Data Security Compliance Advisor
12 Month FTC, Full Time
Hybrid - WFH and 1-2 Days East Grinstead Office
Basic Salary £47,000-£50,000 with excellent benefits including 25 Days holiday, Pension Scheme, Life Assurance, Private Health Scheme and family (AXA), Discounts on insurance products, are a wide range of retailers and service providers via the 'SMILE' portal. Savings on fuel with My Esso Card Wellbeing allowance (£150 a year). There is further assistance for work related training available. Eye Care Voucher Scheme, Employee Advisory Service
Reason for Vacancy - Expansion due to workload
Key Tasks / Accountabilities:
-
Be primarily responsible for the end-to-end process of fulfilling data subject requests made under the UK General Data Protection Regulation (UK GDPR), such as subject access requests and erasure requests, as well as requests for information from other organisations, such as law firms, law enforcement or government departments
-
Build on existing internal documentation and communications regarding the data subject request process so that:
-
Other departments are clear about their responsibilities, and
-
The Data Security Compliance Team handles requests in the most structured, efficient and cost-effective manner possible, while complying with UK data protection legislation and meeting legal deadlines
-
Work with members of the team on the development and integration of tools involved in the data subject request process, such as the OneTrust Privacy Rights Automation module and other internal platforms
-
Share the responsibility to conduct reviews of existing assessment and accountability processes and work with business stakeholders to create new ones where required. Assist with the recommendation of improvements to achieve compliance and reduce risk and help to ensure the delivery of agreed recommendations. Examples of processes are:
-
Data Protection Impact Assessments (DPIAs)
-
Legitimate Interest Assessments (LIAs)
-
Legal Basis for Processing Checklists
-
Records of Processing Activities (ROPA)
-
Assist with the optimisation of the above record, list and assessment processes and the continual improvement of associated documentation
-
Contribute to the application of organisation wide processes such as Data Protection by Default and by Design, working with business teams and the IS department as necessary
-
Contribute to the development and execution of data protection and data security training, awareness campaigns and eLearning training rollouts
-
Support the Data Protection Officer in ensuring the importance of data security compliance is appropriately communicated across the organisation by assisting with the production of communications as well as articles and guidance for the team's intranet presence
-
Assist with the production of well written and carefully considered advice and guidance in response to data protection and data security enquiries, both internal and external
-
Represent the team in meetings and for projects and initiatives, where required
-
Attend industry events, conferences and seminars to keep up to date with the threat landscape and any upcoming legislative change
Essential Skills & Experience Required:
- Strong knowledge and experience of current and upcoming UK data protection law, e.g. the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Privacy and Electronic Communication Regulations (PECR) and familiarity with guidance published by the Information Commissioner's Office
- One or more recognised data protection qualifications, e.g. UK GDPR Practitioner, CIPP/E, CIPM
- Extensive experience of fulfilling data subject requests made under the UK GDPR
- Experience of working in a team where providing guidance and advice about UK data protection law to internal and external stakeholders is a primary focus
- Proven experience in handling confidential and sensitive information
- First rate planning and organisation skills with the ability to manage conflicting priorities while meeting tight deadlines
- Must have the ability to work well under pressure while maintaining discretion
- Ability to work with minimum supervision, as well as collaboratively and flexibly with others to achieve team objectives
- Excellent written English coupled with clear and articulate verbal communication skills
- Methodical, with a high attention to detail and accuracy
- Highly motivated and focused with a desire to help, use initiative and add value
- Confident general IT skills, ideally primarily with use of Google Workspace and Adobe Acrobat Pro (see below) but as a minimum, with Microsoft Office / O365 software suites
Desirable Skills & Experience Required:
- Highly proficient use of Google Workspace (Gmail, Drive etc), Microsoft Office (Outlook, Word and Excel in particular) and use of the redaction tools and other key features in Adobe Acrobat Pro
- Familiar with information security best practice, e.g. ISO 27001, Cyber Essentials
- Awareness of payment card industry standards and requirements, i.e. Payment Card Data Security Standard (PCI DSS)
To apply to this role of Data Security Compliance Advisor please send your CV.
Closing date for applications is Monday 25th November.
Due to the volume of applications we are only able to contact successful applicants. Therefore if you have not heard from us within 10 working days please deem your application as unsuccessful on this occasion.
Membership Bespoke is acting as a recruitment business in relation to this role. Membership Bespoke positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, or pregnancy and maternity.
Membership Bespoke is the most experienced membership-focused recruitment firm in the UK, with 10+ years of experience delivering tailored permanent, temporary, interim, and Executive Search recruitment solutions to Trade Associations, Regulatory Bodies, Political Parties, and Professional Bodies.