Job Description

We’re 1st Central, a market-leading insurance company utilising smart data and technology at pace. Rapid growth has been based on giving our 1.4 million customers exactly what they want: great value insurance with an excellent service. And that’s the same for our colleagues too; we won Insurance Employer of the Year at the British Insurance Awards 2024 and our Glassdoor score is pretty mega too!

At 1st Central, data sits at the heart of everything we do, so protecting it is both a legal obligation and a core responsibility.

We’re looking for a Group Head of Data Protection (DPO) who’s passionate about privacy, someone who’s curious, commercially aware, and ready to shape the future of data protection across our Group.

You’ll be our senior voice on all things data protection - advising the Executive, Boards and senior leaders, and setting the strategic direction for privacy across the Group. You’ll lead a high‑performing Privacy team and make sure we’re not just compliant, but confident in how we manage and protect data.

We're looking for someone who has:

• Significant experience as a DPO or from a similar compliance role

• Expert knowledge of data privacy legislation including GDPR

• Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001

• The ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks

What's involved:

• To be responsible for the development of a high performing Privacy team creating a clear vision whilst building strong relationships inside and outside the Group, in order to collaborate with and influence the executive and senior management across the Group and externally with corporate partners, including data subjects, regulators, suppliers and professional bodies

• To have an excellent understanding of the key regulatory and statutory rules, regulations, principles and codes of practice incumbent upon Group companies and the jurisdictions in which they are domiciled in so far as they are relevant to the delivery of appropriate Data Protection compliance requirements, and to keep such awareness up to date

• To define with the Executive, Boards and other senior stakeholders, and implement the Group’s Data Protection Strategy

• To define, scope, gain Audit Committee approval for, and deliver the Group’s data privacy programme

• To report to the Group’s Risk Committees on the compliance position highlighting key risks, incidents and matters requiring decisions by the relevant Board or senior management

• To act as Data Protection Officer for all Group entities where the role is required, and be owner of the Group Data Protection Policy

• To take overall responsibility for the oversight of Data Protection compliance and related Regulatory matters across the Group

• Inform and advise Senior Management on data protection laws and policies

• Monitor compliance with data protection laws and policies, and report on this to the Executive, SICL Management Committee, FCIM Management Committee and Group Audit committees.

• Oversee the maintenance of records required to demonstrate data protection compliance

• Supervise the Privacy Team’s completion of data protection impact assessments and develop and execute relevant project plans

• Manage a program of awareness-raising and training to deliver compliance and to foster a data privacy culture within the company

• Review Data Protection clauses in client terms and supplier contracts

• Define, implement, and lead a data incident response and data breach notification procedure as well as provide incident management response where applicable

• Be the contact point with and co-operate with the relevant Data Protection Authorities and to data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests

• Being the focal point for all activity relating to data protection

• Promote a culture of awareness of data security throughout the company

• Comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times

• Responsibility for maintaining department risk registers, providing evidence and commentary for controls, updates for Mitigation Actions and maintaining control matrices and attestations. Also, to ensure that your employees are aware of their responsibility to identify and report risk.

• Ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times, including compliance with the Senior Managers Certification Regime (SMCR) Conduct Rules

Job-specific Competencies

Experience & Knowledge

• Knowledge of FCA requirements (including individual responsibilities in relation to Consumer Duty)

• Significant experience as a DPO or from a similar compliance role

• Proven track record in leading data protection issues at a senior level

• Project management experience

• Experience of interfacing with data protection regulators

• Experience in designing and implementing a data protection strategy

• Experience leading a department

• Educated to degree level

• IAPP CIPP/E or CIPM or equivalent data privacy qualification

• Qualified Lawyer

• Very familiar with UK, Gibraltarian, Guernsey and European data protection laws and practices, including (but not limited to) the Data Protection Act 2018, Privacy & Electronic Communications Regulations 2003 and the General Data Protection Regulation

• A knowledge of best practice in information security, risk management, legal or audit

• Expert knowledge of data privacy legislation including GDPR

• Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001

Skills

• Ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks

• Excellent time management and organisation skills

• Ability to conduct the role independently and with integrity

• Ability to plan, organise and prioritise tasks and projects

• Strong analytical skills

• Extremely strong communication, influencing and stakeholder management skills

Behaviours

• Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels

• Strong team player and proven ability to lead and manage a team

• Enthusiastic and positive

• The ability to remain calm, controlled and resilient

• Self-motivated and enthusiastic

• An organised and proactive approach

• Strives to drive business improvements to contribute to the success of the business

If you're ready to lead, influence and make a real impact, we'd love to hear from you.

What can we do for you?

People first. Always. We’re passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that’s what we offer. Our workplaces are energetic, inspirational, supportive. To get a taste of the advantages you’ll enjoy, take a look at all our perks in full here

Intrigued? Our Talent team can tell you everything you need to know about what we want and what we’re offering, so feel free to get in touch.