Job Description

We are looking for an enthusiastic and detail-oriented Data Protection Manager to join our growing information security and data protection team. This is an ideal opportunity for someone with existing data protection knowledge and experience to further their career in information security and data protection.



The Role:


The Data Protection Manager will be responsible for driving the technical implementation of data protection practices across our systems and infrastructure. You will work collaboratively with the wider Information Security team to deliver a consistent and easily understood approach. Reporting to the Director of Information Security and Data Protection Officer, you will play a hands-on role in ensuring that our platforms, applications, and third-party services are aligned with data protection policies, regulatory requirements, and information security best practices. The ideal candidate is eager to learn and grow within the data protection and information security fields while contributing to the team's efforts to protect our organisation's data and IT infrastructure.


This role focusses on the operational aspects of data protection -- from technical risk assessments and secure system configuration reviews to incident response, vulnerability remediation tracking, and regulatory compliance audits. You will work closely with engineering, DevOps, and IT teams to embed privacy and information security controls into our technology stack.



This is a full-time position. Occasional after-hours work may be required to support incident response, high-priority vulnerability fixes, or audit activities.



Develop and implement data protection governance:

Design, implement, and enforce data protection and information security policies and procedures aligned with business objectives and regulatory requirements Support the development of strategies to mitigate and monitor data protection risks and incidents Coordinate internal audits, assessments, and recommend improvements to enhance data protection posture Work collaboratively with the wider Information Security team to identify and develop a strategy to mitigate, manage, and monitor data protection risks and incidents Work collaboratively with other departments to ensure the alignment of security efforts with wider business objectives

Risk management:

Identify, assess, and document data protection risks across systems and processes Support administration of data protection systems and risk reporting. Provide advice and guidance to teams on how to mitigate any identified risks

Vulnerability management:

Coordinate data protection assurance testing and vulnerability management Provide advice and guidance to teams on how to mitigate vulnerabilities, and following up on remediation progress Collaborate with development teams to integrate secure coding and privacy-by-design principles

Incident response & recovery:

Lead incident response efforts on a duty basis Provide guidance on threat mitigation, containment, and recovery processes

Legal and regulatory conformance:

Ensure conformance with relevant regulations (CCPA, GDPR, etc.) Manage ITG group data protection process, including all relevant external audits, internal assessments, and planning Ensure the accurate review of system configurations takes place to ensure alignment with data protection and information security best practices Ensure the documenting of configuration settings

Staff training & awareness:

Implement and manage an enterprise-wide data protection awareness training program Conduct regular training sessions and awareness programs to educate employees on data protection risks and best practices

Vendor management:

Manage third-party vendor data protection assessments, ensuring third-party partners comply with data protection standards

Reporting & documentation:

Maintain accurate records of data protection and information security incidents, audits, assessments etc. and compile progress reports Implement and report on data protection and information security key performance indicators and outcome driven metrics

Continuous improvement:

Continuously assess our data protection and information security position and recommend improvements to strengthen data protection and information security Keep up to date with the latest data protection and information security threats, trends, technologies, and regulations in the industry Keep the organisation updated on industry best practices

Requirements

3+ years of experience in data protection, information security, or a relevant field Professional certifications or a degree in a related field are preferred but not essential Strong understanding of UK, EU, and US data protection law and regulations Good understanding of information security concepts, tools, and technologies Commitment to continuous professional development, with a willingness to learn and grow in the data protection and information security field Experience supporting or coordinating audits, risk assessments, and compliance processes Ability to help coach and guide less experienced members of the wider Information Security and Data Protection team Ability to work autonomously and manage multiple tasks simultaneously Strong analytical, investigative, and problem-solving abilities The adaptability to do a range of work, sometimes complex and non-routine, in different environments The ability to work under direction, use discretion, and determine when to escalate issues Strong written and verbal communication skills, with the ability to interact effectively with both technical and non-technical stakeholders

Benefits

Work's a treat!

On top of a competitive salary, you can expect a whole load of perks:

25 days' holiday + bank holidays

- we understand the importance of you getting some down time.

Annual Wellbeing Day -

enjoy an additional day on us to look after your physical and mental wellbeing.

Pension Scheme -

helping you save towards your retirement home in the sun!

Corporate Medical Cash Plan -

claim back the cost of your medical treatments.

Smart Working Options -

spend up to 40% of your working week from home.

So many savings

- through our online community platform, you can access dozens of daily deals, from money off top brands to discounts on days out.

Employee Assistance Programme

- our people are at the heart of everything we do, so if you're happy, we're happy.

Cycle to Work Scheme

- save on the cost of biking to work.

Monthly Employee Awards

- Employee of the Month programme with 250 bonus

Raising money for charity

including a paid Volunteer Day

- we're all about giving back... and having lots of fun in the process!

Referral scheme

- know the perfect person to join the team? You could bag 1,500 for a putting a good word in.

Wellbeing Programme -

giving you the opportunity to join regular, interactive Wellbeing Workshops or join our 30 plus Wellbeing Champions.

Enhanced Family Friendly Leave -

support for you and your family to help you navigate through the craziness of family life.

We Value Diversity

We champion and welcome diversity in our workforce and ensure all job applicants receive equal and fair treatment, regardless of age, race, gender or gender identity, religion, sexual orientation, disability, or nationality.



We are not only committed to increasing the visibility and recognition of talent from under-represented groups within our organisation, but the wider industry too.



At the end of the day, we make sure we take time to look after ourselves, each other, and the planet, because we're always stronger together.



ITG have a number of community groups (ERGs) available to employees which offer a safe space for like-minded colleagues, with shared interests to connect, socialise and check in with each other. These include Black ITGers Together, LGBTQ+ Together, Mens Health Together, Muslims Together, Neurodiversity Together, Working Parents and Carers Together and Women In Tech Together.


#LI-CM1