The role holder will be responsible for ensuring compliance with quality standards, including ISO 27001 and 9001, as well as GDPR and other regulatory requirements. They will also develop and implement policies and procedures, conduct audits, manage data privacy and IT security, and drive continuous improvement.

Overview

The Information Security and Data Protection Manager plays a pivotal role in the development, implementation and oversight of the Information Management and Data Protection System. Working with colleagues across Operations, Tech, Product and Shared Services, the Information Security and Data Protection Manager ensures compliance with quality standards, including ISO 27001 and 9001, as well as GDPR and other national and international regulatory, legislative, internal and external requirements for all territories in which the company operates.

The Information Security and Data Protection Manager is a key member of the Quality, Regulatory and Compliance Team, reporting into the Chief Financial Officer, responsible for driving compliance and quality approaches for existing and new markets. The Information Security and Data Protection Manager designs and implements company policies and procedures, training and education and monitors internal compliance to ensure that the company has a coordinated strategy for managing Data privacy and IT Security. The Information Security and Data Protection Manager provides a compliance framework and structure that supports as the company grow in size, complexity and geographical reach.

Key Tasks and Responsibilities:

• Leading the creation, maintenance and oversight of policies, processes and procedures to drive compliance to ISO 27001, GDPR, DSP toolkit.
• Working closely with the Quality Manager to support ongoing development and maintenance of the ISO9001 certified Quality Management System and ensures seamless integration of QMS, ISMS and DPMS.
• Serving as data protection and privacy champion for working collaboratively with colleagues across the organisation to maintain the data processing.
• Inventory and to perform data privacy impact assessments, ensuring risk analyses are carried out in line with robust risk management processes.
• Serving as the data protection point of contact, serving as the first point of contact for data protection related queries and requests.
• Supporting business continuity planning (BCP), developing and maintaining BCPs.
• Providing leadership for inspections and audits, establishing internal audit schedules and conducts supplier audits as needed.
• Establishing employee training programmes to drive education on all information security and data protection aspects.
• Performing regular reviews of the company's data processing operations and the accessibility of personal data.
• Carrying out security and quality-based audits across the business to provide assurance that internal and external risks are being managed appropriately and effectively.
• Working with colleagues across the company to assess, identify and report areas of weakness and to develop effective corrective and preventive measures.
• Driving continual improvement, working with functional teams to develop and implement process improvement initiatives.
• Defining and implementing key performance indicators (KPIs) for measurement and analysis on the performance of the Information security management system (ISMS) and data protection system.
• Ensuring suitable advice, guidance, support, tools and training are available to those within the company who handle data, to ensure they do so appropriately.
• Ensuring the CFO / CEO is adequately briefed on information risk issues.
• Running day to day ISMS and data protection compliance, overseeing audits, attending management reviews, documenting procedures and policies to ensure new or proposed changes to the company's processes or information assets are identified.
• Responsible for the incident management process ensuring identified information security risks are followed up, incidents managed, and lessons learnt.
• Responsible for access control for all systems and product.
• Maintaining an up-to-date awareness of industry standards and applicable regulatory requirements as they pertain to the work of the company, data protection and information security.
• Serving as delegate for quality manager when necessary.
• Ensuring all technical documentation meets ISO 27001 requirements.
• Ensuring all data collection, processing and storage activities comply with applicable regulatory requirements and are aligned to the latest data processing inventory and privacy notice.
• Supporting and contributing to quality management system and data protection system activities and initiatives.
• Serving as information asset owner for systems as agreed upon by the Leadership Team. See appendix I - Information Asset Owner role description for Information Asset Owner role responsibilities.

Qualifications, Skills and Experience

• Degree in scientific discipline or equivalent level of professional qualifications or experience of working in the health industry.
• ISO 27001 Internal Auditor Training.
• A sound knowledge of key relevant quality standards and regulations, in particular ISO27001, ISO9001 and GDPR, together with demonstrable practical experience of applying these to Quality and Compliance Management Systems and business processes.
• Experience of driving change and compliance, preferably in a start-up environment, including robust working knowledge of risk management and mitigation.
• Strong knowledge of EU data privacy and data protection regulation, and an appreciation of other major privacy frameworks and evolving legislation worldwide.
• Experience managing multiple projects simultaneously.
• Experience within technology environments preferable.
• Experience of electronic Information Security Management System (ISMS) implementation and management.
• Knowledge of UK data privacy and data protection regulation.
• Ability to work as part of a multidisciplinary team.
• Personable and effective communicator, with a strong teamwork ethic.
• Experience of Quality Management Systems or willingness to develop expertise in this area.
• Excellent communication and relationship-development skills.
• Highly detail oriented, organised, demonstrating initiative and quick learner.
• Ambitious, proactive, autonomous, self-motivated and resilient.
• Commitment to the company's mission.

TMM Recruitment INDIT INDQHS