Information Rights Manager
Salary: £25,000 to £35,000 (DOE)
Location: The Tannery, Leeds, LS3 1HS
Hours: Permanent (37.5 Hours Per Week)
Reporting To: General Manager
Data Protection People Limited (DPP) is one of the UK’s leading data protection and information security consulting practices. We provide a range of assurance and assessment services in the fields of privacy and data protection law and cyber security helping people to benchmark themselves against standards such as PCI DSS, ISO27001, and the NIST framework and laws such as the GDPR. We have been a QSA Company for the PCI DSS since 2018. Our head office is in Leeds and we have customers all over the UK and some overseas in a range of sectors. You will be joining a team of around 35 people.
We are looking to recruit an Information Rights Manager, with experience in managing the subject access request, to manage the SAR Bureau team, provide appropriate advice and guidance on the application of redactions, exemptions and ensure that the process is effective, manageable and delivers a high standard of work to our clients.
Your role will be to take over the management of the SAR bureau which will involve: sales support – briefing and educating our sales team and supporting pre-sales efforts to discover prospective customer needs around SARs; scoping – engaging with clients to scope out, confirm and document projects; briefing – mobilizing the team of reviewers and briefing them on projects; resourcing – arranging appropriate resources to fulfil projects; people management – managing the team of remote workers comprising two team leaders and 20 or so reviewers; training – ensuring the initial and on-going training of your team; QA – ensure all bureau work is appropriate quality checked, providing feedback to reviewers and the QA team as part of a learning and development cycle during and after each project.
FOI implementation – implementing from scratch a Freedom of information service.
- Marketing and sales support: to work with marketing and sales colleagues to encourage appropriate marketing and sales efforts to generate interest, new business, and repeat business in our outsourced SAR service.
- Client engagement pre-sales: to work with prospective clients to discuss their SAR needs and how DPP might be able to assist them.
- Scoping: to engage with clients to determine and document precisely their SAR needs and the scope of works they have commissioned DPP to undertake.
- Briefing: to ensure that all those engaged to work on a client brief (including suppliers and sub-contractors) are sufficiently aware of their roles and responsibilities, the client and DPP’s expectations, timeframes, work methods, processes, etc.
- Resourcing: to arrange appropriate and sufficient resources including people, equipment, tools, and platforms to ensure the efficient and effective running of the SAR Bureau.
- People management: to manage all those engaged to deliver services within the SAR Bureau within DPP’s employment framework including their productivity, effectiveness, and accuracy.
- Training: to ensure that all those engaged to deliver services within the SAR Bureau have adequate training at intervals to a) enable them to fulfil their duties and tasks with the necessary care, diligence, and accuracy; b) enhance their learning and skills in the understanding and application of data protection law.
- QA: to undertake quality assurance work as necessary on the work of the SAR Bureau.
- To positively contribute to the development of the company and its services.
- 10 Implementing FOI Services for many of our clients
KPIs will be set to achieve the following:
- Training Reviewers & QA team
- Reviewing processes & procedures
- Reduce reviewing and QA time.
- Growing SAR business
- Implement FOI business
- Review software options
- Monthly reporting on all stats
- Highly competitive salary set according to experience.
- Pension scheme
- 23 days annual leave with accrual 1 day a year till the length of service accrual
- Flexible working (remote working where approved)
- Free Parking at our Leeds office
- On-going investment in your training and development
- Employee social events
- Performance related Bonus to be decided
You will love working in the field of information rights and have a flare for subject access requests. You will have a good level of understanding and knowledge of the UK GDPR and Data Protection Act 2018, along with practical experience in managing SARs and the applicability of redactions/exemptions that may apply. You enjoy working within, and managing, a team of enthusiastic individuals and ensuring the team works efficiently and to the required standard.
- The SAR bureau is frequently working on a dozen or more SAR projects at any one time. It’s a busy environment therefore you will need to be able to organize people, projects, and yourself and juggle priorities.
- You will be comfortable talking about SARs and processes with customers and colleagues.
- You need a superb eye for detail, not only to be able to set up projects but to be able to check the quality of the team’s work output. You won’t be afraid to probe, question, and challenge work that you feel is not right.
- You’ll need to be good with people to get the best out of your team leaders and reviewers all of whom work remotely.
- You’ll need to be able to liaise with the suppliers of our review software solutions to ensure projects are set up effectively.
- You need to be organized and systematic; to think clearly and identify key issues.
- It is highly desirable that you have strong experience working with data protection law and understand the nuances of “personal data” and the right of access. If you don’t have this experience you will need to have the ability to pick up and apply the individual rights aspect of data protection law and SAR exemptions.
- You will be part of a management team but will still need to be self-motivated with the ability to work on your own initiative and coordinate your team’s activities.
- You will need strong background on understanding and interpreting the law and applying exemptions around subject access requests
Our Mission is to Make Data Protection and Cyber Security Easy: Easy to Understand and Easy to do. Our Mantra is to Benchmark, Improve, and Maintain.