• Compliance Management: Develop and implement compliance programs; ensure adherence to data protection laws, including GDPR.
• Information Security: Oversee cybersecurity risk management, including understanding ISO27001 frameworks and other relevant security certifications.
• Team Leadership: Manage a small team, providing leadership and development opportunities.
• Regulatory Liaison: Handle interactions with regulatory bodies; manage responses to regulatory information requests.
• Data Protection: Address data protection and security inquiries; ensure full compliance with UK data protection laws and regulations.
• Training and Awareness: Promote data protection and security awareness; deliver training to staff and stakeholders.
• Risk Management: Conduct targeted infosec risk assessments and compliance audits; stay ahead of emerging threats.
• Policy and Documentation: Maintain and update policies related to data protection; manage audit activities and security questionnaires.
• Stakeholder Engagement: Work with internal and external stakeholders; ensure timely engagement and communication.
• Experience: Proven experience in compliance and data protection roles, with a strong track record in cybersecurity risk management.
• Knowledge: In-depth knowledge of data protection laws (e.g., GDPR) and industry regulations; understanding of ISO27001 frameworks.
• Skills: Excellent analytical, problem-solving, communication, and interpersonal skills. Ability to work independently and as part of a team.
• Qualifications: Certifications such as CISSP, CISM required; ISO27001 Lead Auditor/Implementer beneficial; working towards UK-recognised cybersecurity certifications (CREST, Cyber Essentials Plus) desirable.
