Data Protection Manager
Goodman Masson are currently working alongside a reputable, public sector organisation in search for a Data Protection Manager to join their highly innovative Information Security practise.
The Risk & Compliance Directorate is made up of Enterprise Risk and Compliance. Compliance comprises Information Security & Data Protection, Compliance monitoring & Assurance, Master Trust Supervision and Financial Crime Prevention.
The Information Security and Data Protection function is accountable for the development, implementation and on-going maintenance of the ISMS (Information Security Management System) across the Corporation in line with ISO 27001. It also supports and provides assurance over the implementation of security and data protection requirements within the scheme and other third-party suppliers, and acts as the body responsible for ensuring Data Protection Act compliance across the corporation.
- Responsible for delivering the day to day data protection operating framework and records management framework whilst complying with the data protection and records management policies.
- Production of reporting for senior management.
- Conduct Data Protection Impact Assessments on business or technical change, to identify and assess risk, identify treatment options, then present to management for decision.
- Advising on Data Protection and records management compliance and advise on legislative requirements relating to privacy and data protection.
- Work with the 2nd line Compliance Monitoring and Assurance (CMA) Team to ensure an adequate coverage of data protection compliance.
- Contribute as a Subject Matter Expert to any regulatory developments relating to data protection and records management compliance.
- Work with the Procurement team and general counsel directorate to ensure contracts have the appropriate data protection clauses as required.
- Investigating and writing up Data Protection incidents and reports to ensure that root causes are identified, actions taken to fix are implemented, actions to prevent recurrence are agreed with owners and tracked to closure and disclosure requirements are evaluated and acted upon where applicable.
Key Skills & Requirements:
- Extensive technical knowledge Data Protection legislation and experience of translating requirements into pragmatic and practical solutions.
- Experience of responding to regulatory requests with a proactive approach to management of the regulatory relationship.
- Experience of responding to subject rights requests or complaints, whether from subjects or the ICO.
- Detailed understanding of European and UK associated data protection legislation.
- Understanding of the structure of the key records management tool.
- Experience of records management best practices and ability to design, communicate and control records management processes.