As a Head of Compliance you will lead and oversee all compliance and data protection activities across the Group ensuring adherence to FCA and ICO regulations. You will hold Senior Management Function 16 (Compliance Oversight) approval under the FCAs SM&CR and act as the statutory Data Protection Officer. You will provide strategic direction, advice and assurance to the Board and Executive Team ensuring regulatory integrity, good customer outcomes and responsible data stewardship. The role provides independent second line of defence (2LOD) advice and assurance as delegated by the Chief Risk Officer. The role will be part of the second line Group Risk Leadership team.
Responsibilities
* Lead the development and implementation of the Groups compliance and data protection strategies and target operating model
* Engage with and provide constructive challenges to senior management and Board committees
* Manage and develop a team of compliance and data protection professionals (c9 FTE)
* Develop and maintain policies, procedures and training programmes to ensure consistent compliance and data protection standards
* Liaise with internal and external auditors, regulators and legal advisors
* Own and maintain the Groups compliance framework ensuring alignment with FCA Principles SYSC, MCOB and Consumer Duty
* Develop and oversee the Compliance Monitoring Plan and Compliance Universe using risk‑based prioritisation
* Provide expert compliance advice and guidance on regulatory requirements across business activities including new initiatives, product development, operational change and customer communications
* Conduct regulatory breach assessments
* Lead horizon scanning and impact assessment of regulatory developments translating FCA requirements into business plans
* Act as a primary point of contact with the FCA for engagement notifications and information requests
* Act as the Groups designated DPO in accordance with the UK GDPR with specific reference to Articles 37‑39
* Develop, implement and maintain a Data Protection Compliance Framework including managing the associated activities such as the production and review of data protection policies, procedures, standards and training
* Advise on and oversee Data Protection Impact Assessments ensuring data protection by design and by default is embedded in all relevant projects and initiatives, including liaising with the regulator where required
* Monitor compliance with UK data protection laws and internal policies
* Lead the response to data protection incidents and personal data breaches
Qualifications – Essential
* Proven experience as SMF26 and DPO in a FCA‑regulated environment, ideally in a lending environment
* Extensive knowledge and experience of the Financial Conduct Authority and its supervisory approach
* Expert understanding of UK GDPR and the Data Protection Act 2018
* Strong leadership and people‑management skills
* CIPP/E, CIPT or CISM qualification
* Broad understanding of an enterprise risk‑management framework and how regulatory compliance and conduct risk operate within it
Qualifications – Desirable
* CeMAP
* ICA qualifications
* Recognised Data Protection Practitioner certification
If you feel you have some of the skills mentioned above but not all please still apply – we would be happy to have a further discussion with you in regards to your suitability for the role.
Additional Information
Together embraces diversity and inclusion and is proud to be an equal‑opportunity workplace. We welcome, celebrate, support and value our colleagues for who they are. We are committed to building a team that represents a variety of backgrounds, perspectives and skills.
If you feel you would benefit from any support or reasonable adjustments during any stage of the recruitment process, please do not hesitate to let us know when completing your application. This information will be used by our team so we can put steps in place to help you be at your best throughout the process.
Please note that all successful applicants will undergo relevant employment reference, financial and criminal record checks.
Remote Work: No
Employment Type: Full‑time
#J-18808-Ljbffr