Malta Financial Services Authority is looking to recruit a Data Protection Officer on a full-time basis to join their team within their Risk Management department. Risk Management is responsible for the analysing and mitigating the risks within the MFSA. The Risk Management team is responsible for providing the strategic input and direction with regards to the risk appetite and ensure that the define risk appetite is compliant with the requirements set out by the European Supervisory Authorities (ESAs). The Risk Management section is also responsible for ensuring that the internal processes and procedures of the MFSA comply with European Standards and offers recommendations on how these can be improved through risk and quality perspectives.
The eventual appointee will be appointed at senior manager level and will ensure that the authority processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.
As Senior Manager in Grade 5, the eventual appointee will be expected to:
- Carrying out compliance duties in relation to the MFSA in observance of the Data Protection Act, such as, but not limited to, maintaining a registry of processes of personal data, performing an annual stock-take of new personal data processes including review of retention period and maintaining relations with the Office of the Information and Data Protection Commissioner;
- Carry out compliance duties in relation to the MFSA in preparation for and in observance of the General Data Protection Regulation (‘GDPR’) and be involved in all issues which related to the protection of personal data;
- Provide on-going training to staff members on data protection;
- Ensure they assist and support individuals who have issues concerning data management/breaches for all matters concerning data protection;
- Inform the authority and the employees who carry out-processing of their obligation pursuant to the GDPR and other relevant Data Protection regulations;
- Ensure to keep up to date with all changes/amendments to the applicable data protection laws;
- Monitor GDPR and other data compliance with the policies of the Authority in relation to the protection of personal/MFSA data including the assignment of responsibility, awareness training and training of staff involved in processing operations and the related audits;
- Provide advice when requested with regards to the Data Privacy Impact Assessment (DPIA) and monitor its performance;
- To act as point of contact with the Information & Data Protection Commissioner on issues relating to processing, including the prior consultation and to consult where appropriate on other matters;
- Have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purpose of processing;
- Be bound by confidentiality concerning the performance of task and duties in accordance to EU and national law;
- Fulfil other tasks and duties as instructed by Head of Risk Management or such person delegated by such person.
The role will report to the Head of Risk Management and have direct access to the highest Senior Management of the MFSA, the Chief Executive Officer.
Other important information:
- We are looking for a candidate with an Honours Degree in Law or related to Data Protection requirements. A relevant post-graduate degree would be considered an asset.
- You will also possess a minimum of seven (7) years working in a similar post, with solid experience in data protection. Familiarity to financial services regulatory framework and experience within compliance would be considered an asset.
- In addition, strong leadership and people management skills and ability to manage competing priorities and a challenging workload.
- If you do not have the necessary academic or professional qualifications but you have at least fifteen (15) years of relevant experience in a similar related role, we would still be interested in speaking with you.
The MFSA is an Equal Opportunities Employer as certified by the NCPE (National Commission for the Protection of Equality) and is committed to a policy of equal opportunity in all aspects of employment and will take care to avoid any form of discrimination in its recruitment procedures. The MFSA reserves the right to withdraw this call at any time and not to select any of the Candidates.
It is the responsibility of applicants in possession of qualifications awarded by Universities and other similar institutions outside Malta to produce a recognition statement on comparability of qualifications issued by the Malta Qualifications Recognition Information Centre (MQRIC). Applicants should do so preferably at the application stage or otherwise at the preliminary interview should an applicant be selected for such an interview. Details can be obtained by accessing the National Commission for Further and Higher Education website on www.ncfhe.org.mt under MQRIC heading.
The MFSA shall ensure that any processing of personal data is in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation), the Data Protection Act (Chapter 586 of the Laws of Malta) and any other relevant European Union and national law. For further details, you may refer to the Data Protection Policy on the MFSA webpage www.mfsa.com.mt.
Candidates are to note that the submission of any false statement/s or omission, even if unintended, may lead to the cancellation of their application and may render the candidate’s appointment liable to termination.
Furthermore, please note that candidates may be asked to submit any documentation in support of the information provided, including but not limited to, proof of qualifications and Police Conduct Certificates.
Malta Financial Services Authority:
The Malta Financial Services Authority (MFSA) is the single regulator for financial services in Malta. It was established by law on 23 July 2002 taking over supervisory functions previously carried out by the Central Bank of Malta, the Malta Stock Exchange and the Malta Financial Services Centre. The Authority is a fully autonomous public institution and reports to Parliament on an annual basis.