Compliance Manager Permanent

ABOUT US MyLife Digital provides organisations and individuals with a trusted platform built on security, convenience and control for Personal Information Management, or life data. We ensure you can organise who can see it, who can share it and what can be done with it.

MyLife Digital helps you unlock the potential and value of this data, whether this is by delivering informed insights from informed consent to support better life decisions or simply manage all your data in one safe place. We do this by using a highly trusted, secure technology platform which stores, protects and analyses data.

In the case of individuals or citizens, this is usually via a mobile or web-based application which helps manage the collection, analysis and presentation of information. We can also extend this service for user groups as diverse as professional or amateur athletes, people with specific health conditions and supporters of charities.

Our powerful analytics capabilities also mean that we can ingest large amounts of complex data and do something meaningful with it, for both organisations and their consenting members.

THE ROLE We are now seeking a Compliance Manager to join the team. Reporting to the Director of Operations, you will provide functional management of MLD Group regulatory and standard compliance obligations, managing all risk management activities in regards to regulatory, data protection, information security and cyber security. This includes the ownership and management of the MLD Information Security Management System, ISO27001 certification, GDPR obligations and the continued certification of any other future formal management systems.

This role will require thought leadership and support MLD Group with guidance both tactically and strategically internally and client facing.

DUTIES To provide an efficient and effective day-to-day compliance resource to the Company, the post holder’s activities will include but are not limited to:

 Own the ISMS and implementation of associated continuous improvement roadmaps, support- ing functional areas with their controls and evidence.

 Own the GDPR programme

 Management of the Compliance Risk Register and the co-ordination of risk management activities. This should include the define, implement and operate of risk management activi- ties in regards to regulatory, cyber security and information security risk (risk assessments, gap analysis, business impact analysis etc.).

 Co-ordination, escalation and investigation of security incidents

 Planning and undertaking internal audits in accordance with the agreed schedule

 Assisting with the preparation for external audits and assessments

 Preparing and reporting KPIs and related objectives

 Monitor external legislation and regulation trends which impact the organisation.

Compliance Manager Permanent

To acquire and develop related knowledge, which allows the post holder to:

 Plan and undertake internal training initiatives in support of compliance activities.

 Support the MLD sales and marketing functions with messaging and positioning.

 In time, assist customers and partners with understanding and developing their own compli- ance and assurance frameworks, in order to support Company growth.

Maintain awareness of developing standards, frameworks and best practices, and to ensure that MLD is able to take advantage of these as appropriate.

KNOWLEDGE a) A functional knowledge of working within formal management systems, including detailed knowledge and understanding of the applicable published standards.

b) A functional knowledge of risk assessments, control implementation, and methods of educat- ing and supporting MLD colleagues to become proficient in these areas.

c) A functional knowledge of undertaking internal audits and associated report preparation, and preparing MLD for external assessments or audits.

d) A functional knowledge of GDPR and data protection related legislation

e) A functional knowledge of related legislation

EXPERIENCE Key experience: a) Strong experience of identifying and assessing information security risks around security con- trols, vulnerabilities and threats.

b) Strong DPA and GDPR exposure

c) Strong knowledge and experience with security standards, including but not limited to ISO27000.

d) Experience in selecting and implementing security controls and governance strategies.

e) Demonstrable experience in drafting, implementing and managing controlled documentation, and associated records, in a manner which meets the requirements of external standards.

f) Demonstrable experience within complex projects, ideally with project management experi- ence, with an understanding of how such skills can be applied to the delivery of Company management systems with competing priorities.

g) Previous experience, or willingness to obtain such competence, in the planning, conducting and reporting of internal audits, which meet the requirements of the applicable MLD manage- ment systems.

Compliance Manager Permanent

Previous experience, or willingness to obtain such competence, in the planning, management and effectiveness of conducting risk assessments as required by the applicable MLD management systems. PERSONAL ATTRIBUTES a. Conscientious approach to managing simultaneous and competing tasks effectively, suppor- ted by effective resource allocation, documentation, note taking and reporting skills.

b. Clear communication skills and articulation, both orally and in writing, with an ability to com- municate clearly and effectively both with colleagues at all levels within the Company, as well as external assessors, stakeholders, customers and partners as may be required from time to time.

c. An understanding of how to create and deliver effective training and educational presentations which are able to meet the objectives of the related training task. d. Tenacious and thorough, ensuring that MLD is afforded the appropriate level of protection through the effective control of its management systems.

e. A keen eye for detail, with a high degree of accuracy within produced work.

f. Able to obtain and retain the required levels of clearance required for this role.

Able to exercise discretion and deliver the highest levels of confidentiality as are required by this role.

HOW TO APPLY Please send your CV and covering letter on why you think you are suitable for the role to [email protected] by the closing date 9 June 2017.