+ Car allowance and benefits
about 2 months ago
My client is a very well know and long established financial services organisation who are currently looking for an individual to develop, maintain and effectively implement the company’s second line approach to Data Protection and take ownership of the Information Security governance in accordance with Data privacy/Information Security regulations and relevant codes of practice. This role has a 70% bias towards Data Protection and remaining 30% is Information Security focused.
Reporting directly to the Group Chief Financial Officer, Key responsibilities include:
- Define, implement and monitor compliant Data Privacy and Information Security governance solutions locally and in the context of the group’s global structure.
- Maintain and enforce suitable and relevant Data Protection and Information Security Policies reviewing on an annual basis to ensure the Groups compliance with relevant legislation.
- Responsible for the oversight and control of all Person Identifiable data held on all Company systems including telephone systems, HR systems and customer operations systems.
- Provide practical advice and solutions to the business, demonstrating solid technical knowledge of Data processing and Information Security arrangements
- Develop Data Privacy and Information Security compliance training across the business
- Participate in business initiatives across all markets as required
- Provide reports to the Board with regard to Group compliance with the Data Protection Act and related provisions.
- Lead on enquiries from Data Protection or Information Security compliance regulators.
- Provide guidance and oversight in respect of emerging threats and associated required control changes for both Data Protection and Information Security.
- Oversight of the Group ITDR strategy. Manage and give guidance to business stakeholders to assist in clear understanding of any Information Security Risks so that the risks are appropriately managed and mitigated in alignment with Group policy, ISO27001 framework and PCI DSS standard and continued certification.
- Set up and maintain a programme of Information Security risk assessments at an appropriate level.
- Introduce a set of minimum standards for information security that each territory will need to self-certify compliance with
- Establish, operate and maintain an Information Security monitoring regime and Information Security Management system.
- Plan & perform Data Protection and Information Security reviews for Group to support the Business.
- Support and advise the countries ensuring their compliance with policies, risk assessment methodologies, third party assessment methodologies.
- To be a Subject Matter expert within the Group for Data Protection and Information Security related matters.
- Knowledge of the Data Protection and Information Security industries, current security issues and trends.
- Strong understanding of ISO27001/27002 and the PCI DSS
- Familiarity with current legislative requirements and how these relate to Data Protection and Information Security practice.
- Excellent written and verbal communication skills.
- Ability to balance workload, prioritising work effectively.
- Understand business needs and priorities and how they relate to the Data and Information Security practices.
- Able to demonstrate a strong understanding of networking technologies, web servicing and cloud security and the specific security implications of each.
- Solid technical knowledge of data processing and IT security arrangement
Despite the fact the role has a global remit, the role will primarily be office based in Yorkshire. The company is also generally open to flexible working arrangements to suit individual needs
Salary range is broad but will be entirely commensurate with experience.
MERJE have been appointed on the role exclusively
Please note, should you not receive feedback 28 days, unfortunately your application has been unsuccessful. However, we may be in touch with similar relevant opportunities.