The applicant will play an important role within IT Systems & Support Limited who deliver an effective and strategic operation of schools IT provision. Reporting to the Technical Director this will be achieved by providing direct support in the provision of ISO27001 and GDPR compliance within the company and supported schools.
Main Duties / Responsibilities
· Manage IT Systems compliance with data protection laws and policies;
· Inform and advise on data protection laws and policies in consultation with the Technical Director;
· Create and maintain data protection policies and procedures;
· Monitor compliance with data protection laws and policies;
· Maintenance of records required to demonstrate data protection compliance;
· Manage a program of awareness-raising and ongoing training to deliver compliance and data privacy culture within IT Systems & Support;
· Review Data Protection within schools and supplier contracts;
· Support the Technical Director in incident response and data breach notification procedures;
· Be the contact point with and co-operate with the relevant Data Protection Authorities and to data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests;
· Provide updates on the data protection compliance to the IT Systems Management Team as appropriate.
Specific Duties and Responsibilities
· Monitoring and recording GDPR compliance - including collecting information to identify processing activities, analysing/checking the compliance of processing activities and informing, advising and issuing appropriate recommendations;
· Advising across both IT Systems & Supported Clients on all types of data protection issues - including providing briefings to Head Teachers, Staff and schools management teams, informing individuals of their obligations under GDPR, giving detailed guidance on matters of compliance, informing all relevant decision makers of developments relating to data protection and advising on the risk elements of new and existing operations;
· Educating and training schools and employees at all levels - including in respect of data protection principles, processes and procedures for GDPR compliance and avoiding and dealing with data breaches;
· Advising on and monitoring performance of Data Protection Impact Assessments (DPIA) - including a description of the processing activity and its purpose, outlining any risks and measure taken in response and advising on the methodology of the DPIA;
· Responding to individuals whose data is being or has been processed - including dealing with subject access requests, executing the right to be forgotten, and considering the restrictions on processing;
· Full involvement in all future data processing (privacy by design);
· Other duties may include data audits, writing and updating policies and procedures, report creation, producing improvement plans and organising, monitoring and reviewing record keeping.
Skills / Attributes Required
· Previous experience with a minimum of 2 year in a similar role.
· An appropriate IT and / or Information Security Qualification.
· A compliance, IT Security, legal or audit background.
· Knowledge of data privacy legislation including GDPR.
· Experience in managing data incidents and breaches.
· Knowledge of cybersecurity risks and other information security standards.
· Ability to make good judgments regarding data privacy and to prioritise resource and activity around managing those risks.
· Able to conduct the role independently and with integrity.
· Ability to plan, organise and prioritise tasks and projects.
· Strong personal communication skills capable of dealing with a wide range of stakeholders, including schools, head teachers and management teams.
· Proven ability to establish and maintain a high degree of confidentiality, respect, trust, and credibility at all levels.
· Contribute to the overall ethos / work / aims of IT Systems & Support Limited and play an active role within the development of the company.
· Appreciate and support the role of other professionals as part of this post.
· Comply with health and safety policy and systems, report any incidents / accidents / hazards and take pro-active approach to health and safety in order to protect yourself and others.
· Any other duties of a similar nature related to the post which may be required from time to time.
· To be aware of and comply with policies and procedures relating to child protection, confidentiality, reporting all concerns to an appropriate person.