Data Protection Manager

Location Glasgow
Discipline: IT
Job type: Permanent
Contact name: Gary Simpson

Contact email: gary.simpson@change-digital.co.uk
Contact phone: 0141 5668922
Job ref: 156920
Published: 1 day ago
Expiry date: 27 Feb 2026 23:59

Are you an experienced Data Protection Manager / Analyst ?

 

Do you have experience maintaining policy frameworks, procedures, processes and metrics to ensure compliance with Data Protection Laws ?

 

Would you like to work for a company based in Glasgow that is going through an ISO27001 implementation ?

 

Key Responsibilities:

Data Protection:

  • Promote and embed data protection best practice across all departments.
  • Coordinate with Department Functional Leads (DFLs) to ensure organisation‑wide compliance.
  • Maintain and update data protection policies, procedures, and standards.
  • Deliver annual GDPR roadmap requirements.
  • Monitor changes in legislation and regulatory guidance, making recommendations to mitigate risk and ensure compliance.
  • Manage data subject requests, including access, rectification, and erasure.
  • Lead and maintain Data Protection Impact Assessments (DPIAs), assessing risks and implementing mitigation actions alongside DFLs.
  • Act as the first point of contact for data breaches, ensuring appropriate assessment, resolution, reporting, and escalation.
  • Investigate data breaches in line with incident response plans.
  • Maintain records of processing activities and compliance evidence using DPOrganiser.
  • Manage the day‑to‑day operation of the Data Protection mailbox and associated processes.

 

Information Security:

  • Actively support the achievement and ongoing maintenance of ISO 27001 certification.
  • Enforce group information security policies and procedures to protect information assets.
  • Assist with the identification, evaluation, and mitigation of information security risks and vulnerabilities.
  • Work with DFLs to integrate information security into business processes and objectives.

 

Required experience includes:

  • Advanced knowledge of data protection regulations and procedures.
  • Strong organisational, analytical, and problem‑solving skills.
  • Understanding of information security principles, with a willingness to further develop expertise in this area.
  • Ability to review controls, assess risks, and produce clear, evidence‑based mitigation plans.
  • Understanding of data mapping methodologies.
  • Ability to work effectively with auditors, suppliers, and colleagues, presenting information clearly and professionally.
  • Enthusiastic team player with the emotional intelligence to build effective relationships and drive change.
  • IT literate, with proficiency in Microsoft Office applications.

 

Desirable experience:

  • Hands‑on experience supporting compliance with frameworks such as:
    • Data Security and Protection Toolkit (DSPT)
    • Cyber Essentials Plus
    • Cyber Assessment Framework (CAF) or ISO 27001