Group Data Protection Officer and Head of Data Governance

Responsibilities

• 1 Data Protection Officer (DPO) for the Group: Primary responsibility with precedence over all other responsibilities where conflicts arise:

• Act as the Group’s independent, regulated Data Protection Officer in accordance with UK GDPR and DPA 2018.
• Monitor and independently assess compliance with UK GDPR, DPA 2018, DUAA, PECR, and related regulatory obligations across the Group.
• Advise the Group Board, Executive, and senior management on data protection obligations, risks, and regulatory interpretation.
• Oversee and challenge the design and effectiveness of privacy controls, without owning or determining processing purposes or means.
• Provide independent oversight of DPIAs, high-risk processing, and data protection-by-design activities.
• Act as the primary point of contact for the ICO.
• Act as escalation point for data subjects and oversee the handling of Data Subject Rights and regulatory complaints.
• Report independently to senior management and, where required, the Board or relevant committee.
• Maintain freedom from instructions regarding the exercise of DPO duties and from conflicts of interest.
• Escalate material data protection risks where management action is insufficient.

• 2 Set Data Protection and Data Governance Policy, Standards and Strategy:
• Define and maintain Group-wide data protection and governance policies and standards, led from the DPO role and aligned to wider regulatory requirements.
• Set the standards that define how the Group protects personal data, confidential information, customers, and the organisation itself, and how regulatory compliance is achieved and evidenced.
• Define data governance policies and standards that support lawful, fair, transparent, and accountable processing across all Group entities.
• Stay informed on emerging regulatory developments, governance practices, and relevant technologies within data governance and financial services, and assess their potential impact on the Group’s risk profile and compliance posture.
• Review, challenge, and approve data-related strategies and initiatives to confirm alignment with data protection principles before implementation.
• Ensure data governance strategy and standards do not compromise DPO independence, nor result in ownership of processing purposes, means, or operational delivery decisions.

• 3 Lead continuous improvement of Data Governance practice across the Business:
• Define and oversee the Group Data Governance and Privacy strategy, ensuring alignment with organisational objectives while retaining entity-level accountability for delivery.
• Set the minimum data governance framework required to support compliance, risk management, and regulatory defensibility.
• Assess governance maturity and control effectiveness, directing required improvements to first‑line owners without assuming delivery ownership.
• Oversee relevant data governance change initiatives to ensure alignment with agreed standards, timelines, and risk appetite.
• Provide expert advice and challenge on data governance and data protection risks arising from business change and M&A activity.

• 4 Governance, Compliance and Risk Management:
• Define, monitor, and challenge the effectiveness of data protection and data governance controls across the Group and key suppliers.
• Provide clear, evidence‑based insight and reporting to senior leadership and the Board.
• Oversee service performance indicators relating to data protection and governance outcomes.

• 5 Team Leadership and Development:
• Build and lead a high‑performing data protection and data governance team.
• Foster a professional culture of independence, challenge, and accountability.
• Develop team capability and succession through coaching and mentoring.

• 6 Stakeholder Management:
• Provide advice and guidance to Board, Executives, and Senior Leaders on all Data Protection and Data Governance matters.
• Ensure functional priorities are aligned with organisational objectives and clearly communicated across the business.
• Provide advisory input to change sponsors to support compliant initiation and design of change activity.

• As part of working within Nucleus you will:
• Take responsibility in everything you do to deliver good outcomes for our customers.
• Positively demonstrate the Nucleus Smart, Heart and Courage values and behaviours.
• Ensure compliance with FCA Code of Conduct at all times.

Key Competencies (Knowledge, Skills and Behaviours)

• Knowledge and Experience: Strong expertise in UK data protection and data governance legislation and practice.
• Experience setting and applying data governance and data protection policies.
• Experience operating within a regulated environment, preferably financial services.
• Sound understanding of technology and data processing within platform‑based financial services.
• Knowledge of third‑party data protection contractual requirements.

• Skills and Behaviours: Independent judgement with the credibility to challenge senior stakeholders.
• Strong leadership and people management capability.
• Excellent stakeholder management and influencing skills.
• Strategic thinker with the ability to apply practical, proportionate solutions.
• Calm and resilient under pressure.
• Clear, effective written and verbal communicator.
• Collaborative team player who role‑models organisational values.
• Strong commitment to continuous learning and improvement.
• Competent user of MS Excel, Word, PowerPoint, and Teams.

• Desirable: Knowledge of platform propositions, including WRAP Platforms and SIPPs.
• Professional certifications such as CIPP/E, CIPM, or equivalent.
• Degree or relevant professional qualification.

#J-18808-Ljbffr