DescriptionFrom our humble beginnings in 2006 with just three team members, we've blossomed into a powerhouse evolving into a multi-brand, Ecommerce giant with offices worldwide and a passionate team of over 4,000, our momentum knows no bounds. In the past year alone, we've achieved remarkable milestones: automating our Sheffield DC, launching our US warehouse, and initiating our tech re-platforming. With a new CFO driving financial excellence and a customer-first approach, we're investing heavily for exponential growth. Ready to be part of our extraordinary evolution? We're seeking a dynamic individual to join us in shaping the future of fashion as we get ready to launch a new and exciting product offering.
Your Role
We are looking out for a data privacy and information security specialist to come in and develop, maintain, and effectively implement the company's approach to Data Protection and Information Security governance in accordance with Data Privacy/Information Security regulations and relevant codes of practice.
Your Key Responsibilities:
- Governance Leadership: Define, implement, and monitor compliant Data Privacy and Information Security governance strategies both locally and globally.
- Policy Management: Maintain and enforce Data Protection and Information Security policies, ensuring they meet current legislation and are reviewed annually.
- PID Oversight: Manage all Personally Identifiable Data (PID) within company systems, ensuring secure handling across telephone, HR, and customer platforms.
- Expert Guidance: Provide practical advice to business stakeholders, backed by solid technical knowledge of Data Processing and Information Security frameworks.
- Compliance Training: Develop and implement comprehensive training programs on Data Privacy and Information Security compliance for all employees.
- Regulatory Reporting: Regularly report to the Board on compliance with the Data Protection Act and related provisions, while addressing regulator inquiries effectively.
- Threat Management: Provide expert guidance on emerging threats and lead the necessary changes to control measures, ensuring ongoing Data Protection and Information Security.
- Risk Mitigation: Ensure Information Security risks are properly managed in alignment with company policies and ISO27001 standards, conducting risk assessments at appropriate levels.
- Global Standards: Introduce and maintain minimum standards for information security, ensuring compliance across all territories through a self-certification process.
- Monitoring Systems: Establish and maintain a robust Information Security Management System (ISMS), with a strong monitoring and reporting regime.
- Advisory Role: Act as a Subject Matter Expert, supporting countries in aligning with policies, risk assessments, and third-party assessment methodologies.
What Value You Can Bring:
- Deep expertise in Data Protection and Information Security, with a solid understanding of current issues and trends.
- Strong knowledge of ISO27001/27002 and related standards.
- Familiarity with evolving legislative requirements in Data Protection and Information Security.
- Excellent communication skills, both written and verbal.
- Proven ability to prioritize workloads and manage competing demands.
- Business acumen with an understanding of how security practices support broader business goals.
- Technical proficiency in networking technologies, web servicing, cloud security, and the security risks they pose.
- Experience in the financial services industry is highly desirable.