We’re 1st Central, a market-leading insurance company utilising smart data and technology at pace. Rapid growth has been based on giving our 1.4 million customers exactly what they want: great value insurance with an excellent service. And that’s the same for our colleagues too; we won Insurance Employer of the Year at the British Insurance Awards 2024 and our Glassdoor score is pretty mega too!
At 1st Central, data sits at the heart of everything we do, so protecting it is both a legal obligation and a core responsibility.
We’re looking for a Group Head of Data Protection (DPO) who’s passionate about privacy, someone who’s curious, commercially aware, and ready to shape the future of data protection across our Group.
You’ll be our senior voice on all things data protection - advising the Executive, Boards and senior leaders, and setting the strategic direction for privacy across the Group. You’ll lead a high‑performing Privacy team and make sure we’re not just compliant, but confident in how we manage and protect data.
We're looking for someone who has:
1. Significant experience as a DPO or from a similar compliance role
2. Expert knowledge of data privacy legislation including GDPR
3. Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001
4. The ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks
What's involved:
5. To be responsible for the development of a high performing Privacy team creating a clear vision whilst building strong relationships inside and outside the Group, in order to collaborate with and influence the executive and senior management across the Group and externally with corporate partners, including data subjects, regulators, suppliers and professional bodies
6. To have an excellent understanding of the key regulatory and statutory rules, regulations, principles and codes of practice incumbent upon Group companies and the jurisdictions in which they are domiciled in so far as they are relevant to the delivery of appropriate Data Protection compliance requirements, and to keep such awareness up to date
7. To define with the Executive, Boards and other senior stakeholders, and implement the Group’s Data Protection Strategy
8. To define, scope, gain Audit Committee approval for, and deliver the Group’s data privacy programme
9. To report to the Group’s Risk Committees on the compliance position highlighting key risks, incidents and matters requiring decisions by the relevant Board or senior management
10. To act as Data Protection Officer for all Group entities where the role is required, and be owner of the Group Data Protection Policy
11. To take overall responsibility for the oversight of Data Protection compliance and related Regulatory matters across the Group
12. Inform and advise Senior Management on data protection laws and policies
13. Monitor compliance with data protection laws and policies, and report on this to the Executive, SICL Management Committee, FCIM Management Committee and Group Audit committees.
14. Oversee the maintenance of records required to demonstrate data protection compliance
15. Supervise the Privacy Team’s completion of data protection impact assessments and develop and execute relevant project plans
16. Manage a program of awareness-raising and training to deliver compliance and to foster a data privacy culture within the company
17. Review Data Protection clauses in client terms and supplier contracts
18. Define, implement, and lead a data incident response and data breach notification procedure as well as provide incident management response where applicable
19. Be the contact point with and co-operate with the relevant Data Protection Authorities and to data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests
20. Being the focal point for all activity relating to data protection
21. Promote a culture of awareness of data security throughout the company
22. Comply with the requirements, and act in accordance with, the Group Code of Conduct and Fitness and Propriety policies at all times
23. Responsibility for maintaining department risk registers, providing evidence and commentary for controls, updates for Mitigation Actions and maintaining control matrices and attestations. Also, to ensure that your employees are aware of their responsibility to identify and report risk.
24. Ensure compliance with Company Policies, Values and guidelines and other relevant standards/ regulations at all times, including compliance with the Senior Managers Certification Regime (SMCR) Conduct Rules
Job-specific Competencies
Experience & Knowledge
25. Knowledge of FCA requirements (including individual responsibilities in relation to Consumer Duty)
26. Significant experience as a DPO or from a similar compliance role
27. Proven track record in leading data protection issues at a senior level
28. Project management experience
29. Experience of interfacing with data protection regulators
30. Experience in designing and implementing a data protection strategy
31. Experience leading a department
32. Educated to degree level
33. IAPP CIPP/E or CIPM or equivalent data privacy qualification
34. Qualified Lawyer
35. Very familiar with UK, Gibraltarian, Guernsey and European data protection laws and practices, including (but not limited to) the Data Protection Act 2018, Privacy & Electronic Communications Regulations 2003 and the General Data Protection Regulation
36. A knowledge of best practice in information security, risk management, legal or audit
37. Expert knowledge of data privacy legislation including GDPR
38. Expert knowledge of cybersecurity risks and other information security standards, such as ISO27001
Skills
39. Ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks
40. Excellent time management and organisation skills
41. Ability to conduct the role independently and with integrity
42. Ability to plan, organise and prioritise tasks and projects
43. Strong analytical skills
44. Extremely strong communication, influencing and stakeholder management skills
Behaviours
45. Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
46. Strong team player and proven ability to lead and manage a team
47. Enthusiastic and positive
48. The ability to remain calm, controlled and resilient
49. Self-motivated and enthusiastic
50. An organised and proactive approach
51. Strives to drive business improvements to contribute to the success of the business
If you're ready to lead, influence and make a real impact, we'd love to hear from you.
What can we do for you?
People first. Always. We’re passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that’s what we offer. Our workplaces are energetic, inspirational, supportive. To get a taste of the advantages you’ll enjoy, take a look at all our perks in full .
Intrigued? Our Talent team can tell you everything you need to know about what we want and what we’re offering, so feel free to get in touch.