Description
DATA PROTECTION AND PRIVACY SPECIALIST - SC CLEARABLE
BRAND NEW OUTSIDE IR35 CONTRACT OPPORTUNITY FOR A DATA PROTECTION AND PRIVACY SPECIALIST
TO WORK FOR A LEADING DEFENCE COMPANY IN ROMSEY.
JOB DESCRIPTION
The focus for this role covers three activity streams:
- Assess data protection and privacy maturity at the business and project level;
- Define a maturity improvement roadmap (delivering Data Protection by Design) and communicate recommendations to senior stakeholders in the Company; and
- Implement and maintain structural changes in line with the defined maturity improvement roadmap. This is likely to include the development ofdata protection strategy, governance mechanisms, policies, processes, assurance (incl. audit, monitoring and review), change management, education, awareness and training.
Concurrently, the successful candidate will provide advisory and functional support across the business for issues relating to data protection.
This role will initially involve a full spectrum assessment of data protection and privacy maturity, focusing on both business level management systems and key customer related data protection challenges in project areas. Through management system analysis and internal key stakeholder engagement, the successful applicant will develop a working understanding of existing data protection and privacy management systems.
From the maturity assessment, the successful candidate will generate a phased maturity improvement roadmap with key deliverables and KPIs identified. This will be communicated with recommendations to senior internal stakeholders. Recommendations should include technical recommendations for system privacy controls and privacy enhancing technologies.
The successful candidate will then implement the maturity roadmap, providing updated policies, procedures, system processes and architecture (through technical functions), defining roles and responsibilities, and delivering the necessary training and awareness to deliver enduring assurance solutions. The management system should be developed such that the necessary statutory assurance and reporting structures function with ease and reporting structures for regulatory bodies is accurate and timely.
Functionally, the successful candidate will also facilitate and deliver Data Protection Impact Assessment and risk analysis, with risk mitigations and controls delivered through the relevant data processing stakeholders. They will support the business to close identified corrective actions and work with identified data processors across the business to develop and deliver data protection and privacy best practice.
Other tasks may involve the review of customer and supplier contracts, data protection agreements and third party privacy notices or data protection assurances, providing expert guidance and delivery of support across the business.
SKILLS REQUIRED
- Experience in a Data Protection and Privacy related role.
- Detailed knowledge of data protection, privacy and associated data protection laws and regulations including, but not limited to, UK Data Protection Act 2018, the EU General Data Protection Regulation, HMG Data Ethics Framework and associated legislation
- Practical audit experience, capable of effective and efficient assessment and analysis.
- Knowledge of European and global data exchange mechanisms and the associated control requirements.
- Knowledge of bulk data analysis and processing activity for law enforcement and security agencies is desirable.
- Technical system architecture understanding is desirable.
- Knowledge of information security principles, standards, frameworks, etc.
INSURANCE LEVELS REQUIRED
Each party shall maintain such insurances as it deems necessary to meet its obligations during the term of this agreement and includes as a minimum:
- Public liability insurance for a sum of not less than £2,000,000 (two million pounds sterling; and
- Professional indemnity insurance for a sum of not less than £1,000,000 (one millions pounds sterling; and
- Employers' liability at the statutory level pursuant to the Consultancy's right to provide Staff and rights under clause 24.1.
CYBER, DATA PROTECTION, HMG DATA, PRIVACY, SECURITY CLEARED, ISO27000,