Data Privacy Assurance Auditor – Technology (IT)

UK Power Networks (Operations) Ltd
£55000/annum 55,000 plus benefits
08 Jun 2017
08 Jul 2017
Contract Type
Full Time
Data Privacy Assurance Auditor – Technology (IT)
Reporting to - Assurance Manager – Technology (IT)
Location - London SE1 or Energy House, Three Bridges
Department - Strategy, Safety & Support Services
Reference Number - 31117
Employment Period - Initial period May 2017 to August 2018 (GDPR deadline plus three months)
Contract Type - Personal Contract
CiP Level / Bonus - 5%
Closing Date - 21/06/2017
Salary Range - Equivalent of £55,000 per annum (Depending on experience)

Job Purpose:
To administer data privacy projects.
The primary focus requires in depth data privacy and technical (IT) audit skills with an opportunity to develop to build robust stakeholder relationships with business colleagues as part of an internal audit and assurance team.
A visible role with significant responsibility in providing successful assurance over management of Data Privacy risks and audit engagements; Technology (IT) risks and Technology (IT) Audit engagements, requiring end-to-end Data privacy and Technology (IT) audit experience.
· Staff: No direct reports, but some responsibility for co-sourced programmes of audit work.
· Stakeholders: Wide engagement required, across all parts of the business managing personal data.
· Ensuring high quality delivery of a data privacy focussed assurance activities and internal audits.
Principal Accountabilities:
To administer data privacy projects as part of a project team.
· Identify and assess the principal risks and uncertainties to the business and support the development of an appropriate response, with particular focus on Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
Undertake the end to end audit process, including planning, fieldwork and reporting, to support the achievement of the assurance and audit plan
Document findings, identify root causes, and propose solutions
Co-ordinate with internal audit colleagues and out-sourced audit resources to deliver audits effectively
Test implementation of management actions to address audit issues
Establish and maintain links with departmental management to be able to source information to support testing quickly and efficiently
· Monitor and report on the status of agreed actions, and proactively engage to push them through to closure
· Support the identification and delivery of departmental improvement initiatives to take the Internal Audit function from good to great
· Share data privacy and technical (IT) skills and knowledge with Internal Audit and Assurance team members to support development of their skills, knowledge and competence
· Share best practice data privacy and Technical (IT) risk & control advice and guidance as required
· Ongoing liaison with stakeholders across the data privacy and Technical IT user base to maintain an objective and up to date view of risk.
Provide support across the Internal Audit Team in the furtherance of achieving of the Internal Assurance Objectives
Knowledge, Skills, Qualifications and Experience:
Be a chartered or certified IT auditor or security professional (e.g. CISA / CISM / CISSP / CRISC)
· A minimum of 3 years’ experience of technology (IT) risk assessment, control framework design, and assurance auditing
· Experience of the information privacy regulatory framework within which UK companies operate (eg: DPA, GDPR)
· A good understanding of Technology (IT) security management frameworks, in particular ISO 27001:2013, certification to Internal Auditor level preferred.
A minimum of 3 years’ experience of project management and IT service governance frameworks: (e.g. PRINCE 2, AGILE SCRUM, ITIL, COBIT)
· Good communication skills; both written and verbal
· Keen attention to detail - Well-developed abilities in data analytics
· Intelligent, agile, lateral quick thinker;
· Proactive mind-set; constantly seeking efficiencies & improvements
· Personal credibility to interact across the organisation
· Personal values in line with UKPN values of Respect, Integrity, Diversity & Inclusion, Unity, Continuous Improvement, and Responsibility
· Collaborative, problem-solving approach

Nature and Scope:
The job holder is responsible for ensuring that all work within their portfolio is completed on time, within budget, to high quality standards (in accordance with the departmental methodology) and fulfils the requirements of the scope. The job holder will have extensive involvement in most aspects of the planning, execution, and reporting on assurance engagements.
The job holder's principal challenge will be supporting the assessment of the adequacy of UKPN’s technology (IT) risk management and control frameworks, as our industry goes through a period of rapid change in regulation, technology (IT), evolving customer expectations, and transitioning to a low-carbon society. Supporting the evaluation of risks and opportunities these changes present, and ensuring UKPN is well placed to capitalise on the opportunities and mitigate the risks, will require the job holder to remain abreast of external developments, as well as peer group assurance plans.

Health & Safety Responsibilities
Employees are responsible for ensuring they fully understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly, where work activities can have an adverse impact upon the environment, and particularly where there are legal requirements, employees are responsible for understanding those impacts and the controls they must ensure are applied.
If in doubt ask