Data Protection Officer and Information Security Manager

Data Protection Officer and Information Security Manager

One of the UK's largest hospitality groups (owner or leading global restaurant brands) is recruiting for a Data Protection and Information Security Manager.

The Head of Information Security & Data Protection Officer (DPO) will be responsible for leading the company's information security strategy, ensuring the protection of digital assets, systems, and sensitive data across the organisation. This role also encompasses all Data Protection Officer responsibilities, leading the organisations privacy programme and associated committee whilst ensuring compliance with UK GDPR and other applicable data protection regulations. The role holder will develop, implement, and maintain robust cyber security policies, practices, and procedures while ensuring the company meets its legal obligations concerning data privacy. Operating within the restaurant and hospitality sector, this role will also focus on securing point-of-sale systems, customer data, and digital transactions in a fast-paced environment.

Key Responsibilities:

Data Privacy & GDPR Compliance (Data Protection Officer Responsibilities)

• Serve as the company's Data Protection Officer (DPO) in compliance with the UK GDPR and Data Protection Act 2018.
• Training and upskilling: supporting the development of the business and key stakeholders and maintaining privacy training on our learning management system.
• Advise the organisation on its legal obligations under data protection laws, ensuring the proper handling of personal data across all business processes, especially in customer data collection and marketing activities.
• Monitor the effectiveness of data protection measures and conduct regular internal audits to ensure compliance.
• Implement policies around data privacy, including data retention, data minimisation, and access control protocols.
• Lead data protection impact assessments (DPIAs) to identify and mitigate privacy risks in new projects and services.
• Act as the point of contact with the Information Commissioner's Office (ICO) and manage data breaches in accordance with the law.
• Develop training and awareness programs for employees around data privacy and security best practices.
• Taking charge of data protection compliance for consumer and employee data for all divisions.

Cyber Security Strategy & Management

• Develop and implement a comprehensive information security strategy tailored to the needs of the Restaurant Group.
• Lead the design and implementation of effective cyber security controls to safeguard digital systems, including customer data, financial information, and point-of-sale (POS) systems across the group.
• Monitor, assess, and mitigate vulnerabilities and threats, using tools like Firewalls, intrusion detection systems, encryption, and other cybersecurity technologies.
• Establish incident response protocols to deal with security breaches, ransomware, and other cyber threats.
• Regularly conduct risk assessments and security audits of all IT systems, applications, and infrastructure.
• Develop a cyber resilience plan, ensuring business continuity and disaster recovery mechanisms are in place.
• Manage relationships with external cyber security partners, ensuring the company has access to the latest tools and technologies.

This is a wonderful opportunity to work for one of the UK's biggest and best known hospitality companies.

The salary is a basic up to £90K + fantastic bonus and benefits scheme. 2/3 days a week in the London office with the rest remote.