Data Protection Specialist - Team Lead

Company Profile: Established in 1978, NES Fircroft is an award-winning staffing specialist that supplies technical and engineering experts (“white collar”) to Oil and Gas, Power, Construction & Infrastructure, Life Sciences, Manufacturing, Chemical, Mining, Automotive and IT sectors worldwide on an international basis. We’re a highly experienced team of over 2000 professionals made up of recruitment consultants and support staff spanning 58 offices worldwide. We work with top candidates to ensure that we can offer a full range of staffing solutions to our clients, complemented by industry-leading support services.

Role Objective: Supporting the business in ensuring compliance with GDPR, CCPA, and other relevant data protection laws and regulations, along with contractual requirements associated with data processing activities. Maintaining a consistent approach to governance controls to align data processing activities with the NES Fircroft’ Privacy Notice and expected business standards. Providing leadership, support, and guidance to existing Data Protection team member(s) and as a key member of the global Data Protection Advisory team (DPAT).

Key Responsibilities

The main duties of the role will be to:

▪ Ensure compliance with GDPR, CCPA, and other relevant data protection laws and regulations.

▪ Ensuring data protection obligations are defined, communicated and achieved within operational activities;

▪ Actively participate in data protection and security governance as a member of the DPAT;

▪ Conduct privacy impact assessments linked to internal systems, projects and operations to ensure mitigation

of risk and provide compliance recommendations;

▪ Evaluate global data protection laws, recommending action, change and/or improvements;

▪ Perform transfer impact analyses to assess the risks associated with transferring data across different jurisdictions to ensure compliance;

▪ Participate in improvement initiatives and cross-functional projects related to data protection, security and processing activities, including ISO27001 alignment as appropriate.

▪ Keep abreast of changes in data protection laws and regulations and update policies accordingly.

▪ Maintain records of data processing activities relating to business activity and records;

▪ Consult with internal departments on data impacts and security, retention periods and data questionnaires.

▪ Undertake information audits of business processes, systems and data processing activities against defined criteria, managing resulting areas to ensure NES Fircroft achieve intended results;

▪ Monitor data processing activities, producing periodic reports based on results;

▪ Investigate security events and/or breaches and lead investigations through to conclusion;

▪ Assist in the preparation and upkeep of guidance and policy documents relating to data processing;

▪ Act as a Data Protection Champion; raising awareness, managing data related training modules, and providing overall support across global operations.

Team Lead Responsibilities

▪ Provide day to day support to existing Data Protection team member(s)

▪ Support with incoming queries, requests associated with data subjects, data privacy and general data usage,

and the maintenance of risk assessments, non-conforming areas and data processing activities;

▪ Delegate tasks effectively and ensure the team meets its objectives and deadlines.

▪ Conduct regular team meetings and performance reviews.

▪ Foster a collaborative and inclusive team environment.

General and Continuous Improvement:

▪ Observe a code of strictest confidentiality at all times.

▪ Maintain service standards associated with an internal management system.

▪ Adhere to NES Fircroft policy, practices and expectations including the prescribed Employee Handbook.

▪ Actively participate in initiatives for the Quality & Data Protection function and the wider Risk & Special Projects team.

▪ Undertake other duties commensurate with the position to ensure the smooth operation of NES Fircroft’s data protection obligations, including supporting the Risk & Special Projects team in satisfying NES Fircroft’s:

- Compliance to legislative and contractual requirements through process controls;

- Conformity to the Integrated Management System based on ISO standards;

- Adherence to obligations relating to data processing; and

- Implementation of data protection principles and security standards across global locations.

Health, Safety & Environmental (HSE)

Every employee of NES Fircroft holds a responsibility to:

▪ Take reasonable care for the health and safety of themselves and others whilst at work.

▪ Cooperate with the business and its representatives on HSE matters and participate in any HSE training

prescribed by the business.

▪ Strictly follow safety procedures and guidelines in the workplace.

▪ Handle equipment (office, building or personally issued devices) in a safe manner and not intentionally

interfere with or misuse such equipment that it may danger the safety, welfare or health of themselves or others.

▪ Report on any identified hazards in the workplace, any injuries, strains or illnesses as a result of conducting their role and/or any HSE issues arising during the course of their role.

Person Specification

The Data Protection Team Lead will have excellent time management, organizational and communication skills (both written and verbal), and a keen eye for detail. The ability to collaborate effectively with cross-functional teams and stakeholders at various levels is important, as is the ability to communicate complex data protection concepts to nonspecialist audiences. The individual will have a strong understanding of data protection laws, regulations, and best practices, will be proactive and self-motivated with a strong sense of initiative, and have the ability to motivate and develop a team. The role is demanding, so ability to multi-task, change and re-prioritize quickly and effectively in a fast-paced environment as well as working with minimal supervision is important.

Essential Criteria

▪ Proven experience in applying GDPR principles.

▪ Understanding major data protection laws such as CCPA, HIPAA, and/or other global standards.

▪ Previous experience of facilitating data management policies and governance procedures.

▪ Proficiency in conducting Privacy Impact Assessments to evaluate the impact of data processing activities.

▪ Knowledgeable with Microsoft spread sheets (particularly pivot tables, conditional formatting and reports).

▪ Ability to assess risks and develop effective mitigation strategies.

Desirable Criteria

Whilst desirable to have recruitment industry experience (but not a necessity), the preferred candidate should be familiar with working in an office environment or a setting where processing personal data is a major factor of their role/business and have working knowledge in data mapping, classifications and data protection assessments associated with data transfer and data privacy.

Ideally, the candidate would also have a one or more of the following:

▪ Certifications in CIPP, CDPO, ISO/IEC 27001 Auditor or Lead Auditor.

▪ Working knowledge of The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), CCPA

and/or HIPPA.

▪ Familiarity with ISO Standards (Information Security (ISO/IEC 27001)/Privacy Information (ISO IEC

27701:2019), or other international standard/specification on information management.