Global Head of Privacy and DPO

About Us

A career at Hitachi Rail will help create a legacy. With operations in every corner of the world, our work goes to the cutting-edge of digital transformation and technology. From the multi-cultural strength of our global organisation to the sustainable and innovative ways we work to bring people together, there's something for everyone to get stuck into. And that's where you come in.

Description

Your new role

Here at Hitachi Rail, we have a unique and exciting opportunity for a Global Head of Privacy and DPO. This role will be a key member of the Legal, Contracts and Compliance team at Hitachi Rail. The successful candidate will be a technical specialist and global expert in data privacy responsible for leading a world class Data Privacy programme, having designed and implemented a holistic upgrade to, and streamlining of current practices. They will be the "go to" adviser on all topics relevant to data management and regulation globally.

The role will report to the Group Chief Compliance Officer and work closely with the Global Group General Counsel and their team plus other stakeholders (HR, IS/IT, etc.)

This role will require a unique blend of technical and regulatory expertise, passion for the subject, and an ability to balance tactical problem-solving with strategic vision and leadership. The successful candidate will need to navigate a large and diverse organisation which has been through several mergers, focusing on priorities, advocating for best practice and adapting to local conditions where needed.

A clear thinker who can balance rigour with pragmatism while remaining motivated by the challenge, they will need to engage effectively with all levels of the organisation. Once a common global Data Privacy programme is implemented and functioning, there will be opportunities to expand into supporting adjacent areas such as data management, product regulation and cybersecurity.

The position is based anywhere in UK (some travel to London)

Specifically, you will be responsible for the following deliverables:

• DPO: Serve as Global Data Protection Officer for all Hitachi Rail data privacy/protection matters with oversight, global accountability and responsibility for the appointment and active management of local DPOs where local law or regulation requires it, with appointees from either legal and compliance, HR, or other functions from within in the organisation as appropriate.
• Regulatory Compliance: Ensure regulatory obligations are fulfilled and monitor Hitachi Rail's ongoing compliance with all applicable data privacy/protection laws, regulations and policies globally. Act as the global contact and escalation point for any engagement with relevant regulators or supervisory authorities.
• Privacy Governance: Develop and implement a global data privacy/protection governance model that is pragmatic, concise, efficient and effectively suited to business needs and constraints, as well as multi-jurisdictional challenges.
• Policies, Procedures, Standards, Tools: Manage (update, draft, harmonise, integrate) and control all policies, procedures, notices and standards for Hitachi Rail's data privacy/protection programme. Ensure employee-facing resources are accessible and easy to understand. Recommend and implement tools for effective management of the programme, and to respond to audit or regulator requests.
• Agreements and Transactions: Execute data transfer agreements and advise on data privacy/protection issues and standard contract provisions in complex commercial transactions or agreements.
• Advisory: Provide expert legal guidance on data privacy/protection matters, advise on privacy implications in business projects and support various teams to ensure alignment with industry best practices. Monitor compliance with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations.
• Cross-Functional Engagement: Engage with IS/IT and cybersecurity incident response teams in matters concerning data privacy/protection. Prepare for, and respond to incidents concerning data privacy/protection, including providing legal advice concerning impact analysis, response, and communications.
• Culture, Communications and Training: Drive a "privacy-first" and data privacy/protection culture and awareness through targeted training programmes and privacy campaigns.
• Assurance: Develop KPIs to monitor and measure the programme. Conduct data privacy/protection compliance reviews or audits, monitor internal controls, and present findings and recommendations to relevant leadership teams.

About you

• Advanced degree in Law, Information Technology, Engineering or other relevant professional qualification. Additional, specific qualification such as IAPP CIPP/E, CIPM or CIPT would be beneficial.
• At least 7-10 years' combined experience as relevant to data privacy/protection matters in a global context.
• Has managed part of a legal, compliance, IS/IT or audit programme for an international organisation.
• Familiarity with global data privacy/protection practices as implemented in industrial businesses.
• Understanding of technical concepts and an interest in technology and an ability to discuss these cross-functionally.
• Experience interacting with regulators, customers, partners and suppliers with respect to incidents, audits or other related inquiries.
• Demonstrated ability to work in a fast-paced environment and prioritise and manage a significant workload and multiple discrete tasks simultaneously, strong at problem-solving and critical thinking.
• Strong leadership and independent decision-making ability. Ability to develop, coach and grow more junior staff members.
• Demonstrated attention to detail, ability to compile and analyse regulatory and business information, assess risk, and provide resolutions or recommendations for process improvement.
• Excellent verbal and written communications skills, listening, influencing and presentation skills, ability to work and communicate in a diverse global organisation.
• Team player, with cultural awareness and curiosity, willing to work with other functions and members of the global Legal & Compliance team on joint initiatives.
• Absolute integrity, discretion, and trustworthiness plus the credibility and ability to communicate the importance of same to all levels of the organisation.
• Desirable- one additional language (ideally Italian, French, German or Spanish).

What we offer

We value the importance of all of our employees, if you would like to join our fantastic organisation you could be entitled to:

• Competitive salary
• Annual Performance bonus paid on discretionary basis up to 20%
• 25 days holiday
• Pension scheme with contributions up to 9%
• Private medical insurance
• Personal Accident insurance
• Group Income protection
• Group Life Insurance
• Employee Assistance Programme

We also offer additional perks for you to choose from within a flexible plan that will meet your specific needs and lifestyle.