Great State
Back to careers
careers / Various

Data and Security Compliance Manager - Fixed Term

Salary: Competitive

Location: Bristol

HR Director, Victoria James03 February 2025

We are looking for an experienced Data and Security Compliance Manager to lead and maintain our compliance with ISO 9001, IS0 14001, ISO 27001, Cyber Essentials Plus, MOD-level SAQs, FSQS and GDPR regulations. The role is crucial in ensuring our agency adheres to best practices and legislation in data protection, information security, quality management, environmental compliance and industry-specific security standards.

The ideal candidate will have experience in compliance management, risk assessment, audits, security frameworks and policy implementation. They will need to work across teams such as IT, Operations, Finance, Delivery and Engineering to ensure robust governance, risk management and compliance strategies are in place, supporting both operational efficiency and regulatory requirements.

Key responsibilities 

Compliance and certification management

  • Ensure we have the processes and infrastructure in place to maintain and oversee compliance with:
    • ISO 9001, 14001 and 27001
    • Cyber Essentials Plus certification
    • MOD-level SAQs
    • FSQS (Financial Services Qualification System)
    • GDPR and UK Data Protection Law
    • PCI-DSS compliance
    • New requirements as applicable
  • Manage our internal and external audits, certifications and compliance renewals
  • Ensure continuous monitoring and improvement of compliance frameworks
  • Review client and supplier contracts/master service agreements and Statements of Work from a compliance perspective and act as the conduit between contracts and project teams to ensure we are meeting our commitments
  • Supplier/vendor management including vendor specific assessments and flow down policy control and compliance

Information security and Cyber Essentials Plus

  • Oversee Cyber Essentials Plus compliance ensuring security controls are in place
  • Work closely with the IT team to assess vulnerabilities, manage risk and implement cyber security policies
  • Work with the Head of IT to manage incident response planning and ensure security incidents are managed in line with best practices

Data protection and GDPR compliance

  • Working closely with our DPO to ensure adherence to GDPR, UK Data Protection Act and other relevant privacy regulations
  • Create and maintain any Records of Processing Activities (RoPA) and conduct Data Protection Impact Assessments (DPIAs)
  • Implement processes around Data Subject Access Requests (DSARs) and breach management
  • Ensure compliance with any client and third-party data processing agreements (DPAs) and data retention rules

Risk management and policy development

  • Review, update, maintain and enforce policies and procedures related to:
    • Information security
    • Data protection
    • Environmental sustainability
    • Business continuity
    • Incident response
    • Supplier security assessment
  • Maintain a risk register identifying compliance risks and implementing mitigation strategies
  • Conduct internal security audits and ensure corrective actions are taken

FSQS and MOD compliance, JOSCAR, SOC and standard DevSecOps requirements

  • Manage FSQS accreditation, ensuring all necessary documentation is up to date
  • Support MOD SAQ (Supplier Assurance Questionnaire) compliance, working with internal teams to meet security requirements such as MOD Security Policy JSP440
  • Ensure adherence to government and financial sector security regulations across the agency

Internal training

  • Delivery compliance training to staff on GDPR, security awareness and best practices and ISO requirements
  • Ensure teams are aware of best practices in cyber security, data protection and quality management
  • Foster a culture of compliance and continuous improvement across the business

Skills and experience

Essential:

  • Experience managing compliance frameworks include ISO 9001, 14001, 27001, Cyber Essentials Plus, GDPR, and PCI-DSS compliance
  • Strong understanding of information security, cyber security frameworks and risk management
  • Experience with internal and external audits, certification renewals and policy development
  • Proven knowledge of data protection laws
  • Ability to develop and deliver compliance training
  • Excellent project management and stakeholder engagement skills

Desirable:

  • Knowledge of cloud security frameworks (AWS, Azure, SaaS security)
  • Experience in business continuity and disaster recovery planning
  • Understanding of government and other regulatory body security frameworks (MOD, FSQS, NSCS)

Apply

Please complete all fields unless stated as optional.

GDPR compliance

When you apply to a job on this site, the personal data contained in your application will be collected by Great State (“Controller”), which is located at 1 Victoria Street, Bristol BS1 6AA and can be contacted by emailing careers@greatstate.co. Great State’s data protection officer is Evalian, who can be contacted at dataprotection@greatstate.co. Your personal data will be processed for the purposes of managing Great State's recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Great State to help manage its recruitment and hiring process on Great State's behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the EU-US Privacy Shield. You can obtain details of Greenhouse's Privacy Shield certification by contacting us at dataprotection@greatstate.co.

Your personal data will be retained by Great State as long as Great State determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.