×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Information Security & Data Protection Manager

Job in High Wycombe, Buckinghamshire, HP13, England, UK
Listing for: Focusrite
Full Time position
Listed on 2026-06-05
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 60000 - 85000 GBP Yearly GBP 60000.00 85000.00 YEAR
Job Description & How to Apply Below

Based: Remote (UK)/High Wycombe/London (N7)/Hybrid

Term: Permanent, Full time

Reporting to: Chief Information Officer (CIO)

Salary: £60000 - £85000 pa + excellent benefits

The Role

We're looking for an Information Security Compliance Specialist to take ownership of our Information Security, Data Protection, and AI Governance programmes across the Focusrite Group. You will be the operational owner of our Information Security and Data Protection (ISDP) framework informed by ISO 27001 (ISMS), ISO 27701 (PIMS), Cyber Essentials and NIST CSF keeping us aligned to those standards and ready for certification and audit.

Working alongside development, IT, and business teams, you will advise on security and privacy requirements for new and changing systems, ensuring appropriate controls are designed in, evidenced, and verified after implementation. You will also own the Group's response to emerging risks in AI, translating evolving regulation (EU AI Act, UK AI principles, ICO guidance) into practical governance.

About you

Several years' experience in Information Security and Data Protection, with a good understanding of IT systems, web operations, cloud platforms, and secure coding practices (including OWASP).

Comfortable engaging at all levels of the organisation and externally, with the gravitas to influence security and privacy outcomes and reduce the impact of change.

The position requires providing support and advice to all parts of the Group on Information Security and Data Protection.

You will be responsible for Information Security Systems
  • Framework & advisory: own the Information Security and Data Protection Framework and its documentation, and advise IT, development, and business teams on security requirements
  • Tools & supplier assurance: run the Business Approved Tools process (including assessment of AI tools, vendors, and use cases), own designated Information Security tools, and conduct supplier audit assessments
  • Certification & standards: own certification readiness for Cyber Essentials and lead new certification efforts as the business requires
  • Threats, incidents & testing: monitor cyber threats and translate them for the business, own the incident management process (including phishing response and simulation exercises), and manage vulnerability scans and penetration testing (including external Red/Purple/Blue Team engagements)
  • Risk & resilience: conduct risk assessments across products, systems, and processes; own the Information Security and Data Protection risk register, contributing to the Group Risk Management process; and maintain and test the Business Continuity Plan (BCP)
  • AI Governance: own the AI Governance framework, AI system inventory, and alignment with ISO 42001, NIST AI RMF, and the EU AI Act where appropriate
Data Protection compliance
  • Data subject rights & assessments: handle Data Subject Rights requests (Subject Access, erasure, rectification, restriction, objection, portability, and rights relating to automated decision‑making) and run Data Protection Impact Assessments (DPIAs)
  • Records & registers: maintain the Records of Processing Activities (RoPA) under Article 30 for controller and processor activities, the lawful basis register, consent records, and Legitimate Interest Assessments (LIAs)
  • Notices, cookies & marketing: operate Privacy Notices and Cookie Tools (One Trust), and advise on PECR and e‑privacy compliance including direct marketing and electronic communications
  • Privacy by Design & training: help product managers and developers embed Privacy by Design, and design and deliver Data Protection training and awareness across the Group
  • Retention & breach management: own the retention schedule and deletion/anonymisation processes, and own personal data breach handling (including detection triage, 72‑hour ICO/EU supervisory authority notification, data subject notification where required, and the breach register)
  • Third parties & international transfers: manage processor and sub‑processor governance (Article 28 due diligence, Data Processing Agreements, processor register) and international data transfers (SCCs, the UK IDTA/Addendum, and Transfer Risk Assessments)
Change Management
  • Revi…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search