b

Data Privacy & Information Security Specialist

boohoo group
Full-time
On-site
Manchester, England, United Kingdom
Description

From our humble beginnings in 2006 with just three team members, we've blossomed into a powerhouse evolving into a multi-brand, Ecommerce giant with offices worldwide and a passionate team of over 4,000, our momentum knows no bounds. In the past year alone, we've achieved remarkable milestones: automating our Sheffield DC, launching our US warehouse, and initiating our tech re-platforming. With a new CFO driving financial excellence and a customer-first approach, we're investing heavily for exponential growth. Ready to be part of our extraordinary evolution? We're seeking a dynamic individual to join us in shaping the future of fashion as we get ready to launch a new and exciting product offering.

Your Role

We are looking out for a data privacy and information security specialist to come in and develop, maintain, and effectively implement the company's approach to Data Protection and Information Security governance in accordance with Data Privacy/Information Security regulations and relevant codes of practice.

Your Key Responsibilities:

  • Governance Leadership: Define, implement, and monitor compliant Data Privacy and Information Security governance strategies both locally and globally.
  • Policy Management: Maintain and enforce Data Protection and Information Security policies, ensuring they meet current legislation and are reviewed annually.
  • PID Oversight: Manage all Personally Identifiable Data (PID) within company systems, ensuring secure handling across telephone, HR, and customer platforms.
  • Expert Guidance: Provide practical advice to business stakeholders, backed by solid technical knowledge of Data Processing and Information Security frameworks.
  • Compliance Training: Develop and implement comprehensive training programs on Data Privacy and Information Security compliance for all employees.
  • Regulatory Reporting: Regularly report to the Board on compliance with the Data Protection Act and related provisions, while addressing regulator inquiries effectively.
  • Threat Management: Provide expert guidance on emerging threats and lead the necessary changes to control measures, ensuring ongoing Data Protection and Information Security.
  • Risk Mitigation: Ensure Information Security risks are properly managed in alignment with company policies and ISO27001 standards, conducting risk assessments at appropriate levels.
  • Global Standards: Introduce and maintain minimum standards for information security, ensuring compliance across all territories through a self-certification process.
  • Monitoring Systems: Establish and maintain a robust Information Security Management System (ISMS), with a strong monitoring and reporting regime.
  • Advisory Role: Act as a Subject Matter Expert, supporting countries in aligning with policies, risk assessments, and third-party assessment methodologies.

What Value You Can Bring:

  • Deep expertise in Data Protection and Information Security, with a solid understanding of current issues and trends.
  • Strong knowledge of ISO27001/27002 and related standards.
  • Familiarity with evolving legislative requirements in Data Protection and Information Security.
  • Excellent communication skills, both written and verbal.
  • Proven ability to prioritize workloads and manage competing demands.
  • Business acumen with an understanding of how security practices support broader business goals.
  • Technical proficiency in networking technologies, web servicing, cloud security, and the security risks they pose.
  • Experience in the financial services industry is highly desirable.