Information Security & Data Governance Manager

  • Management
  • London

About us Reed in Partnership’s mission is to positively transform people and their communities. We support individuals, their families and the places they live to prosper – often under challenging circumstances. With our help, people start working, improve their health, develop their skills and fulfil their potential. Hundreds of thousands of people across the UK have benefited from accessing a Reed in Partnership service and using it to change their lives for the better.

The role The role is responsible for overseeing Reed in Partnerships (RinP) information security requirements in conjunction with the wider group IT department, and data management governance standards. The role forms part of the wider risk management team. The role would suit a technical project management type of approach so that tasks can be led and organised appropriately while working with other departments and functions. The role holder will be taking responsibility for RinPs information security requirements, owning this element, and ensuring all standards are met.

The role holder will work closely with group IT to enable this but will be the subject matter expert for RinP. They will ensure work is completed, that deadlines are met and that where needed other departments and functions are engaged with to enable this to happen. Gravitas in terms of working with senior personnel would be useful, building effective relationships with clear lines of responsibility being established and an organised task led approach embedded. The role requires working closely with Reed’s IT Department for information security requirements, establishing objectives and responsibilities that ensure tasks are defined, allocated and delivered on time and to standard.

Working with RinPs commissioners and being solely responsible for all interactions with them and for completing any information security returns, along with leading and organising this area of responsibility is also a key component element. Being responsible for reviewing due diligence for RinPs supply chain and ensuring they meet the required standards across various contracts is also a key task. Other duties will include ensuring compliance to General Data Protection Regulations (GDPR) and all legislative requirements (in conjunction with the DPO and the Associate Director of Risk Management), ensuring the business has effective information security and data security policies and procedures in place and leading on the BAU activity this involves (for example DSAR requests). This will involve managing and organising the business needs and requirements for each of these across all contracts and business areas.

In line with this, a core responsibility will be to ensure all associated polices and processes are in place and maintained. This will involve a matrix approach, working at times with other departments (such as IT and HR) where this is a crossover of responsibilities and at other times taking sole responsibility for writing or maintaining policies and leading activity in these areas. Ownership, leadership and organisation are key attributes needed in order to be successful in this area. This is not intended to be an exhaustive list and as such you will be expected to carry out any other duties that may be specified by your Line Manager from time to time.

This job description is non-contractual. Key accountabilities Key relationships – Operations / Business Development – Marketing – Compliance & Audit – IT – Legal – Learning & Development Maintain and have oversight of RinP information security, policies, and processes Such as DSAR, Data Breach, Retention & Archiving procedures Review and work with group IT to ensure RinPs Security Plan and information security policies are accurate, maintained and meet the required standards, taking ownership if appropriate to update these as advised Work with the Compliance Team to achieve elements of this where appropriate Manage commissioner communications and returns relating to information security and data governance For new contract and new business bids and tenders For ongoing returns as and when required (such as annual returns, contract close returns, any internal business changes and ad hoc) Specific contractual required returns (such as the NHS IT Toolkit return) Liaising with other departments where required to achieve this (such as Group IT and Head of Systems) Production of Bid and implementation requirements relating to Information Security and Data Governance Completing supporting information for information security and / or data security bid requirements Completing Data Protection Impact Assessments Updating records of processing Completing privacy notices Designing new or updating existing policies so that all GDPR and data governance requirements are captured Liaising with key stakeholder (such as group IT and Legal) when required to achieve all the above Manage data governance requirement of the business ongoing Managing the Data Subject Access Request (DSAR) process Leading the data breach process Point of Contact for queries and questions within subject matter area Skills & experience Essential Attainments: Project management experience, working with multiple departments to deliver tasks and documentation Knowledge of IT systems, processes, and information security practices Exposure to and understanding of Privacy, Data Protection, GDPR and Information Security requirements and standards Experience of and working knowledge of GDPR Experience of working with other stakeholders and other subject matter experts in a collaborative way Experience of working within a monitoring, continuous improvement, internal audit, contract management, compliance or comparable function. Experience of providing a high-quality advisory and guidance service to internal customersHighly…

Tagged as: Example

Source:

Before applying for this position you need to submit your online resume. Click the button below to continue.