Data Protection Officer

12/06/2026

Purpose of the Role

To provide Sesame Bankhall Group (“SBG”) with advice, support guidance, oversight and assurance in relation to compliance with its obligations pursuant to data protection legislation and regulation.

Responsibilities

Core Compliance & Governance

Oversee and ensure compliance with UK GDPR, Data Protection Act, and relevant financial regulations (e.g. FCA requirements)
Develop, implement, and maintain the organisation’s data protection framework and policies
Act as the independent point of accountability for data protection practices

Advisory & Risk Management

Advise senior leadership and the business on data protection obligations and risks
Conduct and review Data Protection Impact Assessments (DPIAs) for new initiatives
Identify, assess, and mitigate data privacy risks, especially relating to customer data

Monitoring & Assurance

Monitor compliance through audits, reviews, and controls testing
Ensure appropriate data governance, retention, and classification practices are in place
Track and report on data protection metrics and breaches

Incident & Breach Management

Lead response to data breaches and security incidents
Assess severity and notify the ICO (Information Commissioner’s Office) within required timelines
Ensure lessons learned are embedded into controls and processes

Stakeholder & Regulatory Engagement

Act as the main contact for the ICO and other regulators
Support interactions with internal stakeholders, including Risk, Legal, IT, and Compliance
Provide clear reporting and insight to senior leadership / committees

Training & Culture

Promote a data protection culture across the organisation
Design and deliver training and awareness programmes
Ensure colleagues understand their responsibilities around handling personal data

Data Subject Rights & Governance

Oversee processes for handling Data Subject Access Requests (DSARs) and other rights (e.g. rectification, deletion)
Ensure robust processes for consent management and lawful processing

Third Party & Vendor Oversight

Ensure appropriate data protection due diligence for suppliers and partners
Oversee data sharing agreements and contracts
Monitor outsourced processing arrangements, especially in regulated activities

Strategic Contribution

Support privacy by design and by default in business change and transformation
Contribute to wider risk, compliance, and conduct frameworks
Align data protection with customer trust and brand reputation

Personal profile

Qualifications required

Desirable

Relevant data protection certification eg. certified DPO

Experience required

Essential

Significant experience of giving advice on data protection issues.

Our Expectations

Our Approach to Risk Management

You will require an awareness of operational and regulatory risk, which may impact on SBG. You will be responsible for reporting to their line manager any risk which may impact on the business.

Three Lines of Defence Risk Management Model

You will be required to deliver your role competently and comply with the relevant standards and procedures, ensuring that SBG deliver a service where suitable advice is given to the end consumer, which is adequately recorded and ultimately promotes good customer outcomes. This can either be through direct influence or in a support services capacity.
You will be required to define and implement standards that monitor regulatory and risk developments and maintain oversight of the activities of staff within the First Line of Defence model. To check and test that work practices conform to the risk and compliance policies and standards set for the business.

The Consumer Duty Principle

You will be required to highlight to your line manager procedures and processes that may impact on SBG’s ability to deliver good outcomes for retail customers and/or may lead to foreseeable harm. Where possible and relevant to your department, put forward suggestions that could positively impact the outcomes achieved by retail customers.

Information Security

You will need to be aware of all information security principles, policies and procedures and ensure these are followed on a day-to-day basis. You will be required to remain vigilant at all times and report any security concerns, suspicions and/or breaches in a timely manner.

Apply Back to all jobs

Permanent, Full Time

Competitive Salary

Sale

Closing Date: 26 June 2026

Essential Skills Required

Risk assessment & analytical thinking (e.g. DPIAs, identifying and prioritising risk)

Influencing & stakeholder management (challenging and advising senior leaders)

Clear communication (translating complex regulation into practical guidance)

Governance & oversight capability (policy setting, monitoring, audit)

Independence, judgement & integrity (objective decision-making and escalation)

Critical Knowledge Required

Data protection law & regulation (UK GDPR, Data Protection Act, ICO requirements)

Financial services regulatory environment (e.g. FCA, conduct and confidentiality standards)

Information security & data lifecycle management (access controls, storage, retention, security risks)

Data governance frameworks (classification, ownership, controls, and oversight models)

Breach management & regulatory reporting requirements

0345 230 6000

Jackson House

Sibson Road

Sale

Manchester

M33 7RR

FOR INTERMEDIARY USE ONLY

Sesame Bankhall Group Limited, company number 3573352. Sesame Limited, company number 2844161. Sesame Services Limited, company number 2338540. Bankhall Support Services Limited, company number 2785381. Premier Mortgage Service Limited, company number 05011650. Each company is registered in England & Wales with a registered office at Aviva, Wellington Row, York, YO90 1WR.