Information Security Compliance Manager and Data Protection Officer (DPO)
Role Summary
Our client is seeking an Information Security Compliance Manager and Data Protection Officer (DPO) to ensure compliance with applicable Information Security Standards (ISO27001 / Cyber Essentials Plus, NIS2) as well as the General Data Protection Regulation (GDPR) and other applicable data protection laws. This role reports to the Director of Governance, Risk & Compliance and will coordinate with the Compliance department. You will oversee data protection strategies, implement policies, and ensure the secure processing of data within the organization. The role requires strong expertise in information security compliance, data privacy, legal compliance, and risk management.
Job Responsibilities
Data Privacy Compliance & Advisory
- GDPR Compliance: Monitor and ensure compliance with GDPR, national data protection laws, and internal privacy policies; provide internal expert advice on data protection matters and privacy risks; act as the primary contact with supervisory authorities (ICO, CNIL, AEPD); conduct regular privacy impact assessments (DPIAs) for high-risk data processing activities; maintain Record of Processing Activities (ROPA).
- Policies & Training: Develop and implement privacy policies, guidelines, and best practices; develop and deliver training for employees on data protection obligations.
- DSAR: Oversee and respond to Data Subject Access Requests (DSARs), including rights to access, erasure, and rectification.
- Breach Management: Ensure breaches are identified, investigated, and reported according to applicable laws and standards.
- Audit: Conduct internal audits and ensure continuous improvement in data protection practices; support external audits and regulatory assessments.
- Assessments: Provide guidance on data privacy and information security in contracts, vendor agreements, and address third-party risk assessment requirements.
Information Security Compliance
- Certifications: Manage certification compliance programs (ISO27001 / Cyber Essentials Plus); lead and coordinate annual certification efforts.
- Other Cybersecurity Laws and Regulations: Support compliance efforts regarding EU’s emerging data and cyber laws (NIS2, Data Act).
- Governance: Support ongoing information security compliance and governance activities.
Collaboration & Stakeholder Engagement
- Work closely with Legal, IT, Compliance, HR, Internal Audit, and external partners to align data protection strategies.
Job Skills Requirements
- Strong knowledge of GDPR, ePrivacy Directive, ISO27001, and national data protection laws.
- Experience in privacy law, compliance, or data security.
- Familiarity with data governance, cybersecurity, and IT security frameworks.
- Strong communication skills to engage with internal teams and external regulators.
- Ability to handle sensitive and confidential information with integrity.
Preferred Qualifications
- Legal, IT security, or compliance background.
- Certification in CIPP/E, CIPM, CIPT, CISSP, or equivalent privacy or cybersecurity qualification.
- ISO 27001 Lead Auditor certifications and experience.
- Experience conducting privacy impact assessments (DPIAs) and managing data breaches.
- Strong attention to detail and analytical skills.
- Ability to work independently and make risk-based decisions.
- Strong organizational skills for managing compliance documentation.
- Proactive approach to identifying and mitigating data protection risks.