Data Protection Officer (DPO) and Cyber Security Manager (Ref: 0158)

Full Job Description

About Voneus

We’re proud to be one of the largest rural broadband providers in the country, serving customers up and down the UK. Our goal is straightforward – to give rural, hard-to-reach communities the same benefits of lightning-fast broadband as you get in the city. That includes homes, businesses, and complex outdoor sites.

About the Role

As a combined role of Data Protection Officer (DPO) and Cyber Security Manager, you will be responsible for ensuring the privacy, security, and integrity of data. This role entails overseeing all aspects of data protection and cyber security measures to safeguard our customers' personal information, company data, and network infrastructure from potential threats and breaches. You will play a critical role in establishing and maintaining a robust data protection framework, implementing cybersecurity measures, and ensuring compliance with relevant laws and regulations.

The successful candidate will have experience in our industry and company size and will be responsible for maintaining and increasing our accreditations and overall security and compliance.

What you will be responsible for:

• Develop, implement, and maintain data protection policies and procedures;
• Ensure compliance with GDPR, PECR, and other relevant data protection regulations;
• Act as the main point of contact for data protection queries and concerns from both internal and external stakeholders;
• Provide advice and guidance to staff on data protection issues;
• Monitor compliance with data protection policies and procedures;
• Investigate and respond to data protection incidents;
• Manage the company's data inventory, data flow mapping, and records of processing activities;
  
• Liaise with supervisory authorities and data subjects regarding data protection issues;
• Monitor and manage data subject rights requests;
• Ensure the company's cyber security policies and procedures are up-to-date, relevant, and effective;
• Develop, implement, and maintain cyber security risk management plans;
• Investigate and respond to cyber security incidents;
• Maintain and monitor the security policy, practices and implementations of the company's IT estate, network infrastructure, and other digital assets;
• Ensure compliance with relevant cyber security regulations and standards;
• Identify and assess cyber security risks and vulnerabilities, and take appropriate action to mitigate them;
• Manage relationships with suppliers and third-party service providers to ensure appropriate security measures are in place;
• Maintain and increase the company's cyber security accreditations and certifications;
• Work with the IT team to design, implement, and maintain effective cyber security measures to protect Voneus' IT estate and infrastructure, ensuring that regular security audits and penetration testing occurs to identify vulnerabilities in Voneus' systems, and ensure recommend remediation measures are implemented and documented; and,
• Develop and deliver cyber security training to Voneus employees to raise awareness of cyber threats and promote a security-conscious culture
  

What we are looking for:

• At least 5 years’ experience in data protection and cyber security roles, with experience in the telecoms or IT sector;
• Experience in managing IT and network infrastructure;
• Experience in managing relationships with suppliers and third-party service providers;
• Experience in maintaining and increasing cyber security accreditations and certifications;
• Excellent knowledge of data protection regulations, particularly GDPR and PECR;
• Strong understanding of cyber security threats, risks, and vulnerabilities;
• Experience in developing, implementing, and maintaining data protection and cyber security policies and procedures in a similar sized company with similar business operations;
• Experience in managing and maintaining information security management systems and achieving certifications such as ISO 27001, PCI-DSS and Cyber Essentials Plus;
• Experience in investigating and responding to data protection and cyber security incidents;
• Experience with dealing with statutory and regulatory bodies; and,
• Familiarity with cyber security regulations and standards, particularly ISO 27001, NIST, and the Cyber Essentials scheme

Qualifications:

• A degree in computer science, information security, or a related field or equivalent experience;
• A professional qualification in data protection, such as the CIPP/E, CIPM, or CIPT or experience/cross experience between the two areas that demonstrates equivalence; and,
• A professional qualification in cyber security, such as the CISSP, CISM, or CRISC or experience/cross experience between the two areas that demonstrates equivalence

 What we offer in return:

• 25 days annual leave, plus bank holidays and your birthday off
• Life assurance
• Income protection
• 8% matching on our pension scheme
• Bike to work and electric vehicle schemes
• Health cash plan
• Wellbeing and social initiatives
• Opportunity to sign up to the training events via our Access and Bookboon development portal

• Employee referral scheme
• Employee awards

Equal Opportunities

We are committed to equality and diversity and encourage applications from all backgrounds and communities.

To find out more about your next employer, visit

We do not require the services of any recruitment agencies at this time.