Information Security Compliance Manager and Data Protection Officer (DPO)

Remote-first role with travel to UK (London & Sussex) and European offices if / when required.

ISO 27001 (ideally Lead Auditor level), NIS2 or experience with European data protection/compliance/cybersecurity laws/implementing policies related to these areas for a company's European operations as this organisation is expanding massively across Europe.

Ultimately, they need a real champion in this area who can be the go-to person within the organisation for all things data protection/compliance and implement policies, provide training sessions and keep up-to-date with changing laws and regulations to ensure the UK and European entities remain compliant in an ever-changing landscape.

NOT ESSENTIAL, but ask if they have experience with ISO 42001 which is a course related to AI as this will be useful for the future.

Role Summary: Our client is seeking an Information Security Compliance Manager and Data Protection Officer (DPO) to ensure compliance with applicable Information Security Standards (e.g. ISO27001 / Cyber Essentials Plus, NIS2) as well as the General Data Protection Regulation (GDPR) and other applicable data protection laws. This role reports into the Director of Governance, Risk & Compliance and will coordinate with the Compliance department. You will oversee data protection strategies, implement policies, and ensure the secure processing of data within the organisation. The role requires strong expertise in information security compliance, data privacy, legal compliance, and risk management.

Job Responsibilities

• Data Privacy Compliance & Advisory

• GDPR Compliance: Monitor and ensure compliance with GDPR, national data protection laws, and internal privacy policies; provide internal expert advice on data protection matters and privacy risks; act as the primary point of contact with supervisory authorities (e.g. ICO, CNIL, AEPD); conduct regular privacy impact assessments (DPIAs) for high-risk data processing activities; maintain Record of Processing Activities (ROPA).
• Policies & Training: Develop and implement privacy policies, guidelines, and best practices; develop and deliver training for employees on data protection obligations.
• DSAR: Oversee and respond to Data Subject Access Requests (DSARs), including rights to access, erasure, and rectification.
• Breach Management: Ensure breaches are identified, investigated, and reported according to applicable laws and standards.
• Audit: Conduct internal audits and ensure continuous improvement in data protection practices; support external audits and regulatory assessments.
• Assessments: Provide guidance on data privacy and information security in contracts, vendor agreements, and responsible for addressing third-party risk assessment requirements.

• Certifications: Manage certification compliance programs (ISO27001 / Cyber Essentials Plus); lead and coordinate annual certification efforts.
• Other Cybersecurity Laws and Regulations: Support compliance efforts regarding EU’s emerging data and cyber laws (e.g. NIS2, Data Act).
• Governance: Support ongoing information security compliance and governance activities.

• Work closely with Legal, IT, Compliance, HR, Internal Audit, and external partners to align data protection strategies.

Job Skills Requirements

• Essential

• Strong knowledge of GDPR, ePrivacy Directive, ISO27001 and national data protection laws.
• Experience in privacy law, compliance or data security.
• Familiarity with data governance, cybersecurity and IT security frameworks.
• Strong communication skills to engage with internal teams and external regulators.
• Ability to handle sensitive and confidential information with integrity.

• Legal, IT security or compliance background.
• Certification in CIPP/E, CIPM, CIPT, CISSP or equivalent privacy or cybersecurity qualification.
• ISO 27001 Lead Auditor certifications and experience.
• Experience conducting privacy impact assessments (DPIAs) and managing data breaches.

Key Competencies

• Strong attention to detail and analytical skills.
• Ability to work independently and make risk-based decisions.
• Strong organizational skills for managing compliance documentation.
• Proactive approach to identifying and mitigating data protection risks.

The above statements reflect the general details necessary to describe the principal functions of the occupation described and shall not be construed as a detailed description of all the work requirements that may be inherent in the occupation.