Important update: changes to online applications - If you haven’t started or completed your application yet, please review the updated information to avoid any disruptions. Find out more

Risk Assurance & Data Protection Assistant

We are recruiting for a Risk Assurance and Data Protection Assistant

Job purpose                                                       

The Risk Assurance & Data Protection Assistant will support the development and maintenance of a robust group-wide Risk Management Framework and assist in aiding the Development Bank of Wales to meet its obligations under UK GDPR / Data Protection Act 2018 and other applicable data protection legislation. This is a dual responsibility role with time split across the two working areas.

From a risk management perspective this will involve leading the fieldwork of an ongoing programme of controls testing across the Development Bank of Wales. You will also support in providing oversight and reporting of business risk and assurance activities. This work will provide internal and external auditors, the Audit and Risk Committee, and other Stakeholders assurance that Risk Management related policies, procedures and controls are appropriate in their design and operating effectively. 

From a data protection perspective this will involve providing guidance and challenge on data privacy and protection matters, based on knowledge of the UK GDPR and data protection legislation, combined with an up to date understanding of emerging issues and regulatory changes.

Main duties and responsibilities

 Plan and complete regular testing of internal controls and make changes to risk registers and risk scoring as a result. 

  • Work with stakeholders across the Group to remediate any control deficiencies in a consistent and time-effective manner. 

  • Ensure agreed actions are implemented and any lessons learned are applied across the Development Bank of Wales. 

  • Assist the Risk Assurance Manager in developing and maintaining a robust Controls Assurance Framework for the Group. 

  • Assist in the preparation of Board and Management reports in relation to risk registers, control posture, KRIs, etc. 

  • Input into the ongoing development of the Risk Management Framework including policies, procedures, and guidance. 

  • Assist with the maintenance and operation of the Third Party Risk Management Framework. 

  • Support Development Banks’ horizon scanning activity through independent research and with the help of external providers. 

  • Undertake any other duties as defined by the Risk Assurance Manager to meet the operational needs of the Compliance team. 

  • Support the development of new and existing policy documentation and related guidance notes in the following areas: UK GDPR, PECR, Information Management and Security, Data Retention and Disposal etc.

  • Aid in the ongoing maintenance of the Records of Processing Activity and Information Asset Register.

  • Support with maintenance of data retention schedules and working closely with the Data Strategy Manager and wider departments across the business to help facilitate compliance with retention schedules, making use of automated tools and technology where possible.

  • Advise on relevant data protection elements in project work across the organisation (by providing practical examples).

  • Assist in the production of DPIAs and LIAs and make recommendations to the business to strengthen controls in light of the outcomes of the DPIAs/LIAs.

  • Support third party vendor management to ensure data protection risks are considered from initial engagement and from an ongoing compliance perspective.

  • Support investigations into data breaches, ensuring appropriate internal escalation, including the production of any required reports and provision of data for regulatory investigation.

  • Support the responses and handling of Data Subject Rights Requests including access, erasure, rectification, objection etc., and provide guidance and support to ensure timely responses to rights requests.

Knowledge, skills, abilities, and experience  

Essential   

  • Ability to build effective working relationships with a variety of audiences. 

  • Sound knowledge and understanding of the benefits of a robust Risk Management Framework. 

  • Experience taking ownership of tasks and projects from initial stages through to completion. 

  • Strong verbal and written communication skills. 

  • Drive and determination to complete work to a high standard. 

  • Confident in own decision making ability. 

  • Good organisational and administrative skills. 

  • Self-motivated, whilst being able to work as part of a team. 

  • Attention to detail. 

  • Highly IT literate and able to use Microsoft Office Packages.

  • Strong analytical skills: able to work with data and use Excel. 

Desirable   

  • Experience of assurance frameworks or risk and controls testing. 

  • Baseline understanding of UK GDPR/Data Protection Act 2018 and other applicable data protection legislation.

  • Experience of audit activities that gives an ability to test controls and to understand key risks across a process. 

  • Comfortable reviewing and updating policy and procedural documentation. 

  • Experience applying research techniques to gather relevant information. 

  • Ability to offer briefings and advice following research.

  • Understanding of wider data protection landscape to assess risks associated from sources such as emerging technologies (AI) and changes in legislation or regulatory guidance.

 

Apply

To apply for this role, please go to our recruitment page.