Information Security and Data Protection Officer

Recruiter
Focus Resourcing
Location
Derby
Salary
40000.0000
Posted
18 May 2017
Closes
16 Jun 2017
Contract Type
Permanent
Hours
Full Time

Our client based in Derby is looking for an Information Security and Data Protection Officer. The role will involve playing a crucial part in shaping and establishing information security and data protection compliance procedures and governance. You will provide expert advice on the promotion of data protection compliance including best practise procedures and be pivotal in building and maintaining compliance to GDPR.


Responsibilities:

  • To ensure organisational compliance, in line with ISO27001 standards, the Data Protection Act and other information security related contractual requirements
  • To create, develop, implement and enforce suitable policies and procedures
  • To develop and implement Information Security and Data Protection awareness and training programs
  • To undertake periodic audits of the ISMS and Data Protection Compliance
  • To provide expert advice on the application of information security and data protection principles across the business
  • To monitor risks, potential risks and new threats from an information Security perspective and taking appropriate measures
  • To establish and maintain a register of data owners for sets of information and educate the data owners on their responsibilities
  • To carry out investigations into potential breaches of the Data Protection Act and upcoming GDPR and undertake reporting/remedial action as required
  • To manage all aspects of PCI compliance and implement new policies and procedures, to maintain AOC annually

Essential Attributes:

  • Significant experience in a similar information security or data protection compliance role
  • A broad range of IT Security knowledge with experience of network, server, application and end user computing
  • Experience of security quality standards such as ISO27001 and ISO15408
  • Experience of government information security practice (NCSC - National Cyber Security Centre)
  • Experienced in developing, reviewing, amending and enforcing security policies and procedures
  • Excellent interpersonal communication skills
  • A professional qualification in computer security such as CISSP is desirable but not essential

Company offer superb benefits and working environment. Good career progression for the right individual.