Skills

Network Security Penetration Testing Risk Management Change Management Research Training Windows Azure AWS GCP Server Management

Job Specifications

The Company: CTL

CTL is a leading cyber security and GRC service provider based in the UK. We provide holistic security, risk, privacy, and compliance consultancy services to some of the most prestigious brands in the world.

The Role: Information Security & Compliance Lead (Full time)

CTL’s cyber security and IT compliance team is growing, and we are looking for someone to join the team to drive forward the security and compliance function and work as an extension of our team on client projects in the UK, EU and the US.

Key Responsibilities:

Compliance with relevant security and risk controls, and governance frameworks
Compliance with established and new Data Protection regulations (GDPR, HIPPA & US DP laws) utilising platforms like Vanta etc.
Development, implementation, and awareness of compliance-related policies & procedures
Tracking of vulnerability management and penetration testing activities and remedial actions utilising online platform
Vendor & Change management process compliance and representation
Internal and external audit responses and tracking of remedial activity
Maintaining the Risk Profile (inc. cybersecurity awareness) & completion of & reporting on risk assessments
Managing the Security and Compliance knowledge base and intelligence profile
Educating the Company team on Security and Compliance governance
Staying up to date with privacy requirements and changes through your own research as well as attending conferences and events.
Stay up to date and on top of the latest trends within the industry, this includes attending conferences and training
Evaluation and formulation of data protection processing contracts, mitigation, and management of privacy risks
Conduct and implement Data Protection Impact Assessments
Produce Privacy policies, notices and conduct data Mapping on One Trust etc.
Provide advice on data protection and privacy matters
Lead ISO driven certifications across geographically dispersed organisations globally

Qualifications and Experience:

The candidate must have 5+ years of experience in InfoSec and Data Privacy roles
Strong understanding of cloud technologies (Azure, AWS and GCP)
Sound understanding of automation, AI driven compliance, audit and risk management
Bachelor's degree and relevant security/data protection practitioner qualifications
Excellent understanding of the general principles, practices, and technologies of Information Security and Data Privacy Regulations (i.e., GDPR, HIPPA, US Data Privacy Laws)
Understanding of the Information security threat landscape & standards (e.g., ISO27K1)
Working knowledge of IT systems (network security, server management, MacOS, Windows)
Practical experience in dealing with operational data protection activities such as subject access requests (DSAR) and applying rights requests in practice
Knowledge of international safeguards and evolving international privacy law
Experience developing data privacy solutions to address client security requirements.

Salary:

GBP 36,000 per annum

About the Company

Headquartered in London, Captavio Technologies Limited is a Cyber Security Solutions company. With our subject matter expertise and years of experience, we have successfully expanded our service offerings into GRC and SecDevOps. We help our clients plan, execute, and monitor programs that are aligned with their business goals and long-term objectives. The founders at Captavio have a cumulative experience of over 60 years in Information Security, Cyber Risk, Secure Software Development, IT Programme Management, Digital Tran... Know more