Key skills: Data Protection, Security Confidentiality, Line Management, Service Delivery and records management. Cybersecurity Risk Management, ISO27001, Possibly CREST or Cyber Essentials Plus, CISSP, CISM.
This role is Hybrid working. You must live within a commuting distance of Purley, Surrey.
My Client is a rapidly growing business bringing digital technology to the global insurance marketplace. Their technology is deployed in some of the worlds leading insurers globally including UK, USA Europe, etc providing clients with enhanced customer service and productivity. My client is once again expanding rapidly.
They seek an experienced, Compliance and Data Protection Officer (C&DPO) is responsible for ensuring the company's adherence to all relevant laws, regulations, and industry standards.
This role requires a deep understanding of data protection laws, such as GDPR, as well as other compliance frameworks applicable to the industry. This role will also require a deep understanding of information security, such as ISO27001. The C&DPO will develop and implement compliance programs, conduct risk assessments, and provide guidance to employees on data protection and compliance matters.
You must be a team player who is prepared to work alongside your team as well as with the board.
You will have:
- You will be an experienced leader and specialist in relation to data protection, security, confidentiality, line management, service delivery and records management.
- Experience in running the day-to-day management of the Data Protection service.
- Lead and promote data protection and security awareness and provide advice and guidance to the Trust, Employee's and Management in relation to the organisation achieving compliance with Data Protection Legislation.
- A track record in cybersecurity risk management, with a strong understanding of the UK cybersecurity landscape, including Cyber Essentials, ISO 27001 frameworks.
- Experience in managing information security compliance projects within the UK.
- Excellent communication and influencing skills, capable of engaging effectively with a range of stakeholders on complex information security issues to ensure change is adopted and sustained.
- Proven experience in compliance and data protection roles
Key Skills and Responsibilities.
In-depth knowledge of data protection laws
- Strong understanding of relevant industry regulations and standards
- Excellent analytical and problem-solving skills
- Strong organisational and time management skills
- Ensure appropriate and timely engagement with internal and external stakeholders
- Assist the Chief Technical Officer when required
- Produce high quality MI for relevant stakeholders
- Actively advocate for a good culture across the business, promoting a good compliance culture
- Escalate any compliance issues in accordance with governance
- Creation and Organisation of appropriate policy information
- Involvement in completion of security questionnaires. The C&DPO is responsible for the RFI and RFP process.
- Oversee security related impact in contractual negotiations (both supplier and customer).
- Provide information Governance support in relation to commercial, informatics, and research projects.
- Develop and implement a compliance risk management framework tailored to the specific needs and challenges of the business, focusing on the protection of financial data, personal information for staff, and sensitive research data.
- Conduct targeted infosec risk assessments and compliance audits, providing strategic insights and recommendations to the company's senior management and board.
- Stay ahead of emerging infosec threats and advancements in information security technologies and practices, ensuring the company remains proactive and responsive in its infosec risk and compliance strategies.
Other Duties
- Manage a small team and take responsibility for their development
- Provide leadership to junior members of the team
- Develop and deliver appropriate training to staff/stakeholders relating to areas within expertise
Regulatory Liaison
- Responsible for the management of all interactions with Regulatory bodies
- Working with relevant stakeholders, to draft appropriate responses to regulatory information request
- Manage responses to monthly regulatory reporting as required
- Work with the InfoSec team to ensure a joined-up approach to regulatory contact
Data Protection
- Provide first line support for all data protection and security enquiries. Including commercial, data analytics and research to the Company. Such as contracts and procurement process and due diligence, ISA, DPA, DPIAs AND DTAC.
- Ensure full compliance with UK data protection laws, as well as adherence to specific regulations relevant to our organisation and our internal and external audit obligations.
- Main point of contact for data protection related matters
- Responsible for business adherence to data protection legislation, including the completion annual assessments
- Responsible for the development of additional Data Protection training for the business
- Keep up to date on regulatory changes, and notify the business accordingly
- Responsible for ensuring changes to legislation are implemented effectively
- Ensure all business policies in relation to data protection, are kept up to date
- Responsible for ensuring that all breaches and incidents are reported in accordance with regulatory requirements and business processes
Skills
- In-depth knowledge of data protection laws
- Strong understanding of relevant industry regulations and standards
Qualification
- Holding or working towards UK-recognised cybersecurity certifications, such as those offered by CREST or Cyber Essentials Plus, is desirable.
- Additional certifications such as CISSP, CISM is required
- ISO27001 Lead Auditor/Implementer qualification is beneficial
You will have excellent communication skills and excellent attention to detail is a must.
Circa £50k - £70k + Substantial Company Bens (NEG).