Cyber Security & Privacy ManagerInternational Schools Partnership Limited • London, England, United Kingdom
Cyber Security & Privacy Manager
International Schools Partnership Limited
- London, England, United Kingdom
- London, England, United Kingdom
Über
Position at International Schools Partnership Limited Role Profile
ISP Cyber Security & Privacy Manager Purpose of Role
The ISP Cyber Security & Privacy Manager will own and operate ISP's
technology security and data privacy control framework
across TDDA platforms, integrations, and data products. This role operationalises
security-by-design and privacy-by-design
across delivery, ensuring ISP operates with IPO-grade controls, audit-ready evidence, and consistent gating of change. The role is not advisory only - it has
active decision rights
to define controls and block non-compliant delivery. Scope & Complexity
Enterprise-wide, multi-country environment Operates across ERP, HRIS, SIS, CRM, EdTech, Data Platform, Integrations and AI products Works with outsourced cyber partners but retains ISP accountability Balances strong control with pragmatic delivery enablement ISP Principles
Begin with our children and students.
Our children and students are at the heart of what we do. Simply, their success is our success. Wellbeing and safety are both essential for learners and learning. Therefore, we are consistent in identifying potential safeguarding and Health & Safety issues and acting and following up on all concerns appropriately. Treat everyone with care and respect.
We look after one another, embrace similarities and differences and promote the well-being of self and others. Operate effectively.
We focus relentlessly on the things that are most important and will make the most difference. We apply school policies and procedures and embody the shared ideas of our community. Are financially responsible.
We make financial choices carefully based on the needs of the children, students and our schools. Learn continuously.
Getting better is what drives us. We positively engage with personal and professional development and school improvement. ISP Cyber Security & Privacy Manager Key Responsibilities
1. Security & Privacy Governance Operating Model
Design and operate TDDA security and privacy governance framework Maintain TDDA technology risk register inputs Establish security/privacy decision forums and cadence Produce quarterly security & privacy posture report 2. Privacy-by-Design & DPIA Operations
Define DPIA thresholds and workflow Own DPIA templates and guidance Ensure DPIAs are embedded into demand-to-delivery process Maintain DPIA register and evidence 3. Security Architecture Standards
Define mandatory security patterns for: Identity & access management Encryption (at rest & in transit) Logging & monitoring Segregation of duties Key management 4. Delivery Gating & Controls
Ensure initiatives touching data, integrations or AI are security & privacy reviewed Gate releases through CAB where controls are not met Ensure security and privacy evidence is part of release readiness 5. Third-Party & Vendor Risk
Define minimum security/privacy assurance requirements Support vendor due diligence Maintain third-party assurance register 6. Audit & Evidence
Maintain audit-ready evidence packs: Access reviews DPIAs Change logs Third-party assurance Support internal and external audits 7. Enablement
Define secure SDLC expectations with Engineering & Architecture Provide training and guidance to TDDA teams Decision Rights
Define mandatory security and privacy controls for TDDA delivery Gate or block releases where controls are not met Define minimum third-party assurance requirements Key Responsibilities (Day-to-Day)
Run DPIA process Maintain security standards catalogue Review designs through Design Authority Participate in CAB Track and report risks Key Deliverables (First 6 Months)
DPIA workflow live and embedded TDDA security standards catalogue Third-party assurance checklist Quarterly security & privacy report First full evidence pack Success Measures / KPIs
100% qualifying initiatives gated through DPIA & security review Reduction in unknown integrations / shadow data flows Audit evidence completeness and timeliness Improved access governance (review completion, least privilege adoption) Skills, Qualifications and Experience
8-10+ years in cyber security and/or privacy operations Experience in regulated, multi-country environments Strong DPIA and vendor risk expertise Risk-based thinking Pragmatic control design Clear communicator Calm under pressure ISP Commitment to Safeguarding Principles
ISP is committed to safeguarding and promoting the welfare of children and young people and expects all staff and volunteers to share this commitment. All post holders are subject to appropriate vetting procedures, including an online due diligence search, references and satisfactory Criminal Background Checks or equivalent covering the previous 10 years' employment history. ISP Commitment to Diversity, Equity, Inclusion, and Belonging
ISP is committed to strengthening our inclusive culture by identifying, hiring, developing, and retaining high-performing teammates regardless of gender, ethnicity, sexual orientation and gender expression, age, disability status, neurodivergence, socio-economic background or other demographic characteristics. Candidates who share our vision and principles and are interested in contributing to the success of ISP through this role are strongly encouraged to apply.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.