Information Security & Data Protection Officer - DERBY
Mortgage Advice Bureau (MAB) are a multi award winning mortgage broker and network and due to continued expansion now require a suitably qualified Information Security & Data Protection Office based in their vibrant, head office in Derby.
As a key driver for the protection of Mortgage Advice Bureau’s information, you will play a crucial part in shaping and establishing information security and data protection compliance procedures and governance. You will provide expert advice on the promotion of data protection compliance including best practise procedures and be pivotal in building and maintaining Mortgage Advice Bureau's compliance to GDPR.
You will be responsible for the design and organisation of information security solutions, policies and procedures and to define roles and responsibilities Company wide, for information security.
- Ensure organisational compliance, in line with ISO27001 standards, the Data Protection Act and other information security related contractual requirements.
- Create, develop, implement and enforce suitable policies and procedures
- Develop and implement Information Security and Data Protection awareness and training programs.
- Undertake periodic audits of the ISMS and Data Protection Compliance.
- Provide expert advice on the application of information security and data protection principles across the business.
- Primary liaison to internal and external auditors for all areas of Information Security.
- Responsible for monitoring risks, potential risks and new threats from an information Security perspective and taking appropriate measures.
- Establish and maintain a register of data owners for sets of information. and educate the data owners on their responsibilities.
- Carry out investigations into potential breaches of the Data Protection Act and upcoming GDPR and undertake reporting/remedial action as required.
- Develop and maintain processes for subject access requests for information by customers and employees exercising their rights under the Data Protection Act.
- Take responsibility for the implementation of GDPR along with all changes required to local procedures, including, creation of new policies and procedures to maintain compliance.
- Manage all aspects of PCI compliance and implement new policies and procedures, to maintain AOC annually.
Skills and Requirements
- Significant experience in a similar information security or data protection compliance role.
- A professional qualification in computer security such as CISSP is desirable but not essential
- A broad range of IT Security knowledge with experience of network, server, application and end user computing.
- Experience of security quality standards such as ISO27001 and ISO15408
- Experience of government information security practice (NCSC - National Cyber Security Centre)
- Experienced in developing, reviewing, amending and enforcing security policies and procedures.
- Excellent interpersonal communication skills.
- Experience within a business continuity role, representing the Information Security’s interests and concerns.
- Ability to work on own initiative as well as contributing and working as part of a wider team (sometimes virtual).
Internal: Head of IT, Compliance Director, Chief Operations Officer, Brand and Marketing Director, HR Manager.
External: IT suppliers, Vendors and third party integrated system owners.
In return, we offer a great working environment with a competitive salary, incremental holiday and pension schemes, childcare vouchers and DIS. As a growing business, MAB would also look to support your career development.
Closing date for all applications is 18th August 2017.