- Define and implement information security policies and processes across the organization.
- Serve as the subject matter expert in security and privacy, advising colleagues and senior stakeholders up to board level.
- Lead internal security risk assessments, security training programs, and oversee ISO27001 audits.
- Manage security incidents and breaches, ensuring swift response and mitigation.
- Ensure ongoing compliance with GDPR and other relevant privacy regulations.
- Perform Data Privacy Impact Assessments (DPIA) and Data Protection Audits.
- Collaborate with internal teams to align security and privacy measures with business needs.
- Monitor updates in privacy legislation and drive organizational compliance.
- Proven expertise in information security and privacy, with certifications such as CISSP, CISM, ISO27001 Lead Auditor, GDPR Practitioner, or equivalent.
- Strong knowledge of compliance frameworks (ISO27001, GDPR) and experience in IT security.
- Significant experience as a Data Protection Officer (DPO), managing data privacy programs and ensuring GDPR compliance.
- Expertise in Data Privacy Impact Assessments (DPIAs), handling subject access requests, and managing data breaches.
- In-depth understanding of privacy and data protection legislation, including GDPR.
- 3+ years of experience in assurance or managerial roles, with 4+ years in security and/or privacy roles.
- Demonstrable experience as a DPO or in a privacy-related role.
- Strong influencing skills, with experience engaging senior stakeholders and executives.
- Excellent communication skills and the ability to build trusted relationships across the organization.
- Comprehensive understanding of risk management and commercial acumen to support procurement teams.
- Ability to thrive in a fast-paced environment, solve challenges proactively, and drive progress.