Data Security and Compliance Officer

Web Recruit Ltd
40000.00 GBP Annual + cGBP45,000 DOE
20 Aug 2017
17 Sep 2017
Contract Type
Full Time
Data Security and Compliance Officer
Buckfastleigh, Devon
cGBP45,000 DOE

About our client

They're mad about organic veg. It's at the core of everything they do. They love to grow it, pack it into boxes and deliver it to customers' doorsteps around the UK. This takes a lot of brilliant people, with a range of skills and knowledge.

30 years ago, our client created the organic veg box. Since then they have defined entirely new organic and ethical markets, built restaurants, founded subscription e-commerce and grown to deliver to over 50,000 households per week.

Every part of the business is enabled through technology and our client wants to express their unique offer to customers in a compelling and beautiful way.

What you'll be doing

You will lead the specification, development, implementation and evolution of our client's data and security compliance. You will be the centre of driving cultural change from within IT through to the entire organisation, including remote sites and 60+ franchisees.

Through influence management and as a frequent project stakeholder, you will help embed a culture of security-awareness within new software and systems development and help protect our client's customers and business from breaches, extortion and accident.

You'll be passionate about software and system security and will relish the challenge of developing a full deep understanding of emerging legal legislation and frameworks and helping the organisation implement practical approaches to comply with them. Further, you will own and maintain the organisation-wide policies and data lifecycles and will put in place appropriate approaches and solutions to ensure their enforcement, including physical security mechanisms. Finally, you will work with the HR department to deliver and specify appropriate training and development objectives to make our client a leader in the field.

What you should know

Our client is less concerned about specifics and decades of experience than they are about cultural fit, an ambition, and capability, to learn and develop your skills. If there is something on our client's list which is out of your comfort zone that's fine, but expect them to expect you, to pick it up and run with it should you join them! That said, here are their ideal skills for this role:

- DPA, GDPR, PECR - Data protection, security and compliance
- PCI-DSS - Transacting GBP60m+pa and PCI-DSS compliance is paramount
- DLP - Ensuring that data remains protected against breach
- Threat & risk analysis - Identification, assessment and documentation
- Cybersecurity management - DDoS, malware, virus & phishing prevention
- Testing - Network, vulnerability reporting and penetration testing
- Data lifecycles & governance - Ensuring data is appropriate and accurate
- IAM - Ownership of permissions across tens of systems
- SIEM - Managing security events, their resolution and communication
- SAR - Ensuring access requests are handled quickly and diligently
- Policy - IS, AU, Privacy, Sharing and related policy documentation
- Audit - Confirming continued application of and conformation to policy
- Business process analysis - Manufacturing, e-commerce, finance
- Culture and change management - Bringing people on the journey
- CISSP / OSCP / CCP - Certified professional qualification is desirable
- Implementation - You should be unafraid of getting your hands dirty
- Training - Facilitating and delivering upskilling around data security
- Presentation - You will be confident delivering monthly KPIs to the board
- Agile / Lean - Our client makes small frequent changes quickly, delivering value

Skills & experience

You will have either a solid degree in a data or legal related subject and experience working within data security and compliance with a wide-ranging remit to audit, implement and deliver cultural change within a complex organisation. You'll be very capable of understanding and communicating complex legal and technical requirements to both technical and non-technical people. You are likely to have more than 5 years' experience working to deliver data security and compliance within complex company structures working with many departments and teams along with acting as a stakeholder for security within software development projects. Most importantly, you will have made a difference in previous roles, contributed real value and helped to deliver real policy, technical and cultural change.


Our client offers 31 days' holiday (including bank holidays), a generous company pension scheme and an annual profit share.

The company is based in some of the most beautiful countryside in the world in a modern solar-powered office with all the best start-up trimmings; good coffee, organic breakfasts and lunches, break-out pods, top-end hardware and obviously, a tractor hanging from the ceiling. Our client is also about to become employee owned, sharing their profits because they believe everyone should succeed together. When was the last time you heard birdsong while defining a new asset register? Ate organic poached egg on sourdough while working closely with the UX and engineering team? This is life with our client.

To apply for the role of Data Security and Compliance Officer, please apply via the button shown.

This vacancy is being advertised by Webrecruit. The services advertised by Webrecruit are those of an Employment Agency.

Additional Keywords: Data Security and Compliance Officer, Data Security & Compliance Manager, Data Compliance Manager, Data Security & Compliance Engineer, Data Governance Manager.

Working hours: 40 hours per week