Roke is a world-class technology and engineering consultancy. Roke delivers advanced research, development services and products to high profile customers who come to Roke with varied and challenging problems to solve.
Due to continued growth and as part of internal restructuring, we are looking for a well-motivated, highly competent Security and Privacy Manager to join Roke’s Security Department. The Security Department sits within the Enabling Services Directorate and works in collaboration with the People Security and IT Security Departments to deliver a critical business-enabling function. It is responsible for all aspects of Roke’s information and physical security risk management and is subsuming Roke’s Privacy function from another area of the business.
This position reports to the Head of Security.
- Drafting of security and privacy processes and procedures
- Support to working environment accreditation, including governance and assurance inspections
- Operational lead for security/privacy incident management and investigations
- Support the ongoing maintenance and continual improvement of Roke’s Information Security Management System (ISMS) and Privacy Information Management System (PIMS). This will include SLA performance reviews, KPI monitoring/measuring and acting as Secretary for Roke’s Information Security and Privacy Steering Group (ISPSG).
- Act as a security and privacy advisor for all areas and levels of the business
- Operational lead for Privacy Management, including the maintenance and regular review of Roke’s Record of Processing Activities (ROPA)
- Initiate and complete, as well as approve and review, Data Protection Impact Assessments (DPIAs) as part of Roke’s PIMS
- Management of Security and Privacy Education, Training and Awareness (SPETA), including delivery of Induction presentations and ongoing Security and Privacy awareness initiativesLine Manager for two Direct Reports
- Always fully comply with Roke’s policies and procedures
- Undertake such other reasonable duties, commensurate with the job holder’s experience and qualifications, as may be required for the smooth operation of the business
Education and Qualifications
- CISM or CRISC.
- CCP-SIRA (any level)/ex-CLAS.
- ISO/IEC 27001:2013 LI or LA.
- Relevant Privacy qualifications, such as CIPM, CIPP/E or ISO 27701:2019 LI or LA.
- Relevant higher level academic qualification(s), such as Bachelor’s Degree (or equivalent), is desirable, but not essential.
Knowledge, Skills & Experience
- Strong working knowledge of information and physical asset lifecycle management
- Strong working knowledge of security and privacy risk assessment processes/methodologies (e.g. ISO 27005/31000, DPIA, IRAM2) and associated mitigation options
- Strong working knowledge of UK and International Data Protection Legislation and Regulations, as well as best practice. Previous experience in a position as Data Protection Officer (DPO) and/or Data Protection/Privacy Manager (DPM) would be a distinct advantage for this role
- Knowledge of International and National Standards and frameworks (e.g. ISO, NIST, ISF SOGP)
- Experience of information and physical security management, including incident management and investigations
- Experience of working within, or for, National Security and/or Defence sectors
- Competent with Microsoft 365
- Good written English and verbal communication skills
- Able to work independently
Why You Should Join Us
We have a competitive salary and access to a number of additional flexible benefits, which will cover Health and Wellbeing, Savings and Protection & Life, Leisure and Entertainment.
Roke has a great community of groups with shared interests. These enable people to share ideas and be passionate about tools, technologies & techniques, which interest them.
We are committed to a policy of Equal Opportunity, Diversity and Inclusion. Our working environment is friendly, creative and inclusive. We will consider flexible working arrangements and support a diverse work-force and those with additional needs.
Due to the nature of this position, we require you to be eligible to achieve DV clearance. As a result, you should be a British Citizen and have resided in the UK for the last 10 years.