Our client is seeking an experienced professional to take ownership of the strategy, roadmap, and daily execution of their information security and privacy programme. The mission: reduce risk, meet regulatory requirements, and safeguard customer data.

Key Responsibilities

• Daily Security Operations – Maintain and enforce policies and standards that prevent data loss, fraud, and breaches.
• Security Roadmap – Define and update priorities, budgets, and timelines while tracking progress.
• Continuous Improvement – Conduct regular reviews of processes and systems; identify and close gaps swiftly.
• Audits and Risk Assessments – Lead end-to-end processes for ISO 27001, penetration tests, vulnerability scans, and ISMS audits.
• Security Technology Implementation – Evaluate, select, and coordinate the deployment of modern security technologies.
• Advisory Role – Provide guidance to management and teams on security and privacy best practices.
• Governance and Compliance – Drive organisational alignment with ISO 27001, GDPR, and other applicable regulations.
• Records of Processing Activities (RoPA) – Ensure timely updates from all business units and system owners.
• Incident Response – Act as the privacy lead, overseeing containment, notification, and post-incident reviews.
• GDPR Programme Ownership – Define annual objectives, manage the policy framework, and report to senior leadership.
• Privacy Contact Point – Respond to enquiries from regulators, partners, and data subjects.
• Training and Awareness – Develop and deliver engaging training for onboarding, role-specific needs, and annual refreshers.

Candidate Profile

• Demonstrated experience managing information security and data protection in regulated environments
• In-depth knowledge of ISO 27001, GDPR, and related standard
• Practical expertise in security technologies
• Strong background in risk assessment and audit practices
• Excellent communication skills, able to translate technical concepts into business language
• Capable of influencing stakeholders at all levels
• Relevant certifications such as CISSP, CISM, or CIPP/E are an advantage

Success Indicators

• No material security or privacy breaches
• Positive audit outcomes and timely resolution of findings
• Year-on-year reduction in risk scores
• High levels of staff engagement in security awareness
• Recognition from regulators for a best-in-class privacy and security programme