About Sysnet Global Solutions
Established in 1989, Sysnet Global Solutions provides payment card industry compliance services, specialising in compliance validation, and merchant engagement and retention solutions. Sysnet offers a range of services, including its award-winning, proprietary, compliance management and merchant intelligence solution Sysnet.airTM, to a wide variety of businesses including acquirers, ISOs, international banks, payment service providers and merchants. Headquartered in Dublin, Ireland, Sysnet, has offices in the London, Atlanta, Cape Town, Poland and Hyderabad and clients in more than 60 countries worldwide.
We have an immediate vacancy within our Dublin Headquarters for a full time Data Protection Manager.
People and Culture
At the core of Sysnet are its people and our employees are the driving force of the business. Sysnet is passionate about hiring and developing driven individuals and giving them, long-term careers and opportunities. The company hires more than anything on cultural fit and potential to grow within the business. It is a fast-moving business – this means our people must be adaptable, quick thinking and focused on results. To succeed in Sysnet you will be smart, down to earth and open to change.
Role Overview
Reporting to our Head (VP) of Information Security, you will be expected to have in depth expert knowledge of GDPR, CCPA, and any local data protection laws in the jurisdictions in which Sysnet operates, and manage Sysnet’s data protection strategy and processes. You will lead on the implementation and management of Sysnet’s global data protection policy and oversee and ensure consistency of approach across all jurisdictions where Sysnet operates directly.
This will involve liaising with internal stakeholders, law firms and other external advisors with the aim of ensuring and, where possible, future proofing Sysnet’s compliance with applicable data protection legislation and fostering a culture of ‘data protection by design’ within the group. You will sit within the Information Security team and will work closely with the following teams (among others):, Sysnet’s Business, Sales, Legal, Finance, HR, Marketing, Technology & Contact Centre.
Key Responsibilities
- Identify, evaluate, supervise and retain records of Sysnet’s internal and external data processing activities (including maintaining a data map of Sysnet’s processing of personal data and appropriate data retention periods and schedules)
- Always keep abreast and up-to-date of any legal and regulatory changes, and ensure continuing implementation of Sysnet’s data protection policy and any other connected policies and processes (Internally and in relation to external third parties)
- Review, research, interpret and implement relevant data privacy legislative requirements and related guidance (e.g. guidance from the European Data Protection Board) in the territories in which Sysnet operates (e.g. the EU, US, Canada, South Africa, Australia) and make recommendations to the business on any required changes and their effect on the business
- Ensure consistency of approach at global level in respect of data protection strategies
- Monitor and advise internal teams on compliance with data protection legislation and requirements
- Monitor and pro-actively address any issues, potential issues or risks arising in relation to the protection of personal data
- Help design and lead Sysnet on its “data protection by default” and “data protection by design” strategies, including advising internal teams on new products or processes
- Support Internal teams on Issues surrounding Data Protection issues
- Provide education, training and awareness to all members of staff on the requirements of data privacy legislation and the care and handling of personal data in order to ensure that relevant business functions are made aware of their legal responsibilities and how to comply with them
- Reporting to relevant Executive Committees
- Acting as point of contact with data subjects, supervisory authorities and internal teams
- Conduct Data Protection Impact Assessments (DPIAs) on all new vendors or when changes to processing occurs (where necessary)
- Monitor data management procedures and compliance within the company
- Review and negotiate the data protection provisions of Sysnet’s contracts including items such as Data Processing Addendums and Standard Contractual Clauses, act as main point of contact for such provisions and provide input to the legal team as and when required
- Ensure we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases) and manage any data subject access requests
- Where data are transferred beyond national borders, ensure appropriate transfer mechanisms are in place to allow the safe processing of personal data
- Write and update detailed guides on data protection policies
- Perform audits and determine whether we need to alter our procedures to comply with regulations
- Work with other stakeholders on incident response for any privacy breaches
- Assist and Coordinate training with internal training teams on GDPR compliance for employees
Profile Overview
We are looking for a data protection manager with solid proven skills, ready to take ownership of a crucial role within the business. You will be used to an in-house environment and be ready to hit the ground running. The role requires someone with a solid knowledge of applicable data protection laws and regulations, familiarity with the Irish Data Protection Commission’s approach and agenda, and willingness to engage with different cultures and styles is key. The role will involve briefing very senior stakeholders so the successful candidate will understand the importance of seeing the big picture and using the right tone and language to discuss issues. The right candidate should also display an enthusiasm for the data protection, actively engaging in external forums and providing thought leadership. You will also be sensitive and knowledgeable about marketing activities and related regulations and requirements.
Skills, Experience and Attributes
- At least 3-6 years of experience in a regulatory compliance, risk compliance or legal advice role, of which at least 2 years should have been spent specifically on data protection
- A thorough understanding of privacy legislative framework and its application in a global context having particular regard to General Data Protection Regulation, Privacy and Electronic Communication Regulations, CCPA and other relevant legislation
- Strong communication skills and attention to detail
- Proactive engagement with stakeholders
- Familiarity with technology and IT Security
- Ability to summarise issues succinctly to senior stakeholders and to be flexible and pragmatic with advice
- Curiosity and big picture thinking – Anticipates issues
- IAPP CIPP/E or equivalent recognised professional standard
- Proficiency in the use of the OneTrust platform
