
Information Security Manager and Data Protection Officer bei Interact Software
Interact Software · Manchester, Vereinigtes Königreich · Hybrid
- Senior
- Optionales Büro in Manchester
As the Information Security Risk Manager & Data Protection Officer you will be responsible for maintaining a corporate-wide, global information risk management program and information security compliance function.
Working closely with the business to develop and ensure adherence with our compliance program to assess appropriate technology platform risks and protect value in the business.
A little about you...
- Comfortable working at pace in a lean, fast-moving environment
- Strong bias for action — a hands-on doer who gets things done
- Experience in product-led or SaaS businesses is highly desirable
- Will take ownership of SOC 2 compliance as we prepare for certification
- Comfortable managing compliance processes and working cross-functionally to meet security standardsStrong knowledge of information security protocols and procedures
- Proficiency in information risk assessment and compliance
- Experience in technology environments, and cloud based SaaS environments
- Strong stakeholder management and reporting skills
- Technically savvy
- Experience working closely with cloud, cyber, and engineering teams desirable
- Knowledge and experience in different security standards and frameworks with track record in leading ISO 27001 accreditation / re-accreditation projects
- Excellent Communication Skills
About the role...
- Continue review and improve the security policies
- Implement and maintain ISMS
- Ensure compliance with relevant security standards and regulations (ISO 27001, SOC 2, Cyber Essentials, etc.)
- Experience of undergoing third party assessments / audits (e.g. ISO27001, SOC 2, etc.)
- Work to acquire new accreditations in line with the business aspirations
- Review, implement, and test business continuity plan and policy
- Manage technical and business stakeholders to achieve compliance and information security goals
- Perform proactive risk assessments and internal process audits
- Work with internal teams and stakeholders to manage risks, find solutions, and resolve issues
- Work with external auditor for the regular auditing activities
- Vendor/supplier reviews
- Participating in the sales process - security questionnaires for prospects and/or customers
- Maintain and/or improve information security awareness within the business
- Monitoring compliance with the UK GDPR and other data protection laws, our data protection policies, awareness-raising, training, and audits.
- Providing advice and information on our data protection obligations.
- Ensuring completion and monitoring of data protection risks involved in processing via DPIA, taking into account the nature, scope, context and purposes of the processing.
- Be a contact point for the ICO, assist with investigations as required in Article 36 and provide support on any other matter.
- Be a contact point, with contact information to be readily available to our employees and individuals about whom data is processed in the course of our activities.
Benefits
- 25 days annual leave (with the option to buy and sell additional days)
- Cycle to work scheme
- Access to Learning & Development platform
- Life Insurance
- Auto Enrolment Pensions
- Healthshield (Cashback on dental check-ups and fillings, eye tests, physiotherapy, prescriptions and much more
- Reimburse for usage of personal mobile phone
- Free Gym membership and Free Friday lunch for office based staff