Information Security Officer/DPO,
Finance Department, Lookers Head Office, Manchester
Contract Type: Permanent
Main Duties and Responsibilities
Data Security Management Framework
The IS/DPO is responsible for documenting our governance and control framework in respect of Data Security and ensuring that our information security strategies are aligned with and support business objectives and are consistent with applicable laws and regulations through adherence to policies and internal controls, covering such areas as:
· Access Controls
· Data Handling
· Malware Protection
· System Configuration
· Personnel Security
· Physical Security
· Business Continuity Plans
· Third Party Security
· Regulatory compliance
· Change management
The IS/DPO is also responsible for communicating our approach to cyber risk management throughout the Group and communicating the value of security and our processes to our employees.
The IS/DPO has responsibility for handling reported security incidents, identifying root cause and playing a lead role in crisis management and advising on threat detection. The IS/DPO will define the processes to protect us against network attacks and other cyber-crime.
The IS/DPO will be expected to create an audit framework and conduct internal audits to verify compliance to Information Security policies and standards and advise where remedial actions are required, highlighting where these are not in line with our risk appetite.
The IS/DPO has responsibility for the carrying out Information Security Risk Assessments and Data Privacy Impact Assessments, keeping the Risk Register up to date and providing Risk based management information to the Business.
The IS/DPO will manage our GDPR programme including:
· Carrying out an information audit and data and asset mapping/information flows
· Identifying and documenting the legal basis on which we are processing information
· Updating fair processing notices
· Assisting with the maintenance of a customer database with current marketing preferences
· Monitoring compliance with the data retention and destruction policy
· Implementing a data breach response plan; being the point of contact with the ICO, maintaining a breaches log and reporting to the ICO
· Carrying out a data protection impact assessment when appointing a new data processor and ensuring data processing agreements are entered into, advising on cross border data transfers and termination of data processing agreements
· Taking responsibility for DSARs and management of the Right to be Forgotten
Key Skills and Qualifications
· A security certification such as CISSP/CISM/CISA/CISMP.
· Strong academic record, to degree level or equivalent industry experience
· Be fully conversant with ISO27001 information security standard and PCI-DSS
· Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies
· A passion for technology and security safeguarding with a desire to deliver
· Thrives on change, showing an impressive ability to drive the IT security strategy forward
· Analytical mind capable of managing numerous information sources and providing analysis and reports to senior management
· Strong customer focus - able to meet the demands of internal and external customers
· Excellent communication skills - providing verbal and written communication that is understandable and engaging to senior management and colleagues
· Flexible and adaptable - capable of changing direction where required and showing flexibility to meet new demands
· Forms business partnerships that help drive the IT security strategy forward
· Can make decisions that are well informed and timely
· Creative thinking - able to look at alternatives and consider new ways of thinking to problem solve
· Multi-tasking - can manage several concurrent projects and prioritise demands
· Knowledge of risk analysis and risk management methodologies
In recognition of the hard work, flexibility and commitment of our people we have recently introduced a new and improved industry leading benefits package. This includes competitive basic salaries, enhanced holidays that increase with service, critical illness cover after 2 years, one year fully paid maternity leave for women and for some roles a company car and high earning potential through commission or bonus.