Director of Information Protection & Compliance

Job Description

As the ever-evolving landscape of Cyber Security and Data Protection delivers new challenges to Age UK, we strive to ensure we are providing the best service possible to keep our data and systems safe from the constant threats that emerge whilst enablingthe organisation to achieve its strategic vision by serving older people better.We are looking for a Strategic InfoSec Leader who thrives on empowering through influence to steer the charity through a maturity journey with the goal of creating a risk aware information security driven culture. The successful candidatewill be passionate about making Age UKs people educated and informed, its processes well governed and its technology secured to best practice standards.As Director of Information Protection & Compliance, you will have oversight of Age UKs Information Security & Data Privacy policies, their supporting strategy, assurance and compliance. Youll ensure that Information Security, Privacy -and related financial regulatory - risks, are routinely analysed, understood, and appropriately managed.As Age UKs principal point of focus for advice on information assurance and governance, youll also work closely with the Digital & Technology division and the Charitys senior governance groups, including the Executive and Audit & Risk Committee.This position will support the CFO and Senior Leadership Team with establishing an organisational approach that embraces recognised best practice to develop and strengthen our strategy and controls for the protection of personal data and information.Your strong communication and interpersonal skills are vital in this role as youll manage key external stakeholder relationships in the information and personal data regulatory spheres such as the ICO and other, relevant, special interest authorities suchas the National Cyber Security Centre and law enforcement.Age UK is a data driven organisation that relies heavily on its technology platforms to deliver the services needed to help people in older age. These services and platforms are susceptible to malicious intent and data loss as in the case of most businesses.You will support and guide the organisation on how to avoid such incidents through management of technology risk, enforcing a robust data privacy framework and regular training, awareness and education to all staff.Within this role we offer hybrid working. The team currently meet in the offices in the City of London occasionally, working the rest of the time from home.Age UK Charity Job Grade 2L.Must haves:

• 10 years plus experience in information security management at senior level.
• Hands on experience of enabling organisational activities through solution-focused problem solving.
• CISSP / CISM / CISA / CRISC or relevant information security certifications.
• In depth knowledge of information security frameworks (ISO27001 /NIST / COBIT).
• Demonstratable knowledge of technology and data risk.
• Subject matter expert level in UK / EEA privacy regulations (GDPR / UKGDPR / DPA2018).
• Communicate at all levels and report progress to both executive level and external risk and audit committees.
• Produce and present management reports clearly demonstrating areas of risk exposure.
• Programme management and change management sponsorship.
• Budget and forecasting responsibility £1m+.
• Management of third-party risk.
• Ability to coordinate both internal and external information security audits.
• Proven track record in strategic decision making.

Great to haves:

• Relevant experience in the charity sector
• Experience of data and security architecture (TOGAF)
• In depth knowledge of the Microsoft technology stack
• A good understanding of incident logging and vulnerability management
• Knowledge of cloud architecture and security

What we offer in return

• Competitive salary, 26 days annual leave + bank holidays + annual leave purchase scheme
• Excellent pension scheme, life assurance, health cashback plan and EAP
• Car Benefit Scheme, Cycle to Work Scheme and Season Ticket Loan
• Techscheme - buy any tech from Apple or Currys, up to £1000, and spread the cost over 12 months, interest free
• Blue Light Card Scheme
• You Did It Awards - recognition awards from £100-250.

Additional InformationA supporting statement or cover letter is essential upon application, please state why you believe you are a good fit for the role so that we can fully consider your application, thank you.For a full list of benefits please click here https://about-us/jobs/employee-benefits/Age UK is an Equal Opportunities employer and positively encourages applications from suitably qualified and eligible candidates, regardless of age, sex, race, disability, sexual orientation, gender reassignment, religion or belief, marital/civil partnershipstatus, or pregnancy and maternity. We guarantee an interview to disabled candidates who meet the minimum criteria under the Disability Confident Scheme. Please note that on occasion, due to high numbers of applications, Age UK reserves the right to limitthe overall number of interviews offered, and therefore, it may not always be practicable or appropriate to interview all disabled people that meet the minimum criteria for the job.Age UK is committed to safeguarding adults at risk, and children, from abuse and neglect. We expect everyone who works with us to share this commitment.Early application is encouraged as we will review applications throughout the advertising period and reserve the right to close the advert at any time.Age UK politely requests no contact from recruitment agencies or media sales. We do not accept speculative CVs from recruitment agencies nor accept the fees associated with them.

Keyskills :
Change ManagementDataGovernanceLeadershipNetwork SecurityRisk ManagementCISMCISSPSecurity OperationsInformation Security