Information Security and Data Protection Specialist

In this role, you will own the strategy, roadmap and day‑to‑day execution of our information security and privacy programme. Your mission: cut risk, meet regulatory demands, and keep our customers’ data safe.

Key Responsibilities

• Run daily security operations –Update and apply policies and standards that prevent loss, fraud and breaches.
• Build and update the security roadmap – set priorities, budget and timelines; track delivery.
• Assess and improve – perform ongoing process and system reviews; close gaps fast.
• Lead audits and risk assessments – scope, run, report and follow up. Manage the ISO 27001, Pentests, Vscans, and ISMS audits end to end.
• Introduce next‑gen security tech – evaluate, select and coordinate implementations.
• Advise and oversee – coach management and teams on security and privacy best practice.
• Governance and compliance – steer the organisation toward full alignment with ISO 27001, GDPR and other relevant laws.
• Maintain Records of Processing Activities (RoPA) – gather updates from every business unit and system owner.
• Incident response – act as privacy lead, ensure swift containment, notification and lessons learned.
• Own the GDPR programme – set annual objectives, maintain the policy framework, report progress to senior leadership.
• Primary privacy contact – handle enquiries from regulators, partners and data subjects.
• Training and awareness – design and deliver engaging sessions for onboarding, role‑specific deep dives and annual refreshers.

What You’ll Bring

• Proven experience managing information security and data protection in a regulated environment.
• Deep knowledge of ISO 27001, GDPR and related frameworks.
• Hands‑on skill with security tech
• Strong risk assessment and audit background.
• Clear communication – you translate security jargon into business language.
• Ability to influence at every level
• Relevant certifications (e.g., CISSP, CISM, CIPP/E) are a plus.

Success Looks Like

• Zero material security or privacy breaches.
• Clean audit findings and timely closure of actions.
• Measurable reduction in risk scores year on year.
• High staff engagement in security training.
• Regulators recognise our programme as best‑in‑class.