Cyber Security & Privacy Manager
Share
Job Location:
Monthly Salary:
Posted on:
19 hours ago
Vacancies:
1 Vacancy
Job Summary
Description
Position at International Schools Partnership Limited
ISP Cyber Security & Privacy Manager
Role Profile
Purpose of Role
The ISP Cyber Security & Privacy Manager will own and operate ISPstechnology security and data privacy control frameworkacross TDDA platforms integrations and data products.
This role operationalises security-by-design and privacy-by-designacross delivery ensuring ISP operates with IPO-grade controls audit-ready evidence and consistent gating of change.
The role is not advisory only it has active decision rightsto define controls and block non-compliant delivery.
Scope & Complexity
- Enterprise-wide multi-country environment
- Operates across ERP HRIS SIS CRM EdTech Data Platform Integrations and AI products
- Works with outsourced cyber partners but retains ISP accountability
- Balances strong control with pragmatic delivery enablement
ISP Principles
Begin with our children and students. Our children and students are at the heart of what we do. Simply their success is our success. Wellbeing and safety are both essential for learners and learning. Therefore we are consistent in identifying potential safeguarding and Health & Safety issues and acting and following up on all concerns appropriately.
Treat everyone with care and respect. We look after one another embrace similarities and differences and promote the well-being of self and others.
Operate effectively. We focus relentlessly on the things that are most important and will make the most difference. We apply school policies and procedures and embody the shared ideas of our community.
Are financially responsible. We make financial choices carefully based on the needs of the children students and our schools.
Learn continuously. Getting better is what drives us. We positively engage with personal and professional development and school improvement.
ISP Cyber Security & Privacy Manager Key Responsibilities
1. Security & Privacy Governance Operating Model
- Design and operate TDDA security and privacy governance framework
- Maintain TDDA technology risk register inputs
- Establish security/privacy decision forums and cadence
- Produce quarterly security & privacy posture report
2. Privacy-by-Design & DPIA Operations
- Define DPIA thresholds and workflow
- Own DPIA templates and guidance
- Ensure DPIAs are embedded into demand-to-delivery process
- Maintain DPIA register and evidence
3. Security Architecture Standards
- Define mandatory security patterns for:
- Identity & access management
- Encryption (at rest & in transit)
- Logging & monitoring
- Segregation of duties
- Key management
4. Delivery Gating & Controls
- Ensure initiatives touching data integrations or AI are security & privacy reviewed
- Gate releases through CAB where controls are not met
- Ensure security and privacy evidence is part of release readiness
5. Third-Party & Vendor Risk
- Define minimum security/privacy assurance requirements
- Support vendor due diligence
- Maintain third-party assurance register
6. Audit & Evidence
- Maintain audit-ready evidence packs:
- Access reviews
- DPIAs
- Change logs
- Third-party assurance
- Support internal and external audits
7. Enablement
- Define secure SDLC expectations with Engineering & Architecture
- Provide training and guidance to TDDA teams
Decision Rights
- Define mandatory security and privacy controls for TDDA delivery
- Gate or block releases where controls are not met
- Define minimum third-party assurance requirements
Key Responsibilities (Day-to-Day)
- Run DPIA process
- Maintain security standards catalogue
- Review designs through Design Authority
- Participate in CAB
- Track and report risks
Key Deliverables (First 6 Months)
- DPIA workflow live and embedded
- TDDA security standards catalogue
- Third-party assurance checklist
- Quarterly security & privacy report
- First full evidence pack
Success Measures / KPIs
- 100% qualifying initiatives gated through DPIA & security review
- Reduction in unknown integrations / shadow data flows
- Audit evidence completeness and timeliness
- Improved access governance (review completion least privilege adoption)
Skills Qualifications and Experience
- 810 years in cyber security and/or privacy operations
- Experience in regulated multi-country environments
- Strong DPIA and vendor risk expertise
- Risk-based thinking
- Pragmatic control design
- Clear communicator
- Calm under pressure
ISP Commitment to Safeguarding Principles
ISP is committed to safeguarding and promoting the welfare of children and young people and expects all staff and volunteers to share this commitment.
All post holders are subject to appropriate vetting procedures including an online due diligence search references and satisfactory Criminal Background Checks or equivalent covering the previous 10 years employment history.
ISP Commitment to Diversity Equity Inclusion and Belonging
ISP is committed to strengthening our inclusive culture by identifying hiring developing and retaining high-performing teammates regardless of gender ethnicity sexual orientation and gender expression age disability status neurodivergence socio-economic background or other demographic characteristics. Candidates who share our vision and principles and are interested in contributing to the success of ISP through this role are strongly encouraged to apply.
Required Experience:
Manager
Key Skills
- Crisis Management
- IDS
- FedRAMP
- ICD Coding
- Military Experience
- PCI
- Business Management
- Conflict Management
- NIST Standards
- Security
- Information Security
- Encryption
About Company
We are here to help our schools. We want them to get better. The best people to run our schools are the people in our schools. We call our way of working the ISP Framework. Our main role is as a critical friend and advisor to our schools. ISP was founded by an experienced team of com ... View more
