Data Protection and Information Security Advisor

Location:
Hams Hall

Hours: 40 hours per week. Monday to Friday

Salary:
Up to £34,000

We are looking for an experienced Information Security & Data Protection Advisor to guide and strengthen our approach to data protection, privacy, and information security. You will act as a trusted expert, advising senior leadership and teams across the organisation, ensuring compliance, managing risk, and embedding privacy‑ and security‑by‑design practices.

• Advise leadership and teams on data protection obligations, ensuring compliance with GDPR, UK GDPR, and sector‑specific laws.
• Maintain Records of Processing Activities (RoPA), manage data flows, and oversee Data Protection Impact Assessments (DPIAs).
• Act as liaison with regulators (e.g., ICO) and handle investigations, data subject requests, and breach/incident response.
• Review policies, contracts, and vendor agreements to embed privacy‑by‑design and ensure compliance.
• Deliver training and awareness programs to foster a strong culture of privacy and security.
• Develop, maintain, and continuously improve the organisation’s information security framework, including policies, standards, and procedures.
• Monitor and respond to security incidents, manage vendor security compliance, and oversee business continuity and disaster recovery.
• Collaborate with IT, development, and operations to embed security controls and ensure secure system design.
• Lead security awareness initiatives and report on security posture, risks, and KPIs to senior management.
• Stay informed on emerging cyber threats, regulatory changes, and best practices, advising leadership on risk mitigation.

• Strong knowledge of data protection and privacy laws (GDPR, UK GDPR, UK DPA) and sector‑specific regulations.
• Experience in a similar role (DPO, Privacy Officer, Information Security Officer, or equivalent).
• Skilled in risk assessment, audit, governance, incident response, and vendor risk management.
• Excellent communication and influencing skills, able to translate technical topics for non‑technical stakeholders.
• Strong analytical, problem‑solving, and project management abilities.
• Able to work independently while collaborating across IT, legal, HR, and operations.
• Integrity, independence, and discretion, with high confidentiality standards.
• Degree in information security, computer science, law, or related field; certifications in privacy or cybersecurity desirable.

• 25 days annual leave plus 8 UK bank holidays with the option to purchase up to an additional 5 days
• Pension contribution
• A life assurance policy that pays out 4 x Salary
• Employee Assistance Programme that provides you with confidential support, information, and advice to help you
• Employee Discount Scheme
• Free car parking