Data Privacy Manager

Job summary

Responsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.

Role:

• Our purpose is reimagining energy for people and our planet. We want to help the world reach net zero and improve people’s lives. As part of our strategy, bp will leverage digital innovations and put customers at the heart of what we do whilst managing our data privacy related risks.
• A Data Privacy Manager (DPM) is needed to join the Innovation & Engineering (I&E) business within bp to lead I&E’s privacy compliance activities to handle personal information in accordance with bp’s policies and procedures.

The successful candidate will be a key contributor accountable for providing practical privacy guidance to enable I&E to achieve its business aims whilst complying with bp’s data privacy standards.

Key Accountabilities

Working within the compliance framework set by bp’s Central Data Privacy Office (CDPO) and working closely with colleagues in Digital Compliance and other stakeholders across bp, lead I&E’s data privacy compliance activities, including fostering a privacy culture and embedding applicable policies, procedures, training, and guidance materials. The role has a particular responsibility for leading data privacy compliance of the shared IT systems that underpin the global organization. The privacy compliance requirements for business applications and business processes lie with Data Privacy Managers embedded in each of the bp businesses. Partnering with this community of data privacy professionals is essential. Partnering with I&E stakeholders to ensure data privacy risks are considered and appropriately mitigated at the outset of new projects, products and initiatives. Provide oversight for all transparency and individuals’ rights processes and procedures within I&E, including drafting and maintaining privacy notices and processes for subject access requests and similar rights. Management of I&E’s records of processing activity. Providing front line awareness and management of data privacy risks within I&E as part of bp’s digital risk and group risk management processes. Assist with the response to incidents or issues involving personal data in I&E including developing and communicating lessons learned.

Essential Education:

A degree in a relevant discipline or a demonstrated ability to understand relevant data privacy compliance matters.

Essential Experience and Job Requirements:

Firm understanding of privacy laws, regulations, and principles in jurisdictions where bp operates, e.g., the GDPR, the UK Data Protection Act 2018, and the California Consumer Privacy Act. Significant experience administering a privacy compliance program and helping technical teams define practical solutions to data privacy compliance challenges. Excellent interpersonal and communication skills. This role requires engagement with various levels of the organisation from business leadership to individual contributors and support functions across bp. The role also requires excellent influencing skills within an agile, product-oriented matrix organization. Willingness to ‘roll up your sleeves’ and dig into meaty processes and connect the dots across seemingly disparate initiatives.

Desirable criteria

Relevant certifications such as IAPP CIPP/E or CIPP/US. Experience advising multi-national organizations and/or working in a large corporate environment. Works well as part of a team but is a self-starter that can maintain an independent voice.