Lead Specialist

ROLE PROFILE

Job Title:

Line Manager:

Local Line Manager:

Business Unit:

Location:

Direct Reports:

JOB PURPOSE

The CPO, supporting the Global Privacy Office, is responsible for systematically identifying, articulating, guiding and assisting Gallaghers EMEA and APAC Global Brokerage and Gallagher Reinsurance(collectively GGB/GRe) divisions in the management of their privacy risks and obligations (legal, regulatory and commercial) in relation to personal and commercial data, in support of their business strategies and in line with Gallaghers risk appetite.

The Sr. Lead Specialist is an essential role within the busy, fast paced Global Privacy Office team to:

• Assist the CPO to implement the global and develop and implement any required APAC local Data Privacy Frameworks across GGB/GRe

• Provide comprehensive first and second line privacy services to GGB/GRe APAC and deliver hands on privacy advice, guidance, and support, including relative to mergers and acquisitions.

• Identify, articulate, guide and assist GGB/GRe APAC and, where required other Gallagher

businesses, in the identification, management and monitoring of their privacy risks and obligations in line with Gallaghers risk appetite

KEY ACCOUNTABILITIES/DELIVERABLES

Develop and maintain a deep understanding of GGB/GRe APAC business activities, as directed by the CPO

Build and maintain strong working relationships with key stakeholders within GGB/GRe APAC and Gallagher more broadly to gain insights to GGB/GRe APAC and Gallaghers business and control environment

Assist the CPO to implement the Global Data Privacy Framework (Tier 1) across GGB/GRe APAC

Assist the CPO to develop and implement any required GGB/GRe APAC local Data Privacy

Frameworks (Tier 2) to minimize privacy risks and drive risk reduction initiatives, including the

creation and roll out of policies, standards, processes, playbooks and associated training

Train GGB/GRe APAC colleagues in the identification and management of privacy risks and provide coaching to Privacy Champions

Complete and maintain GGB/GRe APAC Privacy Risk Registers, with specific focus on inherent and residual risk

Provide clear and concise privacy advice in an impactful manner using a wide range of communication channels.

Perform privacy horizon scanning

Conduct privacy risk assessments, AI impact assessments and personal data transfer impact assessments in respect of new or amended proposed processing activities

Develop playbooks for managing and manage complex data subject rights requests including application of applicable exemptions and redactions where required

Handle internal and third-party requests for access to GGB/GRe APAC data

Assess GGB/GRe APAC personal and commercial data incidents using our playbooks and provide advice and guidance for their containment, mitigation and regulatory reporting obligations

Assess privacy risks in relation to GGB/GRe APACs supply chain, working closely with colleagues in security, IT, legal and procurement

Handle GGB/GRe APAC privacy related complaints

Provide privacy practitioner advice in relation to GGB/GRe APAC related data protection contractual terms

Prepare regular GGB/GRe APAC reports and management information as required

Support the GGB/GRe APAC M&A Privacy Lead(s) in respect of mergers and acquisitions and their future integration or divestiture

Assist in the maintenance of GGB/GRe APACs Records of Processing activities

Monitor privacy compliance across GGB/GRe APAC

Carry out duties following internal policies and procedures in accordance with applicable laws, rules, regulations, good governance and Gallaghers shared values putting clients at the heart of our business.

PERSON SPECIFICATION

Qualifications:

Min 3+ years demonstrable experience in an operational / consultative privacy role providing

hands on privacy advice and support in the identification, assessment, management and

monitoring of privacy risks including independently conducting privacy risk assessments and

transfer impact assessments as well as advising on complex data subject rights requests

Privacy qualifications / certificates e.g. CIPP/Asia, CIPM, data protection practitioner certifications (preferred)

Technical Knowledge:

Good practical knowledge of APAC, data protection laws and regulations such as Australias

Privacy Act 1988 and Privacy Amendment (Private Sector) Act 2000, New Zealands Privacy Act

2020 and Singapores Personal Data Protection Act.

Proven track record of providing hands on privacy advice in line with Data Protection Laws

Knowledge of the insurance broking or insurance sector a significant advantage but not essential

Knowledge of IT and/or Security an advantage but not essential

Experienced in:

Working with a broad range of local and global stakeholders

Working in a fast-paced environment, to challenging deadlines

Being a strong team player with evidenced skills in supporting colleagues and supporting a strong team culture

The assessment of and provision of advice and guidance in respect of data incidents

Managing and handling data subject rights requests and third-party requests for data including redaction and application of exemptions

Conducting privacy risk assessments and transfer impact assessments

Assessment of supply chain privacy risks

Handling privacy related complaints

Creation of data protection policies, standards, procedures, playbooks and training material

Working effectively with multi-national teams and stakeholders

Working effectively in shared mailboxes

Skills/other

Strong communicator (oral and written) and capable of robust dialogue

Confidence to challenge views and opinions in a sensitive way

Fine attention to detail

Eligibility Requirements

Right to work in India

Ability to travel within and outside of India

Behavioral Competencies

Client Excellence

Understands the client

Conflict management

Innovation & Resourcefulness

Innovation

Drive for results

Teamwork & Interpersonal Skills

Managing teams

Communication

Expertise

Business Acumen

Functional Excellence Integrity

Integrity and trust Leadership

Vision and strategy

Change management

Develops talent