Data Privacy

From our humble beginnings in 2006 with just three team members, we've blossomed into a powerhouse evolving into a multi-brand, Ecommerce giant with offices worldwide and a passionate team of over 4,000, our momentum knows no bounds. In the past year alone, we've achieved remarkable milestones: automating our Sheffield DC, launching our US warehouse, and initiating our tech re-platforming. With a new CFO driving financial excellence and a customer-first approach, we're investing heavily for exponential growth. Ready to be part of our extraordinary evolution? We're seeking a dynamic individual to join us in shaping the future of fashion as we get ready to launch a new and exciting product offering.

**Your Role**

We are looking out for a data privacy and information security specialist to come in and develop, maintain, and effectively implement the company's approach to Data Protection and Information Security governance in accordance with Data Privacy/Information Security regulations and relevant codes of practice.

**Your Key Responsibilities**:

- **Governance Leadership**: Define, implement, and monitor compliant Data Privacy and Information Security governance strategies both locally and globally.
- **Policy Management**: Maintain and enforce Data Protection and Information Security policies, ensuring they meet current legislation and are reviewed annually.
- **PID Oversight**: Manage all Personally Identifiable Data (PID) within company systems, ensuring secure handling across telephone, HR, and customer platforms.
- **Expert Guidance**: Provide practical advice to business stakeholders, backed by solid technical knowledge of Data Processing and Information Security frameworks.
- **Compliance Training**: Develop and implement comprehensive training programs on Data Privacy and Information Security compliance for all employees.
- **Regulatory Reporting**: Regularly report to the Board on compliance with the Data Protection Act and related provisions, while addressing regulator inquiries effectively.
- **Threat Management**: Provide expert guidance on emerging threats and lead the necessary changes to control measures, ensuring ongoing Data Protection and Information Security.
- **Risk Mitigation**: Ensure Information Security risks are properly managed in alignment with company policies and ISO27001 standards, conducting risk assessments at appropriate levels.
- **Global Standards**: Introduce and maintain minimum standards for information security, ensuring compliance across all territories through a self-certification process.
- **Monitoring Systems**: Establish and maintain a robust Information Security Management System (ISMS), with a strong monitoring and reporting regime.
- **Advisory Role**: Act as a Subject Matter Expert, supporting countries in aligning with policies, risk assessments, and third-party assessment methodologies.

**What Value You Can Bring**:

- Deep expertise in Data Protection and Information Security, with a solid understanding of current issues and trends.
- Strong knowledge of **ISO27001/27002** and related standards.
- Familiarity with evolving legislative requirements in Data Protection and Information Security.
- Excellent communication skills, both written and verbal.
- Proven ability to prioritize workloads and manage competing demands.
- Business acumen with an understanding of how security practices support broader business goals.
- Technical proficiency in networking technologies, web servicing, cloud security, and the security risks they pose.
- Experience in the financial services industry is highly desirable.