About the Role

Reporting to the Data Protection Officer, the role holder will support in monitoring compliance with the Data Protection Act and all applicable data privacy regulations across CIC Insurance Group. The role provides essential operational and analytical support to ensure that the Group and its subsidiaries maintain robust data protection practices in line with regulatory requirements. The role holder assists in developing and maintaining the Group’s data protection framework, managing records of processing activities, supporting data protection impact assessments, coordinating training programmes, and acting as a point of contact for internal stakeholders on day-to-day data protection matters.

Key Responsibilities

• Support the Data Protection Officer in monitoring and implementing the Group’s Data Protection Framework, including assisting in updating policies, data collection templates, data mapping exercises, and the overall data protection implementation plan across all subsidiaries.
• Maintain and update the Group’s Records of Processing Activities (ROPA), ensuring all data processing activities across subsidiaries are accurately documented, classified by purpose and legal basis, and made available on request in accordance with the Data Protection Act.
• Assist in conducting Data Protection Impact Assessments (DPIAs) for new or changed processing activities, projects, and systems, documenting findings, risk ratings, and recommended mitigating controls for review and sign-off by the DPO.
• Coordinate and support the delivery of data protection training programs across CIC Group, maintaining training registers, updating training materials as regulatory requirements evolve, and tailoring sessions to specific processing functions or subsidiary requirements.
• Support the management of data subject rights requests, including Subject Access Requests, requests for erasure, rectification, or restriction of processing, ensuring responses are prepared within regulatory timeframes and referred to the DPO for approval where required.
• Assist in managing data security incidents and breaches, including initial assessment, documentation, impact assessment support, and coordination with the Information Security team to ensure timely escalation and regulatory notification in line with the Group’s incident management plan.
• Support the preparation of privacy statements for each processing operation and assist in ensuring these are incorporated into company forms, websites, correspondence, and other data collection touchpoints across all subsidiaries.
• Assist in compliance review exercises and audits, identifying gaps in data protection practices, documenting findings, and tracking remediation actions to closure in collaboration with relevant business units.
• Assist the DPO in preparing quarterly status reports on data protection compliance, highlighting emerging risks, incidents, or areas requiring immediate attention.
• Help coordinate with the Office of the Data Protection Commissioner and other supervisory authorities as directed by the DPO, including assisting in preparing responses to queries, complaints, or inspection requests.
• Monitor developments in data protection legislation, regulatory guidance, and best practice across the Group’s operating jurisdictions, preparing briefing notes and updates for the DPO and relevant stakeholders.

General Responsibilities;

• Participate in departmental planning and budgeting as required.
• Participate in relevant committees, working groups, and governance meetings as directed by the DPO.
• Liaise with internal audit, external auditors, and regulators on data protection matters as directed.
• Assist in planning and organizing internal awareness activities and campaigns related to data privacy and protection.

Who We’re Looking For

Essential Knowledge/Skills and Experience Required:

• Bachelor’s degree in Law, Computer Science, Information Technology, Business Administration, or a related field.
• A data protection or privacy certification from a recognized body is preferred
• Additional qualifications in information security (CISA, CISM, or CISSP) are an added advantage
• At least 2–3 years’ relevant experience in a compliance, legal, audit, or data protection support role within the financial services industry, preferably insurance or banking.
• Demonstrated experience in maintaining compliance records, conducting assessments, or supporting regulatory reporting processes

• Support the Data Protection Officer in monitoring and implementing the Group’s Data Protection Framework, including assisting in updating policies, data collection templates, data mapping exercises, and the overall data protection implementation plan across all subsidiaries.
• Maintain and update the Group’s Records of Processing Activities (ROPA), ensuring all data processing activities across subsidiaries are accurately documented, classified by purpose and legal basis, and made available on request in accordance with the Data Protection Act.
• Assist in conducting Data Protection Impact Assessments (DPIAs) for new or changed processing activities, projects, and systems, documenting findings, risk ratings, and recommended mitigating controls for review and sign-off by the DPO.
• Coordinate and support the delivery of data protection training programs across CIC Group, maintaining training registers, updating training materials as regulatory requirements evolve, and tailoring sessions to specific processing functions or subsidiary requirements.
• Support the management of data subject rights requests, including Subject Access Requests, requests for erasure, rectification, or restriction of processing, ensuring responses are prepared within regulatory timeframes and referred to the DPO for approval where required.
• Assist in managing data security incidents and breaches, including initial assessment, documentation, impact assessment support, and coordination with the Information Security team to ensure timely escalation and regulatory notification in line with the Group’s incident management plan.
• Support the preparation of privacy statements for each processing operation and assist in ensuring these are incorporated into company forms, websites, correspondence, and other data collection touchpoints across all subsidiaries.
• Assist in compliance review exercises and audits, identifying gaps in data protection practices, documenting findings, and tracking remediation actions to closure in collaboration with relevant business units.
• Assist the DPO in preparing quarterly status reports on data protection compliance, highlighting emerging risks, incidents, or areas requiring immediate attention.
• Help coordinate with the Office of the Data Protection Commissioner and other supervisory authorities as directed by the DPO, including assisting in preparing responses to queries, complaints, or inspection requests.
• Monitor developments in data protection legislation, regulatory guidance, and best practice across the Group’s operating jurisdictions, preparing briefing notes and updates for the DPO and relevant stakeholders.
• Participate in departmental planning and budgeting as required.
• Participate in relevant committees, working groups, and governance meetings as directed by the DPO.
• Liaise with internal audit, external auditors, and regulators on data protection matters as directed.
• Assist in planning and organizing internal awareness activities and campaigns related to data privacy and protection.

• Data Protection
• Data Privacy Regulations
• Data Protection Act Compliance
• Records of Processing Activities (ROPA)
• Data Protection Impact Assessments (DPIAs)
• Data Protection Training Coordination
• Data Subject Rights Management
• Data Security Incident Management
• Privacy Statements Preparation
• Compliance Review and Audits
• Regulatory Reporting
• Legislative Monitoring
• Information Security (preferred)

• Bachelor’s degree in Law, Computer Science, Information Technology, Business Administration, or a related field.
• A data protection or privacy certification from a recognized body is preferred.
• Additional qualifications in information security (CISA, CISM, or CISSP) are an added advantage.