United Kingdom onlyInformation Security Compliance Specialist
Based: Fully remote (UK only), or office based in High Wycombe or London N7
Term: Permanent, Full time
Salary: £45000 - £85000 pa depending on experience + excellent benefits
The Role:
We are looking for an Information Security Compliance Specialist to support and maintain our existing information security and data protection systems.
The role is not technical, you will not be required to configure any infrastructure, platform or software systems, our operational infrastructure, platform, and development teams are responsible for configuring and maintaining systems. You will advise what is required and then verify systems are operating as expected once implemented.
Reporting to the Chief Information Officer (CIO), the position requires providing support and advice to all parts of the business on Information Security and data protection.
Duties:
- Data Protection compliance primarily UK, EU, and USA privacy laws, to own and maintain all requirements including:
o Data Subject Access Requests, (DSARs)
o Data Protection Impact Assessments (DPIAs)
o Data Mapping
o Maintaining Privacy Notice and Cookie Tool
o Supporting the business in crafting data protection related text
o Assist developers to ensure Privacy by Design
- Information Security Systems:
o Maintaining the Information Security and Data Protection Framework documentation
o Advise IT, software development and other business areas on security requirements
o Maintaining Certification requirements
o Monitoring Cyber related threats and act to address the risk
o Conduct and maintain supplier audit assessments
o Own the Incident management system
o Updating and maintain procedures / procedure training and compliance
o Conduct Phishing simulations and other cyber related training exercises
o Conduct risk assessments on products, systems, and processes
o Own and be responsible for various information Security Tools
o Maintain the company risk register relating to Information Security and Data Protection
o Maintain the Business Continuity Plan
o Conduct Disaster and incident simulation exercises
o Review and action any identified issues from vulnerability scans or Penetration tests
o Work with external Red / Purple / Blue Team penetration testers
o Address reported Phishing attacks and similar external attempts to compromise company activities
- Compliance:
o Generate monthly compliance and activity reports and other reports as required by senior management
o Internal Audit:
- Reviewing Financial System compliance activities
- Performing Internal Information Security Audits
- Performing Internal Data Protection Audits
o External audit:
- Be the key contact for any IT / Data protection related audits by external bodies ensure requested data is supplied, complete and accurate
- Take ownership of any related audit issues
- Generate audit support documents
Skills and experience required:
- The successful candidate will have a good understanding of IT systems, web site operations, cloud systems, coding awareness (including OWASP security issues), Information Security (CIA) and Data Protection, preferably with several years’ experience. Our Information Security and Data Protection (ISDP) framework is based on ISO27001 (ISMS), ISO27701 (PIMS), Cyber Essentials and NIST CSF, awareness of these standards is not essential but beneficial.
- We understand that not all candidates will have in depth experience of all these elements, so we welcome applications from candidates who meet most of the criteria and have a desire to learn the rest. Please provide details in your covering letter; additional training requirements / certifications in progress etc.
- You will be expected to keep up to date with innovative technologies such as Artificial Intelligence as well as keeping up with regulatory and legal changes that impact the way we our serve stakeholders. You will also be required to be aware of new Cyber Threats and translate them into a risk profile for our business.
- You must be comfortable engaging with people at all levels within the organisation and externally, in-person, via phone, Teams meetings, physical meetings and be able to generate quality reports and presentations. When required you must also be prepared to be support the organisation in addressing any security incidents whenever they occur. You must be a fluent English speaker.
About Us
Focusrite plc is a global music and audio group that develops and markets music technology products. Used by audio professionals and amateur musicians alike, our solutions facilitate the high-quality production of recorded and live sound. Our audio technology brands stand together, seeking to enrich lives through music by removing barriers to creativity – ‘we make music easy to make’.
The Focusrite Group trades under thirteen established and rapidly growing brands: Focusrite, Focusrite Pro, Novation, ADAM Audio, Sequential, Oberheim, Martin Audio, Optimal Audio, Ampify Music, Linea Research, Sonnox, OutBoard and TiMax. With a high-quality reputation and a rich heritage spanning decades, its brands are category leaders in the music-making industry.
Music technology is an enriching space to work in and we enjoy a Group-wide open-door culture which encourages innovation. This culture, combined with a passion for the inspirational solutions we create, has led to the group winning numerous accolades, including six Queen's Awards, the AIM Company of the Year Award 2021 and regular appearances in 'The Sunday Times 100 Best Small Companies to Work For’.
The Focusrite Group is dedicated to building a great place to work and as an equal opportunity employer we are committed to Diversity and Inclusion. The group mission is to cultivate an equitable culture, internally and externally, where all people feel they are welcome, safe and positively represented, because at Focusrite they truly are. Equally, we recognise the major impact that climate change is having on our world and work every day towards being industry leaders in a carbon neutral future.
Benefits include flexible/hybrid working, company pension, life insurance, private healthcare, employee purchase scheme, group bonus scheme, workplace nursery benefit, company music events, offsite company parties and free lunch in the canteen. We arrange company training sessions and encourage personal development.
UA and GB only
