Data Privacy & Information Security Specialist

From our humble beginnings in 2006 with just three team members, we've blossomed into a powerhouse evolving into a multi-brand, Ecommerce giant with offices worldwide and a passionate team of over 4,000, our momentum knows no bounds. In the past year alone, we've achieved remarkable milestones: automating our Sheffield DC, launching our US warehouse, and initiating our tech re-platforming. With a new CFO driving financial excellence and a customer-first approach, we're investing heavily for exponential growth. Ready to be part of our extraordinary evolution? We're seeking a dynamic individual to join us in shaping the future of fashion as we get ready to launch a new and exciting product offering.

Your Role

We are looking out for a data privacy and information security specialist to come in and develop, maintain, and effectively implement the company's approach to Data Protection and Information Security governance in accordance with Data Privacy/Information Security regulations and relevant codes of practice.

Your Key Responsibilities:

• Governance Leadership: Define, implement, and monitor compliant Data Privacy and Information Security governance strategies both locally and globally.
• Policy Management: Maintain and enforce Data Protection and Information Security policies, ensuring they meet current legislation and are reviewed annually.
• PID Oversight: Manage all Personally Identifiable Data (PID) within company systems, ensuring secure handling across telephone, HR, and customer platforms.
• Expert Guidance: Provide practical advice to business stakeholders, backed by solid technical knowledge of Data Processing and Information Security frameworks.
• Compliance Training: Develop and implement comprehensive training programs on Data Privacy and Information Security compliance for all employees.
• Regulatory Reporting: Regularly report to the Board on compliance with the Data Protection Act and related provisions, while addressing regulator inquiries effectively.
• Threat Management: Provide expert guidance on emerging threats and lead the necessary changes to control measures, ensuring ongoing Data Protection and Information Security.
• Risk Mitigation: Ensure Information Security risks are properly managed in alignment with company policies and ISO27001 standards, conducting risk assessments at appropriate levels.
• Global Standards: Introduce and maintain minimum standards for information security, ensuring compliance across all territories through a self-certification process.
• Monitoring Systems: Establish and maintain a robust Information Security Management System (ISMS), with a strong monitoring and reporting regime.
• Advisory Role: Act as a Subject Matter Expert, supporting countries in aligning with policies, risk assessments, and third-party assessment methodologies.

What Value You Can Bring:

• Deep expertise in Data Protection and Information Security, with a solid understanding of current issues and trends.
• Strong knowledge of ISO27001/27002 and related standards.
• Familiarity with evolving legislative requirements in Data Protection and Information Security.
• Excellent communication skills, both written and verbal.
• Proven ability to prioritize workloads and manage competing demands.
• Business acumen with an understanding of how security practices support broader business goals.
• Technical proficiency in networking technologies, web servicing, cloud security, and the security risks they pose.
• Experience in the financial services industry is highly desirable.