Posted Mar 20 2019
Thankyou for your interest in Current. We'll be in touch with you shortly.
The Data Protection and Information Security Manager is a critical role for our growth. This role will be a subject matter expert in all aspects of data protection and information security. They will be the lead role in ensuring compliance with Data Protection, Security, HIPAA (Hi Trust) and GDPR regulations for Current Health and managing the continued implementation, monitoring and control of information and data governance.
The role requires a hands-on manager who has direct experience in understanding personal identifiable (PI) and personal health identifiable (PHI) data and working with business and technology teams on how to manage, secure and remove PI/PHI data as defined by the legal/regulatory requirements of Current Health.
Overall, this role is to manage, monitor and improve Information Security Management System, following ISO/IEC 27001, GDPR, HIPAA/HI Trust and other applicable regulations.
• Acting as the Data Protection Officer with Current Health
• Document Controller for all ISMS related documentation.
• Manage the design, delivery and development of the Data Protection and Information Security Policy to ensure it comprehensively meets current business needs and evolves to provide clear added value.
• Develop and continually evolve Current Health Security strategy and ensure that there is quantifiable progress in applying the strategy
• Own, review and contribute to information security policy and associated procedures and standards.
• Develop the operational processes and controls, and assess their effectiveness in mitigating Information Security and Data Protection risks faced by Current Health
• Monitor and enforce the information security policy and technologies for all Current Health business processes, systems and infrastructure.
• Lead the business with the creation and maintenance of data protection registers to monitor and track data sharing arrangements, data retention policies, breach notification, ICO registrations and effective asset management and disposal.
• Ensure Lifetime policies with regards to Data Protection and GDPR are compliant with regulatory and legal obligations. Conduct regular and ongoing monitoring of and reporting on Lifetime’s compliance with external information security standards and policies, for example Cyber Essentials, ISO 27001.
• Act as the project manager/lead on IT security for projects providing subject matter expertise and technical knowledge in the areas of information security and data protection to the Current Health
• Promote user education awareness of applicable regulatory standards, upstream risks and industry best practices across
• Communicate and engage with multiple stakeholders at all levels on data protection and information security compliance
• Proactively monitor changes to data protection legislation, communicating and managing changes as they apply to the business
• Co-ordinate and where required deliver training and awareness programmes
• Completion of Customer and Regulatory documentation