This role is ideal for anyone that has been providing information and cyber security consulting services to customers and is looking for better work life balance. The role will be split 50:50 between being responsible for internal data protection and ISO 27001 for Bytes and delivering customer consulting.
The internal role will be focused on all aspects of data privacy from data privacy notices, data processing impact assessments, legitimate interest assessments through coordinating subject access requests as well as all other aspects of data privacy requirements. The ISO 27001 aspects of the internal role will focus on ensuring compliance with ISO 27001 and coordinating evidence and audits. This will work cohesively with the requirements of data privacy to oversee IT teams to ensure that Bytes complies with Article 32 and its security and quality measures leading to sustained compliance and successful audit under IASME Governance Audited. The role will also require response to 3rd party security questionnaires under the direction of the Head of InfoSec & Cyber Compliance.
Customer consulting will focus on areas of audit and advisory - ISO 27001, PCI DSS (if qualified or if interested in becoming qualified), Information Security Forum Healthchecks, NIST Cyber Security Framework, CIS Top 20 Critical Controls, and 3rd party assurance activities.
•To maintain internal controls and requirements for data privacy, respond to requirements and handle requests across the Bytes business.
•To oversee requirements for the maintenance of ISO 27001 and IASME Governance Audited.
•To work with the relevant teams across the Bytes business to deliver information security and data privacy services.
•To assist with helping conduct information and data privacy risk assessments within the organisation.
•To directly deliver 10 days of Audit & Advisory consulting per month - focusing on ISF Security Healthcheck & Benchmarking, ISO 27001, PCI DSS (desirable), Data Privacy, and general security consulting to customers.
• To deliver the requirements of a data protection manager and to advise the organisation on its responsibilities under the Data Protection Act.
• To interact with the teams for ISO 27001 and ensure that all paperwork and requirements are met for the ongoing maintenance of certification.
• Interacting with the sales team to ensure that new business is scoped appropriately for delivery of a single engagement.
• Managing customer engagements and being responsible for the quality / timeliness of all work directly delivered.
• Delivering high quality engagements to customers and delivering real value to them.
•Certified ISO 27001 Lead Implementer / Lead Auditor qualification(s) or other relevant information security qualifications
•Data Privacy certification (desirable) or suitable experience
•PCI QSA (desirable)