Information Security Compliance Manager and Data Protection Officer DPO

Information Security Compliance Manager and Data Protection Officer (DPO)

Role Summary

Our client is seeking an Information Security Compliance Manager and Data Protection Officer (DPO) to ensure compliance with applicable Information Security Standards (e.g. ISO27001 / Cyber Essentials Plus, NIS2) as well as the General Data Protection Regulation (GDPR) and other applicable data protection laws. This role reports into the Director of Governance, Risk & Compliance and will coordinate with the Compliance department. You will oversee data protection strategies, implement policies, and ensure the secure processing of data within the organisation. The role requires strong expertise in information security compliance, data privacy, legal compliance, and risk management.

Job Responsibilities

Data Privacy Compliance & Advisory

·       GDPR Compliance: Monitor and ensure compliance with GDPR, national data protection laws, and internal privacy policies; provide internal expert advice on data protection matters and privacy risks; act as the primary point of contact with supervisory authorities (e.g. ICO, CNIL, AEPD); conduct regular privacy impact assessments (DPIAs) for high-risk data processing activities; maintain Record of Processing Activities (ROPA)

·       Policies & Training: Develop and implement privacy policies, guidelines, and best practices; develop and deliver training for employees on data protection obligations

·       DSAR: Oversee and respond to Data Subject Access Requests (DSARs), including rights to access, erasure, and rectification

·       Breach Management: Ensure breaches are identified, investigated, and reported according to applicable laws and standards

·       Audit: Conduct internal audits and ensure continuous improvement in data protection practices; support external audits and regulatory assessments

·       Assessments: Provide guidance on data privacy and information security in contracts, vendor agreements, and responsible for addressing third-party risk assessment requirements

Information Security Compliance

·       Certifications: Manage certification compliance programs (ISO27001 / Cyber Essentials Plus); lead and coordinate annual certification efforts

·       Other Cybersecurity Laws and Regulations: Support compliance efforts regarding EU’s emerging data and cyber laws (e.g. NIS2, Data Act)

·       Governance: Support ongoing information security compliance and governance activities

Collaboration & Stakeholder Engagement

·       Work closely with Legal, IT, Compliance, HR, Internal Audit, and external partners to align data protection strategies

Job Skills Requirements

Essential

·       Strong knowledge of GDPR, ePrivacy Directive, ISO27001 and national data protection laws

·       Experience in privacy law, compliance or data security

·       Familiarity with data governance, cybersecurity and IT security frameworks

·       Strong communication skills to engage with internal teams and external regulators

·       Ability to handle sensitive and confidential information with integrity

Preferred

·       Legal, IT security or compliance background

·       Certification in CIPP/E, CIPM, CIPT, CISSP or equivalent privacy or cybersecurity qualification

·       ISO 27001 Lead Auditor certifications and experience

·       Experience conducting privacy impact assessments (DPIAs) and managing data breaches