Job Summary: Trapeze Group (UK) Ltd provides software solutions to the Public Transport Industry. A large number of high-profile UK and international companies including First Group, Arriva and Go Ahead as well as most of the UK Public Transport Authorities such as Transport for London and Strathclyde Partnership for Transport, use our systems. As an employer we are committed to cultivating a friendly and exciting working environment, with huge emphasis on employee engagement. As the UK arm of a global organisation, we can offer the sense of social community often associated with a small, local business, combined with the expected advantages of working for a far larger employer: great benefits; dedication to identifying talent; and huge investment in staff development. Trapeze Group UK is excited to be part of the Modaxo family. “Modaxo’s expertise, global bench strength, and singular focus on People Transportation make it a great home for technology companies that share our vision to efficiently move the world’s people” – Bill Delaney, CEO, Modaxo. Modaxo is a new, dedicated global organisation bringing together businesses from across Volaris Group that collectively focus on advancing new technologies and innovations for People Transportation. With more than two dozen companies (Trapeze being one of them), representing 12 brands, Modaxo comprises 2,000 people, operating from 35 offices in 21 countries around the world. Job Description: KEY PURPOSE The Data Protection Officer (DPO) / ISO Compliance Officer will oversee and manage our company's data protection and ISO compliance efforts. As a small-sized software technology company, we are committed to ensuring that our products, services, and internal processes adhere to the highest standards of data privacy and security, including compliance with relevant privacy laws (e.g., GDPR, CCPA) and ISO standards (e.g., ISO/IEC 27001). The DPO / ISO Compliance Officer will be responsible for ensuring compliance with data protection regulations, implementing and managing our information security management system (ISMS), and maintaining certification to ISO standards. You will work closely with cross-functional teams, including legal, IT, product development, and executive management, to build a culture of security and privacy throughout the organization. This is a remote, part-time position (3 days per week). Data Protection Officer (DPO) Responsibilities: Oversee the company’s compliance with data protection laws and regulations, including GDPR, CCPA, and other applicable privacy laws. Serve as the point of contact for data protection inquiries from customers, partners, and regulatory authorities. Monitor data processing activities to ensure that personal data is processed in a lawful, transparent, and secure manner. Advise the company on privacy risks and ensure that privacy by design and by default is embedded in all company processes, products, and services. Develop, implement, and maintain policies and procedures for data protection, including data retention, data access control, and breach notification procedures. Conduct Data Protection Impact Assessments (DPIAs) and risk assessments for new projects or systems involving personal data. Conduct regular audits and reviews to ensure the company’s data processing activities are compliant with applicable privacy laws and regulations. Lead the management of data subject rights requests (e.g., right to access, right to erasure, right to rectification). Provide training and awareness programs for employees on data protection best practices. ISO Compliance Officer Responsibilities: Ensure the company’s compliance with relevant ISO standards (e.g., ISO/IEC 27001, ISO/IEC 27018, etc.) for information security management. Develop, implement, and maintain the Information Security Management System (ISMS), ensuring alignment with business objectives and regulatory requirements. Lead the internal audits of the ISMS and work with external auditors to ensure successful certification and recertification. Manage risk assessment and treatment processes related to information security. Advise leadership on necessary actions to mitigate information security risks and ensure proper documentation of risk management processes. Ensure that proper incident management procedures are in place for security incidents, including breaches, and coordinate response activities. Work with IT and engineering teams to ensure that security controls are in place for cloud services, software development, and infrastructure. Conduct regular security awareness training and ensure that all employees understand their role in safeguarding company data and information. Qualifications & Experience: Strong knowledge of data protection laws and regulations, including GDPR, CCPA, and others applicable to a global software company. The Company will supply training. Experience in managing or supporting ISO/IEC 27001 or other ISO standards certification and audits. The Company will provide the required training. Certification in data protection (e.g., CIPP/E, CIPM) or information security (e.g., CISSP, CISM) is a plus. Knowledge of risk management frameworks and industry best practices related to information security and data privacy. Strong analytical, problem-solving, and decision-making skills. Excellent communication skills, with the ability to explain complex compliance concepts to non-technical stakeholders. Experience working with cross-functional teams (e.g., IT, legal, product) in a small or fast-paced company environment. Ability to prioritize tasks and manage multiple projects simultaneously. Preferred Skills: Hands-on experience with data protection technologies, such as encryption, access control, and data masking. Familiarity with cloud security and securing software development processes (DevSecOps). Experience working in a SaaS (Software-as-a-Service) or cloud-based software company. Worker Type: Regular Number of Openings Available: 0 And a fantastic opportunity to join a market leading Software Company. If you’re interested in this role then click on apply