Docsity
Docsity

Prepara tus exámenes
Prepara tus exámenes

Prepara tus exámenes y mejora tus resultados gracias a la gran cantidad de recursos disponibles en Docsity


Consigue puntos base para descargar
Consigue puntos base para descargar

Gana puntos ayudando a otros estudiantes o consíguelos activando un Plan Premium


Orientación Universidad
Orientación Universidad


Data Protection and Information Security Manager, Apuntes de Derecho Laboral

Data Protection and Information Security Manager Job Description

Tipo: Apuntes

2018/2019

Subido el 20/03/2019

monica-torras
monica-torras 🇪🇸

3 documentos

1 / 4

Toggle sidebar

Esta página no es visible en la vista previa

¡No te pierdas las partes importantes!

bg1
Role Profile – Data Protection & Information Security
Manager
Location: Bristol
Role title: Data Protection & Information Security Manager
Department: IT & Projects
Reports to: IT & Projects Director
Purpose of the role:
The Data Protection and Information Security Manager will be a subject matter expert in all aspects
of data protection and information security. They will be the lead role in ensuring compliance with
Data Protection and GDPR regulations for Lifetime Training Group and managing the continued
implementation, monitoring and control of information and data governance.
The role requires a hands on manager who has direct experience in understanding personal
identifiable (PI) data, and working with business and technology teams on how to manage, secure
and remove PI data as defined by the legal/regulatory requirements and Lifetime Information
Security Group.
This role will suit an individual who has a passion to develop their own skills and knowledge in
information security and data protection compliance; a proactive person who is a ‘hands on’
starter/finisher, that’s driven, enjoys responsibility and achieving results; a highly organised person
in their ability to manage and prioritise workload; adept at operating effectively within an
organization delivering via influence and relationships rather than all under their control.
Role accountabilities
Manage the design, delivery and development of the Data Protection and Information Security Policy to
ensure it comprehensively meets current business needs and evolves to provide clear added value.
Develop and continually evolve Lifetime’s Information Security strategy and ensure that there is
quantifiable progress in applying the strategy
Own, review and contribute to information security policy and associated procedures and standards.
Develop the operational processes and controls, and assess their effectiveness in mitigating Information
Security and Data Protection risks faced by the Lifetime Training Group
Monitor and enforce the information security policy and technologies for all Lifetime business processes,
systems and infrastructure.
Lead the business with the creation and maintenance of data protection registers to monitor and track
data sharing arrangements, data retention policies, breach notification, ICO registrations and effective
asset management and disposal.
Lead the development of the risk management and control systems
Define and enforce personal identifiable data lifecycle management processes
Facilitate the remediation of identified vulnerabilities for IT security and IT risk.
pf3
pf4

Vista previa parcial del texto

¡Descarga Data Protection and Information Security Manager y más Apuntes en PDF de Derecho Laboral solo en Docsity!

Role Profile – Data Protection & Information Security

Manager

Location: Bristol Role title: Data Protection & Information Security Manager

Department: IT & Projects Reports to: IT & Projects Director

Purpose of the role:

The Data Protection and Information Security Manager will be a subject matter expert in all aspects

of data protection and information security. They will be the lead role in ensuring compliance with

Data Protection and GDPR regulations for Lifetime Training Group and managing the continued

implementation, monitoring and control of information and data governance.

The role requires a hands on manager who has direct experience in understanding personal

identifiable (PI) data, and working with business and technology teams on how to manage, secure

and remove PI data as defined by the legal/regulatory requirements and Lifetime Information

Security Group.

This role will suit an individual who has a passion to develop their own skills and knowledge in

information security and data protection compliance; a proactive person who is a ‘hands on’

starter/finisher, that’s driven, enjoys responsibility and achieving results; a highly organised person

in their ability to manage and prioritise workload; adept at operating effectively within an

organization delivering via influence and relationships rather than all under their control.

Role accountabilities

 Manage the design, delivery and development of the Data Protection and Information Security Policy to ensure it comprehensively meets current business needs and evolves to provide clear added value.  Develop and continually evolve Lifetime’s Information Security strategy and ensure that there is quantifiable progress in applying the strategy  Own, review and contribute to information security policy and associated procedures and standards.  Develop the operational processes and controls, and assess their effectiveness in mitigating Information Security and Data Protection risks faced by the Lifetime Training Group  Monitor and enforce the information security policy and technologies for all Lifetime business processes, systems and infrastructure.  Lead the business with the creation and maintenance of data protection registers to monitor and track data sharing arrangements, data retention policies, breach notification, ICO registrations and effective asset management and disposal.  Lead the development of the risk management and control systems  Define and enforce personal identifiable data lifecycle management processes  Facilitate the remediation of identified vulnerabilities for IT security and IT risk.

 Perform regular data discovery exercises to ensure all personal identified data is identified and monitored.  Ensure Lifetime policies with regards to Data Protection and GDPR are compliant with regulatory and legal obligations. Conduct regular and ongoing monitoring of and reporting on Lifetime’s compliance with external information security standards and policies, for example Cyber Essentials, ISO 27001.  Liaise with the technical teams to ensure PI data requirements are captured during Agile development process.  Member of the Information Security Group, working with the Data Protection Officer, on any enquiries or incidents related to PI data.  Liaise with database administrators to ensure that sensitive data is stored and monitored appropriately  Liaise with 3rd parties that may store sensitive data on behalf of Lifetime, ensuring that the data is stored and monitored appropriately.  Act as the project manager/lead on IT security for projects providing subject matter expertise and technical knowledge in the areas of information security and data protection to the Lifetime Training Group.  Perform Privacy Impact Assessments on new products and complete Data Protection Audits on business functions and key risk areas.  Promote user education awareness of applicable regulatory standards, upstream risks and industry best practices across  Communicate and engage with multiple stakeholders (all the way to senior level) on data protection and information security compliance; and  Proactively monitor changes to data protection legislation, communicating and managing changes as they apply to the business

Key Performance Indicators’

 Achieving GDPR compliance.  Achievement of deliverables on IT Security Continual Improvement Plan as agreed by the Information Security Group (ISG)  Ensuring Lifetime’s annual information security monthly activity plan is delivered by all responsible parties.  Appropriate security governance processes are implemented and adhered to  Appropriate security technologies as defined in the strategy are implemented successfully  Mitigate known security risks; avoid the avoidable incidents / breaches

Role Holder Signature: Date:

Manager Signature: Date: