Belfast, Birmingham, Cardiff, London - Croydon, Edinburgh, Glasgow, Leeds, Liverpool, Manchester,
Newcastle, Nottingham, London - Stratford, Portsmouth.
This role is situated as part of Security and Information Management (S&IM) team in CCFP providing services to information management, data protection, cyber and information security, incident management and business continuity. As a member of S&IM, you will be at the forefront of driving operational delivery and embedding change for CCG business group.
The role will create an opportunity to lead improvement and innovation, adopt strategic and data frameworks, network and collaborate in an ambitious department, with a diverse range of stakeholders and access to services – making your mark in data and security compliance in a large and progressive organisation.
As Business Continuity Lead you will be:
- Progressing improvements in information security and data compliance by supporting the design, build and delivery of a robust data compliance regime in our business operation, against legislative requirements, policies, frameworks, and best practices (e.g., ICO Accountability Framework, ISO27001, National Cyber Security Centre (NCSC) Cyber Assessment Framework, GS007).
- Leading changes in accordance with HMRC data, security, information governance and compliance strategies, and recognised best practices. Building effective stakeholder relationships unblocking barriers, delivering progress and maintaining a quality service that will log, monitor and manage risks, assumptions, issues and dependencies (RAID).
- Responsible for delivering quality reporting, Management Information (MI), analysis and statistics – identifying appropriate metrics to build informative dashboards and dynamic reporting which drive data led decision-making, utilising tools such as Excel, Power Bi, Tableau and enhancing data through effective user research experience (UX), designing and developing Key Performance Indicators (KPI’s) and coordinating and supporting commissions and senior briefings.
- Deployment of activities aligned to the departmental strategies on data, security and compliance and in accordance with legislations and regulatory expectation. Delivering risk, remediation and compliance activities, identifying gaps, progressing treatment plans to make sustainable improvements, and reducing risk to data, keeping organisation and customer data safe.
- Developing plans, products, artefacts, processes and deliverables which are systematic, repeatable, and consistent (e.g., data architecture; data modelling/mapping; policies, procedures, guidance, risking; impact assessments; treatment, mitigations; risk appetite / tolerance, etc).
- Promoting and championing the continuous development and improvement ethos, showing leadership through a flexible approach, improving staff capability.
- A self-starter engaging across the department and externally, leading from the front with their ability to apply hands on expertise. Driving the development, implementation and execution of plans on our operational initiatives, applying programmes and agile project skills – responsible for organising, tracking and monitoring our strategic purpose, priorities and operational business and service plans.
- Leading strategy, positive culture change, commissions, operational deliverables, and new technology/services in the business through engagement, designing and running effective campaigns. Showing a willingness to adapt and being flexible to new opportunities, commitments and demands of the business, providing deputy cover, as part of our evolving team and working – in a fast and changing environment.
You are required to demonstrate experience of the following within your application:
Holding 2 or more from any of the following academic/professional qualifications or equivalent (any combination):
- Academic: Graduate or a postgraduate qualification in information security, cyber, engineering, data science, statistics, programme management or a related subject.
- Professional: CISSP, CISM, CISA, ISO27001 ISMS Lead Auditor, GDPR/Data Protection Practitioner, SABSA, SANS GIAC, Agile practitioner, Prince 2 Practitioner or equivalent.
- Working knowledge and experience in any 1 of the following disciplines: data protection compliance; data architecture and data modelling; data security; information security; information assurance; cyber security; Governance, Risk and Compliance (GRC); Data Science.
- Demonstrable delivery experience in both waterfall and agile disciplines, with experience of delivering and embedding quality products, services, processes and business change – able to demonstrate iterative and continuous development approach.
- Demonstrable experience in leading the development of products to delivering business improvements in data protection compliance, information security or cyber. Some examples:
- Asset Registers; data modelling; data architecture; security risk assessments; impact assessment; Data Protection Impact Assessment (DPIA); Subject Access Requests (SARs); information assurance audits; Risk Treatment Plans (RTP) / Remediation Plans; ROPA; tooling.
- Programme and project planning and working at pace with hands on experience in developing project plans, business cases; benefits realisation plans; resource management; roadmaps; RAID and execution of plans/deliverables.
- An excellent communicator, with strong written ability, is meticulous with attention to detail, who builds effective stakeholder relationships and creates trust through hands on experience. Including the ability to present and brief at senior audience, through the creation of visual aids that are clear and concise.
- Experienced in writing clear and concise reports; briefings and producing management information (e.g., statistics, dashboards) with the ability to shape complex data from varied sources into effective reporting and regular updates. A working knowledge of generating MI/statistics and dashboards e.g., Excel, Tableau, Power BI or a willingness to learn.
- Experienced working with frameworks, policies, procedures, guidance and/or industry best practices in data protection, information security or cyber (examples: ICO Accountability Framework, NCSC Cyber Assessment Framework (CAF), ISO27001 Information Security Management Systems (ISMS), NIST or equivalent).
Permanent, Full Time
- Industry Sector Public Sector & Services