An exciting opportunity to join a growing travel company in Oxfordshire, this role is important in supporting and improving the ongoing cyber security strategy of the organisation in order to ensure that GDPR regulations are met and that the cyber security risks associated with the company are captures, assessed and controlled.
- Assist with developing and implementing an information classification and handling policy, and assist with maintaining the organisation's information strategy and requirements.
- Travel across the 3 company locations to provide guidance to managers, leaders and employees in the form of training and awareness support to ensure the cyber security and data protection policies are designed, maintained, communicated and enforced.
- Manage the strategy and priority of cyber security objective in order to ensure compliance with GDPR requirements.
- Lead the GDPR committee to ensure objectives are prioritised, and that the company is in a position to comply with regulatory requirements.
- Lead on the strategy and development of the processing of all personally identifiable information under company control.
- Manage the delivery of recommendations and improvements for an internal application.
- Act as the primary contact for all data protection and GDPR related matters, and advise on regulatory best practice and data protection compliance, specific to company operations and cyber security strategy.
- Co-ordinate GDPR and data protection compliance activities with other governance leaders, managers and board members.
- Review existing data protection policy and enhance as necessary to ensure compliance with GDPR.
- Maintain and establish a register of data owners and advise on their responsibilities.
- Assist with the creation of a cyber risk register and an incident response plan regarding complaints, breaches and other remedial actions.
- Review and implement a suitable archiving process and provide advice and guidance on retention policies, data minimisation and storage requirements.
- Be the lead contact with the Information Commissioner's Office where necessary.
- Ability to provide guidance on risk assessments, countermeasures and data protection impact assessments, including experience in privacy assessments and certifications/seals, and information security standards specifications.
- Expertise in European and national data protection law, with solid knowledge of GDPR.
- Knowledge of information technologies and data security.
- Leadership qualities and project management experience.
- Broad business experience and understanding of how privacy, security and procedure should be implemented to integrate smoothly with services offered and revenue generated.
- Record of engaging with emerging and forthcoming laws and technologies.
- Experience in technical, legal or regulatory training and awareness raising initiatives.
- Significant experience in EU privacy laws, including the drafting of policies and technology provisions.
- Significant experience in IT operations, including the attainment of information security standard certifications, such as CISSP, and appropriate privacy seals/marks.
- Experience in information system auditing and risk assessments.
- Strong stakeholder management skills.
- Qualified in either CIPP/E, CIPT, PC.DP, CDPO or EU GDPR Practitioner
Project People is acting as an Employment Business in relation to this vacancy.