Responsibilities
* 1 Data Protection Officer (DPO) for the Group: Primary responsibility with precedence over all other responsibilities where conflicts arise:
* Act as the Group’s independent, regulated Data Protection Officer in accordance with UK GDPR and DPA 2018.
* Monitor and independently assess compliance with UK GDPR, DPA 2018, DUAA, PECR, and related regulatory obligations across the Group.
* Advise the Group Board, Executive, and senior management on data protection obligations, risks, and regulatory interpretation.
* Oversee and challenge the design and effectiveness of privacy controls, without owning or determining processing purposes or means.
* Provide independent oversight of DPIAs, high-risk processing, and data protection-by-design activities.
* Act as the primary point of contact for the ICO.
* Act as escalation point for data subjects and oversee the handling of Data Subject Rights and regulatory complaints.
* Report independently to senior management and, where required, the Board or relevant committee.
* Maintain freedom from instructions regarding the exercise of DPO duties and from conflicts of interest.
* Escalate material data protection risks where management action is insufficient.
* 2 Set Data Protection and Data Governance Policy, Standards and Strategy:
* Define and maintain Group-wide data protection and governance policies and standards, led from the DPO role and aligned to wider regulatory requirements.
* Set the standards that define how the Group protects personal data, confidential information, customers, and the organisation itself, and how regulatory compliance is achieved and evidenced.
* Define data governance policies and standards that support lawful, fair, transparent, and accountable processing across all Group entities.
* Stay informed on emerging regulatory developments, governance practices, and relevant technologies within data governance and financial services, and assess their potential impact on the Group’s risk profile and compliance posture.
* Review, challenge, and approve data-related strategies and initiatives to confirm alignment with data protection principles before implementation.
* Ensure data governance strategy and standards do not compromise DPO independence, nor result in ownership of processing purposes, means, or operational delivery decisions.
* 3 Lead continuous improvement of Data Governance practice across the Business:
* Define and oversee the Group Data Governance and Privacy strategy, ensuring alignment with organisational objectives while retaining entity-level accountability for delivery.
* Set the minimum data governance framework required to support compliance, risk management, and regulatory defensibility.
* Assess governance maturity and control effectiveness, directing required improvements to first‑line owners without assuming delivery ownership.
* Oversee relevant data governance change initiatives to ensure alignment with agreed standards, timelines, and risk appetite.
* Provide expert advice and challenge on data governance and data protection risks arising from business change and M&A activity.
* 4 Governance, Compliance and Risk Management:
* Define, monitor, and challenge the effectiveness of data protection and data governance controls across the Group and key suppliers.
* Provide clear, evidence‑based insight and reporting to senior leadership and the Board.
* Oversee service performance indicators relating to data protection and governance outcomes.
* 5 Team Leadership and Development:
* Build and lead a high‑performing data protection and data governance team.
* Foster a professional culture of independence, challenge, and accountability.
* Develop team capability and succession through coaching and mentoring.
* 6 Stakeholder Management:
* Provide advice and guidance to Board, Executives, and Senior Leaders on all Data Protection and Data Governance matters.
* Ensure functional priorities are aligned with organisational objectives and clearly communicated across the business.
* Provide advisory input to change sponsors to support compliant initiation and design of change activity.
* As part of working within Nucleus you will:
* Take responsibility in everything you do to deliver good outcomes for our customers.
* Positively demonstrate the Nucleus Smart, Heart and Courage values and behaviours.
* Ensure compliance with FCA Code of Conduct at all times.
Key Competencies (Knowledge, Skills and Behaviours)
* Knowledge and Experience: Strong expertise in UK data protection and data governance legislation and practice.
* Experience setting and applying data governance and data protection policies.
* Experience operating within a regulated environment, preferably financial services.
* Sound understanding of technology and data processing within platform‑based financial services.
* Knowledge of third‑party data protection contractual requirements.
* Skills and Behaviours: Independent judgement with the credibility to challenge senior stakeholders.
* Strong leadership and people management capability.
* Excellent stakeholder management and influencing skills.
* Strategic thinker with the ability to apply practical, proportionate solutions.
* Calm and resilient under pressure.
* Clear, effective written and verbal communicator.
* Collaborative team player who role‑models organisational values.
* Strong commitment to continuous learning and improvement.
* Competent user of MS Excel, Word, PowerPoint, and Teams.
* Desirable: Knowledge of platform propositions, including WRAP Platforms and SIPPs.
* Professional certifications such as CIPP/E, CIPM, or equivalent.
* Degree or relevant professional qualification.
#J-18808-Ljbffr