Information Security and Data Protection Lead

Job Description

We're looking for an experienced and motivated Information Security and Data Protection Lead to join our team, reporting to the Head of Information Governance, Risk and Compliance. In this key role, you'll take ownership of our information security and data protection practices, ensuring the integrity of our systems and compliance with regulatory and industry standards.

You'll play a vital role in protecting sensitive data, supporting IT disaster recovery planning, and leading change management processes. You'll also be instrumental in maintaining our compliance with PCI-DSS, Cyber Essentials, and other key frameworks such as ISO27001 and NCSC CAF.

This is a great opportunity for someone who is technically skilled, detail-driven, and passionate about creating a secure and resilient digital environment.

Responsibilities

• Data protection: Implement and manage protocols to safeguard sensitive information, including robust impact assessments
• Information security: Support and lead initiatives such as threat assessments, vulnerability management, incident response, and certification compliance (Cyber Essentials, ISO27001, etc.).
• IT disaster recovery (DR): Develop, maintain, and regularly test IT DR plans to ensure business continuity.
• Change management: Lead IT change processes by chairing the Change Advisory Board, ensuring smooth and secure transitions.
• PCI-DSS compliance: Oversee audits and assessments to maintain compliance with PCI-DSS requirements.
• Technology policy: Create, update, and enforce technology policies that meet industry standards and support operational excellence.
• Penetration & control testing: Coordinate system penetration testing and conduct regular tests across people, processes, and technology to ensure control effectiveness.

General responsibilities

• Champion our culture and values, acting as a role model across the business.
• Communicate and collaborate effectively with internal teams and external partners.
• Lead and coordinate external audits and third-party engagements.
• Promote a culture of continuous improvement and innovation.
• Ensure employees are aware of their responsibilities through policy updates, training, and awareness programs.

What you'll need to succeed

Essentials

• Solid knowledge of data protection law and regulatory requirements
• Strong verbal and written communication skills
• Excellent attention to detail
• Confidence in supporting IT operations, particularly in cyber resilience and disaster recovery
• Ability to translate technical workflows into clear, usable documentation
• Proven experience in policy writing and implementation

Desirables

• Experience within the utility industry.

Benefits you can rely on

Great allowances for hybrid working:
🏡 £500 work from home allowance - an annual allowance paid monthly alongside your salary to support with working from home costs.
🚆 £500 travel allowance - an annual allowance paid monthly alongside your salary to support with travelling to work costs.

📖 £500 annual development allowance: to spend on your chosen development area, whether that's in your current role, or future roles.
🎁15%: company-wide bonus scheme designed to reward collective teamwork and delivery of results across the whole business.

🌞 Holiday: 25 days annual leave, a day off for your birthday, additional days leave for long service, plus bank holidays. You'll also have the option to buy additional leave, allowing for a better work-life balance.

💸 Ethical Pension with Aviva: Good Energy offers an ethical pension plan provided by Aviva, with employer-matched contributions up to 7.5% of your base salary.

See more of our benefits here.