Security and Privacy Manager

Full Time Southampton Hampshire IT Job Pro UK

About Roke

Roke is a world-class technology and engineering consultancy. Roke delivers advanced research, development services and products to high profile customers who come to Roke with varied and challenging problems to solve.  

Due to continued growth and as part of internal restructuring, we are looking for a well-motivated, highly competent Security and Privacy Manager to join Roke’s Security Department. The Security Department sits within the Enabling Services Directorate and works in collaboration with the People Security and IT Security Departments to deliver a critical business-enabling function.

It is responsible for all aspects of Roke’s information and physical security risk management and is subsuming Roke’s Privacy function from another area of the business. 

This position reports to the Head of Security.

The Opportunity

Drafting of security and privacy processes and procedures
Support to working environment accreditation, including governance and assurance inspections
Operational lead for security/privacy incident management and investigations
Support the ongoing maintenance and continual improvement of Roke’s Information Security Management System (ISMS) and Privacy Information Management System (PIMS). This will include SLA performance reviews, KPI monitoring/measuring and acting as Secretary for Roke’s Information Security and Privacy Steering Group (ISPSG).
Act as a security and privacy advisor for all areas and levels of the business
Operational lead for Privacy Management, including the maintenance and regular review of Roke’s Record of Processing Activities (ROPA)
Initiate and complete, as well as approve and review, Data Protection Impact Assessments (DPIAs) as part of Roke’s PIMS
Management of Security and Privacy Education, Training and Awareness (SPETA), including delivery of Induction presentations and ongoing Security and Privacy awareness initiativesLine Manager for two Direct Reports
Always fully comply with Roke’s policies and procedures 
Undertake such other reasonable duties, commensurate with the job holder’s experience and qualifications, as may be required for the smooth operation of the business 

Person Specification

Education and Qualifications

Highly desirable:
CISM or CRISC.
CCP-SIRA (any level)/ex-CLAS.
ISO/IEC 27001:2013 LI or LA.
Relevant Privacy qualifications, such as CIPM, CIPP/E or ISO 27701:2019 LI or LA.
Relevant higher level academic qualification(s), such as Bachelor’s Degree (or equivalent), is desirable, but not essential.

Knowledge, Skills & Experience

Strong working knowledge of information and physical asset lifecycle management
Strong working knowledge of security and privacy risk assessment processes/methodologies (e.g. ISO 27005/31000, DPIA, IRAM2) and associated mitigation options
Strong working knowledge of UK and International Data Protection Legislation and Regulations, as well as best practice. Previous experience in a position as Data Protection Officer (DPO) and/or Data Protection/Privacy Manager (DPM) would be a distinct advantage for this role
Knowledge of International and National Standards and frameworks (e.g. ISO, NIST, ISF SOGP)
Experience of information and physical security management, including incident management and investigations
Experience of working within, or for, National Security and/or Defence sectors
Competent with Microsoft 365
Good written English and verbal communication skills
Able to work independently

Why You Should Join Us

We have a competitive salary and access to a number of additional flexible benefits, which will cover Health and Wellbeing, Savings and Protection & Life, Leisure and Entertainment.
 
Roke has a great community of groups with shared interests. These enable people to share ideas and be passionate about tools, technologies & techniques, which interest them.

We are committed to a policy of Equal Opportunity, Diversity and Inclusion. Our working environment is friendly, creative and inclusive. We will consider flexible working arrangements and support a diverse work-force and those with additional needs.

Security 

Due to the nature of this position, we require you to be eligible to achieve DV clearance. As a result, you should be a British Citizen and have resided in the UK for the last 10 years

To apply for this job please visit itjobpro.co.uk.