Information Security and Data Protection Manager

Company Details

Serco is among the leading Space Industry and Services Companies

Role Responsibility

Key Purpose for this role:

  • The Business Unit Lead for information security management and data protection will hold responsibility for ensuring that all contracts are compliant for that business unit to the required level with contractual accreditations as well as meeting required standards for legislative compliance.
  • The role will report to the Safety Risk and Compliance Director of Europe, liaise with Contract
  • Management, with a dotted line to the business unit IT Director where the role will support and advise on IT related programmes, information security requirements and data protection compliance.
  • In this role supporting bids and engaging with both customer and accreditors regarding our strategic direction is key, the role will ensure that the correct level of information security and data protection processes and policies are in place proactively, and will maintain a calendar of audit and certification compliance ensuring renewals are proactively managed
  • Responsible for data protection framework activities within the business unit (including the facilitation and comprehensive documentation of data protection impact assessments, data protection by design and ensuring all relevant legal, regulatory and contractual compliances are met, including (but not limited to) Data Protection Act 2018 (and GDPR), Network and Information Systems
  • Regulations 2018, ISO27001, ISO27701, Payment Card Industry Data Security Standards, Cyber
  • Essentials Scheme; and aligned to HMG Security Policy Framework, Defence Cyber Protection
  • Partnership, or other relevant customer requirement.
  • Provide expert advice on data protection matters to the business unit includes assessing information risk (technically and organisationally) and developing and implementing effective strategies to ensure compliance with relevant legislation.
  • Lead on the development and implementation of the data protection strategy and objectives for the business unit.
  • Develop and further improve the data protection culture for the business unit to ensure there is a consistent approach to ensuring compliance with data protection guidelines and legislation.
  • Develop and further improve policies and practices to ensure that information systems and processes remain secure – this includes maintaining an information asset register across the business unit, identifying risks and risk mitigation.
  • Lead on the delivery of the data security and protection toolkit, working closely with the Data Protection Officer
  • The role will continue to raise the profile of information security management and data protection and embed this as a strong culture of awareness and unambiguous accountability across current and future contracts for each business unit.
  • Implement and operate information security management and data protection processes (risk, assurance/compliance, and Incident Management) covering all business units (or service lines) within the business unit.
  • Act as a key contributor to the Divisional cyber security strategies, plans and risk assurance assessments – specifically owning relevant Key Risk Indicators (KRIs) at a business unit level

Are you looking to secure a career in a public sector environment? We would love to hear from you! 

As Business Unit Lead -Information Security and Data Protection you will be responsible for:

  • Ensuring all information security and data protection risks are recorded, reviewed, and managed to an acceptable level. Responsibility for acceptance of risk remains with risk owner.
  • Accountability on data protection framework and matters to the Data Protection Officer
  • Ensuring all relevant compliance requirements are reviewed and that compliance can be evidenced.
  • Ensuring management and resolution of information security and data protection incidents and any subsequent breach to include assessment of loss, or compromise, level of impact, recommend appropriate mitigation, conduct post incident review and lessons learned.
  • Providing support and guidance on information security management and data protection matters, particularly understanding technical and organisational implications of new services and technologies in support of data protection impact assessments and data protection by design and default.
  • In return, we offer a friendly, supportive and professional environment that respects your work/life balance and ultimately contributes to the delivery of public services in Italy and around the world.

Successful Candidate

Essential technical and professional skills, knowledge and qualifications

  • Experience of process and approach to facilitating information security and data protection risk assessments.
  • Experience in information security management and data protection related compliance requirements (e.g. DPA 2018, GDPR, PCI DSS, ISO27001, ISO27701)
  • Experience of analysing and assessing current and future threat landscapes, providing realistic jargon-free overview of technical and organisational risks and threats.
  • Experience in undertaking assurance activities (and determining correct and appropriate levels of evidence).
  • Defining and operating security incident response plans in accordance with Serco Incident Response System and Data Protection Framework.
  • IT skills are important, as is the ability to interpret technical solutions to ensure the risks are identified and appropriate controls and safeguards applied.
  • Knowledge of the operational sectors within the relevant business units (e.g. MoD, MoJ, Health) is vitally important.
  • Specific qualifications include CISM or CISSP with experience of information security management and thorough understanding of data protection/GDPR.

Tagged as: gdpr, iso27001, pci-dss, dpa 2018, iso27701

Visit us on LinkedInVisit us on FacebookVisit us on Twitter