Head of Compliance - SMF16

Benefits of working at Together

• 26 days holiday, and a day off for your birthday (increasing with service to 30 days), plus bank holidays
• Free access to company holiday homes
• Buy & sell holidays
• Discretionary annual bonus plus an additional Shared Reward Bonus
• Matched pension contribution
• Health cash plan plus Private medical insurance
• Life assurance and Critical illness cover
• Travel season ticket loans and Ride to work scheme
• Free local gym access
• Local bar / restaurant discounts

–––––––––––––

Company Description 

We’re Together. For over 50 years, we’ve helped thousands of people, businesses and professionals unlock their property ambitions with our common-sense approach to mortgages and secured loans.

We take the time to understand our customers and our door is always open, so we can often help when other lenders can’t or won’t. Based in Cheadle, Cheshire, our 750 colleagues help our customers throughout the UK, backed by the power of a £7 billion loan book. 

As a Head of Compliance you will lead and oversee all compliance and data protection activities across the Group, ensuring adherence to FCA and ICO regulations.  You will hold Senior Management Function 16 (Compliance Oversight) approval under the FCA's SM&CR and act as the statutory Data Protection Officer. You will provide strategic direction, advice and assurance to the Board and Executive Team, ensuring regulatory integrity, good customer outcomes and responsible data stewardship. The role provides independent second line of defence (2LOD) advice and assurance, as delegated by the Chief Risk Officer. The role will be part of the second line Group Risk Leadership team. 

As a Head of Compliance we are looking for someone to: 

• Lead the development and implementation of the Group's compliance and data protection strategies and target operating model
• Engage with and provide constructive challenges to senior management and Board committees
• Manage and develop a team of compliance and data protection professionals (c9 FTE)
• Develop and maintain policies, procedures and training programmes to ensure consistent compliance and data protection standards
• Liaise with internal/external auditors, regulators and legal advisors
• Own and maintain the Group's compliance framework, ensuring alignment with FCA Principles, SYSC, MCOB and Consumer Duty
• Develop and Oversee the Compliance Monitoring Plan and Compliance Universe using risk based prioritisation 
• Provide expert compliance advice and guidance on regulatory requirements across business activities, including new initiatives, product development, operational change and customer communications
• Conduct regulatory breach assessments
• Lead horizon scanning and impact assessment of regulatory developments, translating FCA requirements into business plans
• Act as a primary point of contact with the FCA for engagement, notifications and information requests
• Act as the Group's designated DPO in accordance with the UK GDPR, with specific reference to Articles 37-39
• Develop, implement and maintain a Data Protection Compliance Framework, including managing the associated activities such as the production and review of data protection policies, procedures, standards and training. 
• Advise on and oversee Data Protection Impact Assessments ensuring data protection by design and by default is embedded in all relevant projects and initiatives including liaising with the regulator where required
• Monitor compliance with UK data protection laws and internal policies 
• Lead the response to data protection incidents and personal data breeches

Essential:

• Proven experience as SMF26 and DPO in a FCA regulated environment, ideally in a specialist mortgage company
• Extensive knowledge and experience of the Financial Conduct Authority and their associated supervisory approach 
• Expert understanding of UK GDPR and Data Protection Act 2018
• Strong Leadership and people management skills 
• CIPP/E/CIPT/CISM qualified
• Broad understanding of an enterprise risk management framework and how regulatory compliance and conduct risk operates within this

Desirable: 

• CeMAP
• ICA Qualifications
• Recognised Data Protection Practitioner Certification

If you feel you have some of the skills mentioned above, but not all, please do still apply and we would be happy to have a further discussion with you in regards to your suitability for the role.

Together embraces diversity and inclusion, and are proud to be an equal opportunity workplace. Not only do we welcome difference – we celebrate it, support it and really value our colleagues for who they are. We are committed to building a team that represents a variety of backgrounds, perspectives and skills.

If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.

Please note that all successful applicants will undergo relevant employment reference, financial and criminal record checks.