Skip to content
GMTCETEDTCDTPDT

Information Security & Data Protection Manager 

SH1020

Up to £65k based on experience

London (hybrid)

Permanent

Apply now Apply via LinkedIn

The Opportunity 

Finatal is currently working with a Private Equity backed specialist Healthcare business on the search for an Information Security & Data Protection Manager  

Role: 

Information Security: 

  • Deploying and maintaining security infrastructure across the division 
  • Implementing and overseeing security systems, such as firewalls, data protection controls and encryption 
  • Troubleshooting and resolving IT security incidents within SLA to reduce the impact. 
  • Conducting and overseeing yearly vulnerability tests, ransomware, penetration testing, identifying, and addressing any weaknesses and security gaps 
  • Monitoring information systems and responding to any cyber-security incidents working with our partners and suppliers 
  • Identifying and managing data privacy risks and compliance requirements 
  • Documenting best practice cyber security policies, standards, processes, and procedures  
  • Maintaining up-to-date knowledge of cyber-security technologies and standards 
  • Training and educating employees to understand and follow information security best practice  
  • Ensuring alignment with best practice cyber security frameworks such as ISO 27001, NIST, PCI DSS and Cyber Essentials 
  • Overseeing and effectively managing role-based access controls, security groups, and AD permissions  

Data Protection: 

  • Lead on investigating data breaches, ensuring any lessons learned are captured and acted upon.  
  • Advise on and monitor business Data Protection Impact Assessments (DPIAs) 
  • Provide expert advice on data protection matters to business unit including assessing information risk (technically and organisationally) and developing and implementing effective methods to ensure compliance with legislation  
  • Completing data protection audits across sites working closely with business users, stakeholders, and data protection champions  
  • Processing Data Subject Access Requests and ensuring full compliance with the Data Protection Act 2018  
  • Managing and overseeing any data breaches, including implementing mitigation steps 
  • Working closely with the business to advise on products, services, and suppliers that meet our data protection standards and policies  
  • Carrying out data protection training and educating users on the importance of data protection compliance and the impact of any breaches 

Requirements: 

  • Experience as an information security and data protection manager, preferably within the healthcare sector 
  • Experience in security concepts related to routing, DNS, VPN, authentication, DDOS mitigation technologies/tools and proxy services 
  • Experiencing managing firewalls and other security tools and technologies 
  • Experience in deploying and overseeing intrusion prevention and detection protocols  
  • Experience in overseeing and driving data protection standards and policies across dispersed locations across the UK 
  • Experience in implementing and overseeing ISO27001 standards and GDPR requirements. 
  • Bachelors Degree in IT, Computer Science or Information Security or related field.