We’re 1st Central, a market-leading insurance company utilising smart data and technology at pace. Rapid growth has been based on giving our 1.4 million customers exactly what they want: great value insurance with an excellent service. And that’s the same for our colleagues too; we won Insurance Employer of the Year at the British Insurance Awards 2024 and our Glassdoor score is pretty mega too!
At 1st Central, data sits at the heart of everything we do, so protecting it is both a legal obligation and a core responsibility.
We’re looking for a Group Head of Data Protection (DPO) who’s passionate about privacy, someone who’s curious, commercially aware, and ready to shape the future of data protection across our Group.
You’ll be our senior voice on all things data protection - advising the Executive, Boards and senior leaders, and setting the strategic direction for privacy across the Group. You’ll lead a high‑performing Privacy team and make sure we’re not just compliant, but confident in how we manage and protect data.
We're looking for someone who has:
Significant experience as a DPO or from a similar compliance role
Expert knowledge of data privacy legislation including GDPR
Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001
The ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks
What's involved:
To be responsible for the development of a high performing Privacy team creating a clear vision whilst building strong relationships inside and outside the Group, in order to collaborate with and influence the executive and senior management across the Group and externally with corporate partners, including data subjects, regulators, suppliers and professional bodies
To have an excellent understanding of the key regulatory and statutory rules, regulations, principles and codes of practice incumbent upon Group companies and the jurisdictions in which they are domiciled in so far as they are relevant to the delivery of appropriate Data Protection compliance requirements, and to keep such awareness up to date
To define with the Executive, Boards and other senior stakeholders, and implement the Group’s Data Protection Strategy
To define, scope, gain Audit Committee approval for, and deliver the Group’s data privacy programme
To report to the Group’s Risk Committees on the compliance position highlighting key risks, incidents and matters requiring decisions by the relevant Board or senior management
To act as Data Protection Officer for all Group entities where the role is required, and be owner of the Group Data Protection Policy
To take overall responsibility for the oversight of Data Protection compliance and related Regulatory matters across the Group
Inform and advise Senior Management on data protection laws and policies
Monitor compliance with data protection laws and policies, and report on this to the Executive, SICL Management Committee, FCIM Management Committee and Group Audit committees.
Oversee the maintenance of records required to demonstrate data protection compliance
Supervise the Privacy Team’s completion of data protection impact assessments and develop and execute relevant project plans
Manage a program of awareness-raising and training to deliver compliance and to foster a data privacy culture within the company
Review Data Protection clauses in client terms and supplier contracts
Define, implement, and lead a data incident response and data breach notification procedure as well as provide incident management response where applicable
Be the contact point with and co-operate with the relevant Data Protection Authorities and to data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests
Being the focal point for all activity relating to data protection
Promote a culture of awareness of data security throughout the company
Comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times
Responsibility for maintaining department risk registers, providing evidence and commentary for controls, updates for Mitigation Actions and maintaining control matrices and attestations. Also, to ensure that your employees are aware of their responsibility to identify and report risk.
Ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times, including compliance with the Senior Managers Certification Regime (SMCR) Conduct Rules
Job-specific Competencies
Experience & Knowledge
Knowledge of FCA requirements (including individual responsibilities in relation to Consumer Duty)
Significant experience as a DPO or from a similar compliance role
Proven track record in leading data protection issues at a senior level
Project management experience
Experience of interfacing with data protection regulators
Experience in designing and implementing a data protection strategy
Experience leading a department
Educated to degree level
IAPP CIPP/E or CIPM or equivalent data privacy qualification
Qualified Lawyer
Very familiar with UK, Gibraltarian, Guernsey and European data protection laws and practices, including (but not limited to) the Data Protection Act 2018, Privacy & Electronic Communications Regulations 2003 and the General Data Protection Regulation
A knowledge of best practice in information security, risk management, legal or audit
Expert knowledge of data privacy legislation including GDPR
Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001
Skills
Ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks
Excellent time management and organisation skills
Ability to conduct the role independently and with integrity
Ability to plan, organise and prioritise tasks and projects
Strong analytical skills
Extremely strong communication, influencing and stakeholder management skills
Behaviours
Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
Strong team player and proven ability to lead and manage a team
Enthusiastic and positive
The ability to remain calm, controlled and resilient
Self-motivated and enthusiastic
An organised and proactive approach
Strives to drive business improvements to contribute to the success of the business
If you're ready to lead, influence and make a real impact, we'd love to hear from you.
What can we do for you?
People first. Always. We’re passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that’s what we offer. Our workplaces are energetic, inspirational, supportive. To get a taste of the advantages you’ll enjoy, take a look at all our perks in full here.
Intrigued? Our Talent team can tell you everything you need to know about what we want and what we’re offering, so feel free to get in touch.
