Information Governance Lead

Marcus Donald are currently looking to source an Information Governance Lead to join a large education organisation. This role is based in central London however, you have the availability to work from home at least 2-3 days per week. The role will lead a central function that has Group wide responsibility for information governance, policy, compliance and risk management.

The organisation recognises information security and data privacy as critical to how they deliver and protect their customers and how they manage risks for the organisation.

In this role, you will lead a small information security team. They will aim to establish and maintain the information security management system, governance activities across the Global organisation, with a focus on UK GDPR.

Within this team you will ensure that there is comprehensive understanding of compliance requirements in the business and an aligned set of effective policies and processes. Supported by colleagues, you will play a lead role in driving activities to fully operationalise these into BAU activities through ongoing improvement and compliance programmes.

The Information Governance Lead will be responsible for the BAU activities of information governance management and data privacy compliance to GDPR and global data protection laws. You will be responsible to ensure the team is effective in carrying out IG change assessments including DPIA, DPbDD and third-party contract reviews.

You will also ensure the team manages the response to data breach incidents and co-ordinates response to SARs in compliance with UK GDPR.

Technical Skills Required – Information Governance Lead:

• Excellent technical knowledge of data privacy legislation including the GDPR and strong experience of delivering operational compliance into a complex, established environment.
• A sufficient understanding and background in a technology related discipline to be effective in assessing IG compliance and an understanding of threats across a wide range of digital projects.
• At least 3 years’ experience in a similar role related to IG and technology.
• Working as a subject matter expert, develop and maintain a comprehensive understanding of IG compliance requirements in the business with a particular focus on GDPR.
• Develop and maintain an aligned set of effective policies and processes which are under continuous review and improvement along an achievable and risk aligned maturity path for these policies.
• Lead Group wide activities to identify and manage IG risk and non-compliant practice providing a comprehensive view of IG risk to the business.
• Engage, influence, and manage senior stakeholders and a company wide network of information asset owners to create and maintain an up-to-date information asset register and legally compliant ROPA.
• Lead internal audit activities that will independently assure ongoing compliance and maintenance of appropriate controls and registers that assure the integrity of the organisations data privacy standards.
• Lead the associate compliance team to deliver an effective service to the business in assessing compliance to regulatory, legal and contractual obligations.
• Lead the process of IG change assessment across the Group in accordance with the defined process and risk methodology, ensuring appropriate assessments including DPIA are rigorously carried out and that risk is identified and managed in accordance with company obligations and policy.
• Own and assure key compliance policies by managing assigned staff and associated processes to ensure the organisation complies with regulatory requirements:
• -  Data Breach Process
• -  Subject Access Request Process
• -  Data Retention Policy
• -  Overarching Privacy Policy
• -  Privacy Notices

GDPR Related:

• Lead the team to deliver a responsive and effective, cross organisation data privacy response service that assures compliance with relevant legislation including GDPR:
• Manage staff to establish and monitor relevant GDPR alert systems across the business and engage the business on their effective use.
• Manage response effectively to notifications in line with policy and regulation.
• Liaise with legal team and escalate as required.
• Complete requests effectively, adopt a continuous improvement footing and report on performance.

Extra bouses if you have it (but not necessarily required):

• Certified Practitioner in Data Privacy.
• Experience working in certified environments (eg. ISO 27001, Cyber Essentials Plus, PCI DSS)
• Experience of driving towards a culture where data governance is embedded into every data process.

Location – Central London, United
Salary - £50,000 - £60,000 per annum
Benefits - Flattering benefit package available

If this position appeals to you, please do not hesitate to contact Ellie Gresley with any questions or for more details about the organisation and job. (egresley@marcusdonald.com)