We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com.
The role will work closely with systems and project engineers, developers, bid teams, internal/ external business stakeholders and project managers across functions regionally.
Essential Job Duties and Responsibilities:
- Work with our Systems and InfoSec teams to determine degree of compliance per system / component.
- An ability to establish which systems / components are subject to UK-GDPR and GDPR, review each system / component to establish the extent of relevant compliance.
- For any non-compliances, identify and define action(s) needed to achieve compliance.
- Work under established processes to bring all systems into compliance.
- Have the ability to be able to carry out Gap Analysis’ and propose appropriate mitigation measures, principally non-technical, to improve / attain compliance.
- Assist in delivery of said mitigation measures.
- Comply with Cubic’s values and adherence to all company policy and procedures. Complying with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures.
- Work with the relevant internal stakeholders to ensure customer responses (bids or variations) are reviewed and advised on, from a Data Protection stance, highlighting any potential risks or non-compliances.
- Have the ability to research and understand national Data Protection Laws in other regions; such as EMEAI.
- In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of them.
Minimum Job Requirements:
- Of the development and implementation of solutions to ensure privacy policies are correctly implemented, with compliance with legal forms of data use as well as support business use of data.
- Working to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs.
- A strong understanding of UK-GDPR and GDPR.
- Strong project management skills.
- Good written communication skills.
Skills, Knowledge and Experience:
- Must have a background in regulatory work and/or information security, with extensive GDPR knowledge and a background in an applicable technical discipline such as software development or systems / security architecture.
- Must have demonstrable analytical and problem solving skills, and be very hands-on.
- Must be able to demonstrate recent experience delivering in a regulatory or Data Protection role within a commercial organisation.
- Must be able to propose and develop a wide range of alternative approaches to achieving GDPR compliance.
Education and Qualifications:
Essential:
- Degree or equivalent qualifications/experience.
Desirable:
- Information privacy/ Data Protection qualification – CIPPE/ + CIPM.
- Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP/ ISA).
- ITIL v3/ Prince2 foundation level/ TOGAF.
- Security and IT infrastructure/ networking vendors’ certifications.
Personal Qualities:
- Self-motivated with an ability to work autonomously.
- Able to build and maintain relationships at all levels of the organisation.
- Commercially astute and able to protect Cubic’s business interests.
- Able to communicate with both team and senior level audiences, with written and spoken English of the highest quality with strong documentation and presentation skills.
- Responsible, organised, logical thought processes.
- The ability to work well under pressure.
- Commitment to delivering high quality results against what may be tight timescales.
The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.