation and progress of compliance efforts

• Maintain an effective data/compliance communication programme for the organisation and third parties, including promoting (a) use of the Compliance phone line; (b) heightened awareness of standards of conduct, and (c) understanding of new and existing compliance issues and related policies and procedures

• Work with all SMMT Group departments and third parties as appropriate to maintain an effective compliance training programme, including appropriate introductory training for new employees as well as ongoing training for all employees and managers

• Monitor the performance of SMMT Group data, compliance and cyber security risk activities on a continuing basis, taking appropriate steps to improve security effectiveness

• Liaise and negotiate with all relevant parties, both internal and external on all compliance aspects of SMMT Group activity

• Work closely with (1) SMMT Data Intelligence on data security, integrity and data compliance generally, (2) IT on information security and ISO27001, onboarding third parties’ suppliers and other risk areas, (3) SMMT Group companies to monitor and audit outsourcing and third-party risks; (4) TMO on privacy compliance and data security

Prospective candidates should contact hr@smmt.co.uk with a CV and covering letter by 15 March 2024.