Data Protection and Information Security Manger

Data Protection and Information Security Manger

Posted Mar 20 2019

Edinburgh

Full time

Apply for this position








No file selected


Thankyou for your interest in Current. We'll be in touch with you shortly.

What will you do

The Data Protection and Information Security Manager is a critical role for our growth. This role will be a subject matter expert in all aspects of data protection and information security. They will be the lead role in ensuring compliance with Data Protection, Security, HIPAA (Hi Trust) and GDPR regulations for Current Health and managing the continued implementation, monitoring and control of information and data governance.

The role requires a hands-on manager who has direct experience in understanding personal identifiable (PI) and personal health identifiable (PHI) data and working with business and technology teams on how to manage, secure and remove PI/PHI data as defined by the legal/regulatory requirements of Current Health.

Overall, this role is to manage, monitor and improve Information Security Management System, following ISO/IEC 27001, GDPR, HIPAA/HI Trust and other applicable regulations.

Responsibilities
• Acting as the Data Protection Officer with Current Health
• Document Controller for all ISMS related documentation.
• Manage the design, delivery and development of the Data Protection and Information Security Policy to ensure it comprehensively meets current business needs and evolves to provide clear added value.
• Develop and continually evolve Current Health Security strategy and ensure that there is quantifiable progress in applying the strategy
• Own, review and contribute to information security policy and associated procedures and standards.
• Develop the operational processes and controls, and assess their effectiveness in mitigating Information Security and Data Protection risks faced by Current Health
• Monitor and enforce the information security policy and technologies for all Current Health business processes, systems and infrastructure.
• Lead the business with the creation and maintenance of data protection registers to monitor and track data sharing arrangements, data retention policies, breach notification, ICO registrations and effective asset management and disposal.
• Ensure Lifetime policies with regards to Data Protection and GDPR are compliant with regulatory and legal obligations. Conduct regular and ongoing monitoring of and reporting on Lifetime’s compliance with external information security standards and policies, for example Cyber Essentials, ISO 27001.
• Act as the project manager/lead on IT security for projects providing subject matter expertise and technical knowledge in the areas of information security and data protection to the Current Health
• Promote user education awareness of applicable regulatory standards, upstream risks and industry best practices across
• Communicate and engage with multiple stakeholders at all levels on data protection and information security compliance
• Proactively monitor changes to data protection legislation, communicating and managing changes as they apply to the business
• Co-ordinate and where required deliver training and awareness programmes
• Completion of Customer and Regulatory documentation

About you

  • Past experience of working in a startup culture is preferred.
  • Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field/related experience
  • Technical knowledge of information security compliance (ISO27001, PCI DSS, ISMS, Cyber Essentials, HIPAA, HI Trust, GDPR), data processing and IT security arrangements
  • Strong understanding of UK DP law and upcoming EU GDPR regulation changes
  • Experience of business transformation and change
  • Knowledge of Privacy and Data Protection legislation and a good working knowledge of the General Data Protection Regulations (GDPR)
  • Practical application of information security and/or data protection compliance within SME organisations
  • Previous experience managing Personal Identified and Personal Health Identified data
  • Strong technical skills relevant to Information Security such as data encryption, secure data transmission, secure data consumption and risk analysis
  • Analytical and detail-oriented
  • Strong understanding of security technologies and best practices
  • Demonstrable experience in ISMS ISO 27001 and experience of supporting the compliance to the ISO 27001 framework
Copy link