Information Security Manager
The Information Security Manager will provide project management as well as day-to-day and strategic oversight for all information security management and data protection responsibilities across the charity. This includes developing and maintaining all information security and data protection policies and standards in line with compliance requirements, e.g. data protection legislation and ISO27001. The role will also ensure all data and information risks are identified and managed to maintain the compliance standards within Frontline; making sure that the trustees and senior management are kept up to date with emerging issues and Frontline's response.
The Information Security Manager is also responsible for monitoring and reporting on the progress of all issues in accordance with ICO guidance and ensuring that we meet regulatory and contractual requirements.
The post-holder will perform the role of Information Security Management Systems Manager andwill be the lead on data protection for Frontline. They will ensure that staff and relevant partners receive appropriate training in information security and data protection issues, that appropriate systems and processes are in place to manage personal data and confidentiality (including IT systems), and that subject access requests and suspected information security breaches are dealt with appropriately. This will involve regularly auditing our systems and procedures and ensuring that planned changes to systems and procedures adequately respond to data protection and wider regulatory and contractual requirements.
Information Security -
- Organisational lead for Information Security (IS); ensuring IS responsibilities are considered within projects.
- Reviewing and evaluating on-going risk against regulatory and contractual obligations.
- Chair the Information Security Management Review Group.
- Maintain effective controls to ensure that Frontline is compliant with Information Security Standards, such as those within ISO27001.
- Conduct regular reviews of policies and standards, making sure that they are aligned to best practice.
- Lead on an information security education and awareness campaign across Frontline.
- Maintain and manage an Information Security Risk Register and ensure key risks feed through to the cross-organisational Risk Register.
- Monitor latest developments in information security and implement changes as necessary.
- Produce information security management information and make available to all relevant groups, Committees and Boards as required.
- Work with the outsourced IT department to ensure network and IT systems security.
Data protection –
- Act as the designated lead on data protection.
- Inform and advise the organisation and its employees about their obligations to comply with GDPR and other data protection laws.
- Monitor compliance with the GDPR, and other data protection laws, including managing internal data protection activities
- Be the first point of contact for supervisory authorities and for individuals whose data is processed.
- Provide accurate and timely risk-based advice on data protection issues, striking a balance between legal/regulatory requirements and the wider interests of the charity.
- Monitor and respond to developments in privacy, i.e., new laws, regulations, regulatory guidance, etc.
- Develop and manage data protection training across the organisation through user- friendly guides, presentations and group workshops.
- Lead on dealing with data subject access requests.
- Lead on the planning and implementation of data protection and/or ISO 27001 compliance audits across Frontline and ensure steps are taken to address any identified gaps.
- Oversee and ensure the implementation of robust procedures to respond to any suspected data breaches, in accordance with ICO guidance.
Experience and knowledge
- Experience of designing and implementing Information Security Management Systems and/or Data protection frameworks.
- protection activities.A track record of successfully coordinating or managing information security and Data
- security systems and solutions.High level of IT literacy, ideally with experience of working with and rolling out data
- Good knowledge of current security standards and regulations and data protection legislation
£40,000 (pro rata 0.6-0.8 week) 12 month FTC+ competitive pension, deadline 5pm, 4th December 2017