c.£70,000 + Benefits
5 months ago
This role will establish and grow as 2nd line in the company’s defence model for Information Security and Compliance in relation to GDPR, IS027001, Act 2005, PCIDSS and other related legislation / guidance. You will be responsible for setting and implementing all policies and procedures into the 1st line functions, staying abreast with regulatory changes and ensuring training is provided at an appropriate level throughout the organisation.
As a SME in all aspects of Information Security and Data Protection you will take the lead in ensuring that company data and systems are protected from information security threats, boy cyber and physical and oversee their compliance with GDPR/Data Protection best practice.
Key responsibilities include:
- Lead and develop a team consisting of a data protection executive and an information security officer;
- Set the agenda and chair the Information Security Board (ISB) and Data Protection Board (DPB);
- Provide regular updates on information security and data protection matters at Executive forums;
- Develop, maintain and deliver a roadmap of information security and data protection enhancements;
- Ensure information security and data protection best practice is adopted across the organization through policies, procedures, coaching, training and communicating widely;
- Identify, recommend and drive technological and procedural changes that mature the information security and data protection landscape within the business;
- Act as the responsible owner for managing attempted or actual information security breaches;
- Proactively monitor changes to data protection legislation, communicating and managing changes as they apply to the business;
- Engage, manage and co-ordinate service providers of information security and data protection services/consultancy;
- Act as the Subject Matter Expert on information security and data protection for company projects and changes;
- You should have up to date technical knowledge backed by an information security accreditation;
- Deep understanding and practical application of information security compliance (ISO27001, PCI DSS, ISMS, Cyber Essentials), data processing and IT security arrangements;
- Knowledge of Privacy and Data Protection legislation and a good working knowledge of the General Data Protection Regulations (GDPR);
- CISM / CISSP or CISMP ;
Please note, should feedback not be received within 28 days due to the large volume of applications, unfortunately your application has been unsuccessful. However, we may be in touch with similar relevant opportunities.