We are seeking a Data Protection and Information Security Oversight Manager to join our Governance team. This role can be based in our Cheltenham, Glasgow, Leeds or Liverpool office working on a hybrid basis.
The Information Security Manager will work closely with colleagues in IT and work with the wider business to maintain and enhance our Information Security posture and to retain our ISO27001 and Cyber Essentials certifications.
Responsibilities:
* Assist in developing and executing a comprehensive data protection strategy aligned with business objectives and regulatory requirements.
* Create and maintain data protection policies, standards, training, and guidance notes to ensure compliance with applicable laws and best practices.
* Provide expert advice and guidance on privacy-related matters, including data sharing, international data transfers, consent management, data subject rights, data incidents, vendor risk management, and privacy complaints.
* Facilitate the development and on-going maintenance of the ISO27001 ISMS. Work with IT to design and define Data Protection policies. Planning, organising, supervising and where necessary, carrying out (ISO27001) external and internal audits.
* Assisting with the development and maintenance of the Business Continuity Plan, Cyber Incident Response Plan and Disaster Recovery Plan and any associated testing and maintenance.
* Ensuring adequate internal action and timely response for data security related incidents.
* Providing consultancy and guidance to Business Areas regarding Information Security, Data Protection and Legal and Regulatory requirements, including audit support.
* Assisting Business Areas in understanding and responding to security audit failures reported by auditors.
Experience/Qualifications:
* Proven experience in Information Security and Data Protection.
* Understanding of ISO27001 and Cyber Essentials / Cyber Essentials Plus certification requirements.
* Proven experience in writing and implementing policies and procedures.
* Experienced Data Protection Officer / Manager.
* Experience of running an ISO27001 internal audit programme.
* Experience of managing an information security awareness programme.
Job Types: Full-time, Permanent
Schedule:
* Monday to Friday
Work Location: Hybrid remote in Leeds
#J-18808-Ljbffr