Information Security and Data Protection Manager

Job Introduction

At Serco, we strive to promote and enable the diversity, development, wellbeing and safety of our people. We understand that healthier, happier employees go hand-in-hand with strong business performance, enhanced productivity and better outcomes for those we serve. We want everybody who works for Serco to have a positive experience and access to opportunities to develop in their chosen careers.

Serco Italia S.p.A. is one of the top 50 World Space Manufacturing and Service companies with a long history of providing Earth Observation operations, maintenance and front-end services to the European Space Agency. The company also offers vast experience to a huge number of IT and space markets including: central governments, defence organisations, the aerospace industry and commercial companies.

Does working in a Serco environment sound appealing to you?

We would love to hear from you and your interest in the new opportunity of Information Security and Data Protection Manager in Frascati !

You will ensure all information security management and data protection risks are documented, ownership assigned and managed accordingly across the business unit by relevant information asset owners and network of data protection champions and to ensure that all relevant compliances are met.

Does this vacancy not suit your profile? Not to worry, you can send your updated CV to careers.italy@serco.com – a member of our Recruitment Team will come back to you shortly after.

Role Responsibility

Key Purpose for this role:

• The Business Unit Lead for information security management and data protection will hold responsibility for ensuring that all contracts are compliant for that business unit to the required level with contractual accreditations as well as meeting required standards for legislative compliance.
• The role will report to the Safety Risk and Compliance Director of Europe, liaise with Contract Management, with a dotted line to the business unit IT Director where the role will support and advise on IT related programmes, information security requirements and data protection compliance.
• In this role supporting bids and engaging with both customer and accreditors regarding our strategic direction is key, the role will ensure that the correct level of information security and data protection processes and policies are in place proactively, and will maintain a calendar of audit and certification compliance ensuring renewals are proactively managed
• Responsible for data protection framework activities within the business unit (including the facilitation and comprehensive documentation of data protection impact assessments, data protection by design and ensuring all relevant legal, regulatory and contractual compliances are met, including (but not limited to) Data Protection Act 2018 (and GDPR), Network and Information Systems Regulations 2018, ISO27001, ISO27701, Payment Card Industry Data Security Standards, Cyber Essentials Scheme; and aligned to HMG Security Policy Framework, Defence Cyber Protection Partnership, or other relevant customer requirement.
• Provide expert advice on data protection matters to the business unit includes assessing information risk (technically and organisationally) and developing and implementing effective strategies to ensure compliance with relevant legislation.
• Lead on the development and implementation of the data protection strategy and objectives for the business unit.
• Develop and further improve the data protection culture for the business unit to ensure there is a consistent approach to ensuring compliance with data protection guidelines and legislation.
• Develop and further improve policies and practices to ensure that information systems and processes remain secure - this includes maintaining an information asset register across the business unit, identifying risks and risk mitigation.
• Lead on the delivery of the data security and protection toolkit, working closely with the Data Protection Officer

• The role will continue to raise the profile of information security management and data protection and embed this as a strong culture of awareness and unambiguous accountability across current and future contracts for each business unit.
• Implement and operate information security management and data protection processes (risk, assurance/compliance, and Incident Management) covering all business units (or service lines) within the business unit.
• Act as a key contributor to the Divisional cyber security strategies, plans and risk assurance assessments – specifically owning relevant Key Risk Indicators (KRIs) at a business unit level

Are you looking to secure a career in a public sector environment? We would love to hear from you! 

As Business Unit Lead -Information Security and Data Protection you will be responsible for:

• Ensuring all information security and data protection risks are recorded, reviewed, and managed to an acceptable level. Responsibility for acceptance of risk remains with risk owner.
• Accountability on data protection framework and matters to the Data Protection Officer
• Ensuring all relevant compliance requirements are reviewed and that compliance can be evidenced.
• Ensuring management and resolution of information security and data protection incidents and any subsequent breach to include assessment of loss, or compromise, level of impact, recommend appropriate mitigation, conduct post incident review and lessons learned.  
• Providing support and guidance on information security management and data protection matters, particularly understanding technical and organisational implications of new services and technologies in support of data protection impact assessments and data protection by design and default.

In return, we offer a friendly, supportive and professional environment that respects your work/life balance and ultimately contributes to the delivery of public services in Italy and around the world.

Successful Candidate

Essential technical and professional skills, knowledge and qualifications

• Experience of process and approach to facilitating information security and data protection risk assessments.
• Experience in information security management and data protection related compliance requirements (e.g. DPA 2018, GDPR, PCI DSS, ISO27001, ISO27701)
• Experience of analysing and assessing current and future threat landscapes, providing realistic jargon-free overview of technical and organisational risks and threats.
• Experience in undertaking assurance activities (and determining correct and appropriate levels of evidence).
• Defining and operating security incident response plans in accordance with Serco Incident Response System and Data Protection Framework.
• IT skills are important, as is the ability to interpret technical solutions to ensure the risks are identified and appropriate controls and safeguards applied.
• Knowledge of the operational sectors within the relevant business units (e.g. MoD, MoJ, Health) is vitally important.
• Specific qualifications include CISM or CISSP with experience of information security management and thorough understanding of data protection/GDPR.

Additional / special features of the role

This role involves interaction with non-SME personnel, and the ability to simplify key messages to key stakeholders is beneficial

-------------------

Important:

Any offer of employment is contingent upon you providing documents to verify your identity and employment eligibility, as required by law.

Applicants are reminded that they will be requested to produce such documentation during the recruitment process.

Please contact a member of the recruitment team if you require further details of acceptable types of documentation required for verification of identity and work authorization. 

Data Protection:

When creating a profile on the Serco Career Centre you agreed to the Data Protection policy, a copy is available upon request.You may submit a written request revoking your consent to this agreement at any time.

Package Description

Joining Serco Italy’s amazing team offers:

• Competitive Salary 
• Great career opportunities in the Space industry
• Competitive Salary
• Corporate Benefits Package
• Exciting relocation package (if applicable)
• Company events
• International environment

About the Company

Why should you join Serco ?

At Serco not only is the nature of the work we do important, everyone has an important role to play.

Meaningful and vital work - You’ll contribute to methodologically intercepting challenges whilst achievements will also be recognised and celebrated.

A world of opportunity - You’ll be wholeheartedly supported with development and career progression

Great people - You’ll become an integral member of a well-defined and supportive team who believe passionately in the value of our work.

What we offer

• Chance to contribute to innovation in the public services sector
• A company passionate about diversity and inclusion
• Permanent employment with comprehensive Serco Benefits package.
• Pension

About Serco

At Serco, not only is the nature of the work we do important, everyone has an important role to play when managing complex public services.  

We are a team of 50,000 people responsible for delivering essential public services around the world, we are innovators, committed to redesigning and improving public services for the benefit of everyone.

By joining Serco you will have unlimited access to our Global Employee Networks – SercoInspire (Gender), SercoEmbrace (Multicultural), SercoUnlimited (Disability) and In@Serco (LGBT & Networks). Serco Employee Networks, led by colleagues who are passionate about diversity, inclusion and belonging. 

Apply

Please click on the apply button to be taken to our careers website

Serco is a Disability Confident Employer committed to employing and retaining people with disabilities.  Disabled applicants who meet the minimum criteria for the job will be given the opportunity to demonstrate their abilities at an interview.

Serco European Agencies