Business Assurance - Data Protection/Compliance Officer - Cardiff

Are you passionate about Business Improvement?

Are you an individual who prides themselves on quality and compliance?

Do you want to work for a business that rewards their staff ?

Basic salary: £30,000 per annum

Hours: Monday to Friday 8.30am - 5.30pm

Location: Cardiff

Responsible for ensuring that the organisation and its subcontractors have robust systems of internal control that adequately identify, measure, manage and improve compliance and performance across all business functions.

Specific Duties:

• Advise in business process/procedure quality by documenting and improving the processes to ensure a repeatable, efficient and effective workflow, with embedded controls.

• Establish a common understanding of how the business processes/procedures flow

• Define the ownership and the responsibility of the business processes/procedures and the activities within.

• Conduct business process/procedure assessment interviews and workshops

• Translate inputs from business process/procedure interviews and workshops to written descriptions of the processes, and build business cases for change

• Writing and maintaining policies, procedures and standards within the organisation

• Accountable for leading on the planning, conducting and reporting of internal and subcontractor audits / assessments

• Assist business process sponsors and process owners in completing their action plans from internal and external audits

• Write new policies and procedures based on requirements from management, risk analysis, audits etc.

• Assist business process sponsors and process owners to assess and to improve the effectiveness, efficiency and quality of process productivity and internal controls

• Lead on the development and implementation of new processes and procedures.

• Support the self-assessments and Management Reviews through collecting process performance data and assessing the process maturity

• Assisting in the development of, and maintaining, a disaster recovery / business continuity plan for the organisation.

• Responsible for the management of information security incidents, implementing corrective actions and improvements

• Responsible for interpreting relevant regulations and communicate effectively to all levels of the organisation

• Responsible for training and managing the re-training of employees in line with changes and continuous development requirements

• Accountable for promoting a compliance and risk awareness culture with the organisation

• Inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.

• Monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal and subcontractor audits.

• Be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).

• To carry out such other appropriate duties commensurate with your skills, knowledge and experience

• Accountable for maintaining personal development in relevant regulations and their impacts

General:

• To ensure security of company assets

• To comply with all company policies and procedures

• To comply with the companies safeguarding policy & procedure

• To comply with Equal Opportunities Legislation and be proactive in challenging prejudice, discrimination and stereotyping.

• To implement in full the Company’s quality policies and procedures.

• To consult the Company Health and Safety Policy with regards to their specific responsibilities as described in the general arrangements section

• To give consideration to their actions at work as to how they may affect   the safety of Learners, clients and visitors to Company premises

• Support organisations core values

• Co-operate with all staff to achieve a healthy and safe workplace and reporting any risks identified, at the company’s or others premises, to the designated Health and Safety Officer.

• Other duties that may be identified from time to time by the Company.

• Attend relevant training / personal development programmes

Essential:

• Experience of conducting audits and risk assessments

• Experience of developing security information management systems

• Experience of implementing systems

• Administration Experience

• Project Management

• Change Management

• Full Driving Licence

• Working knowledge of ISO27001:2013 and ISO9001

• Analytical skills, logical and systematic thinking, and communication skills

• Organisational skills

• A high degree of IT literacy

• Ability to manage a varied workload with the ability to manage multiple priorities

• Excellent decision making skills

• Strong analytical, research and problem solving skills with a keen attention to detail

• Process driven

• An understanding of data protection regulations

• An understanding of the practical application of the various process relating to risk management

• Good IT knowledge

• Sound working knowledge and experience of ISO 270001 standards 

• Self-motivated

• Versatile.

• Resilience

• Flexible to change

• Good team worker with an ability to work independently

• Able to prioritise tasks and meet deadlines

• Analytical

• Open-minded, result-oriented, positive “can-do” attitude, with good interpersonal and communication skills

Apply today for immediate consideration.