Job Description

We have an exciting opportunity for a Group Privacy & information Security Officer to join our team. The successful candidate will be responsible for providing oversight and challenge of the accountable individuals who keep the business safe from data protection, Information, IT, and Cyber Security risks by providing leadership, strategy and guidance, and support to the organization, inspiring confidence across the business.

The successful candidate will lead improvements and ensure continued confidence in the security of our systems and privacy of our data so that we can provide an outstanding retail experience and remain trusted by our customers.

Duties & Key Responsibilities

• Responsible for providing oversight and challenge to the accountable individuals for ensuring that our Information, IT, and Cyber Security responsibilities are met, whether these are led by the business’s information security risk appetite or imposed through the legal, regulatory, or contractual landscape that we operate within.
• Drive improvement and transformation by setting our strategic direction for the management of data privacy, information, IT, and cyber security risks within our broader enterprise risk framework, including establishing a common risk language, and describing the organization’s risk appetite and tolerances.
• Ensure the Information Security and IT & Cyber Security strategies and fit for purpose, providing guidance, input and oversight to the Head of Information & Cyber Security.
• Regularly monitors and considers changes to our legal, regulatory, and compliance in respect of information security risks, including implicit shifts in our risk appetite and risk tolerance.
• Acts as Data Protection Officer for Lookers PLC and its subsidiary companies, notably Motor Group Limited, involving in all matters concerning Data Protection and leading the team of Data Privacy Analysts.
• Primary point of contact for the Information Commissioner and for individuals whose data we process, such as our employees and customers.
• Monitoring compliance to identify deficiencies across our operational teams, including Lookers IT, and risk management controls, which are then communicated as appropriate to the CRO, Internal Audit teams, and our Executive Boards and committees, such as the Audit & Risk Committee.
• Oversee the business response to Information and Cyber Security incidents, including Data Protection incidents supported by the Head of Information & Cyber Security and operational teams.
• Act in an impartial manner to investigate and resolve complaints related to the privacy of our customers and employees.
• Ensure that the data protection rights of our customers and employee data are honored and respected.
• Provide subject matter expertise to assist management in the development and communication of policies and procedures as well as assisting in design and development of processes and controls to manage information security risks.
• Establishing and assisting risk owners to priorities risks within their function as well as developing action plans to ensure the risks are appropriately managed.
• Supporting the completion of efficient and effective reviews of information security risk management by our Internal Audit team, external auditors, and other evaluating entities, such as our manufacturers and finance houses.
• Sets the standard for the protection of Lookers data and ensures data is appropriately managed, including obtaining appropriate assurance from our third-party service providers.
• Advise on Data Protection Impact Assessments (DPIAs) and Legitimate Interests Assessments (LIAs) and provide specialist training to key roles, such as our marketing teams.

Required Knowledge, Skills, and Abilities

Extensive practical experience in an equivalent role, managing data privacy, Information, IT, and Cyber Security risks, including engaging with and presenting to Directors. Experience of fulfilling the role of Data Protection Officer, including managing communication with the ICO. Someone capable of managing a team of specialist Data Privacy Analysts, able to maintain enthusiasm and passion, continuing to inspire and motivate the team, within our complex, dynamic, and maturing environment. Experience managing the response to minimize the impact on the organization from a wide range of information security incidents. Viewed as an information security expert and shares specialist knowledge to improve performance of self/others. Strong knowledge of information, cyber, and IT security best practice, common attack types and detection/prevention methods, including CISecurity Benchmarks, OWASP and NIST guidelines. One or more relevant IT security qualifications from a recognized body, such as GIAC GSEC or ISACA CISM is desirable. Experience of a financial services / regulated environment is desirable.