• Being the Group DPO and Security lead as the Subject Matter Expert on all areas of Data Protection and Cyber & Information Security
• Responsible for implementing and maintaining the strategy and programme to ensure critical information assets are identified and adequately protected
• Implement and embed the groups security frameworks’ policies, processes, standards and controls across all companies
• Developing and embedding key operational processes and controls in Data Protection and Cyber & information Security
• Identify and assess Security and Data Protection related risks and provide proportionate mitigation options and advice to business risk owners for decision making
• Manage the establishment, maintenance and reporting of a group wide security training program
• Collaborate with line manager on an integrated business continuity management approach and plans
• Evaluate prevailing and emerging security threats and trends for management
• Manage the timely Security Incident Response, including evaluating and reporting on business impacts of security incident trends
• Periodically undertake current state assessments of security and data protection for each company and group, to baseline and benchmark findings for senior management
• Conducting risk and assurance assessments using standards-based controls, internally, the supply chain and 3rd parties.
Additional responsibilities (if any)
• Respond to customer-initiated questionnaires on security and data protection.
• Manage and maintain group wide templates for legal agreements (NDAs, DPAs etc.)
• Excellent communication and mentoring skills both to technical and non-technical audience
• Experience with GDPR compliance implementation, monitoring and improvement
• Experience with industry frameworks in Information & Cyber Security and BCM.
• Recognised expert knowledge and experience in data protection and cyber security frameworks policies, processes and controls; such as: NIST CSF, ISO27001, CSC CIS, ISO22301, TOGAF/SABSA
• Familiarity and direct experience of different technology architectures; (on-premises, hybrid and cloud technology); security operating models; security reference architecture and; controls design.
• Demonstrable experience in a variety of practitioner roles as a Cyber Security and Data Protection practitioner.
• Pragmatic, practical and flexible to balancing business and operational needs and options against security risk
• Able to operate as strategic, tactical and operational level
• A proactive and a natural collaborator with a desire to help and support the business achieves its objectives along with shared goals.
Nice to have experience/skills:
Business background in addition to the required technical background.
• Desirable: BSc/MSc in Cyber or Information Security domain from a recognised university
• Essential one or more industry certifications: CISSP, CISA, CRISC, SANS GIAC, CIPP/E, CIPM
5-10 years’ experience acting in a similar security related positions with at least 3 of them in front-line business facing roles