We are an award-winning and accredited education services business with over 25 years of expertise and are delighted to have recently won the ‘Payroll & HR Provider’ Award 2020 from The Rewards for the third consecutive year and the ‘Education Business Services’ Award from the Education Investor Global UK Awards 2020.
We are 100% dedicated to education and our expert team of over 240 highly qualified employees support more than 2,350 Schools and Trusts nationwide.
Technology is key to our business; however, people are at the heart of what we do. Our culture is unique and built upon the motivation and passion of our team. We encourage our employees to flourish and unleash their talent by building their confidence and providing them with the opportunities and support to empower them and realise their full potential. By delivering the best for our employees, we empower them to deliver the best for our customers. This approach has made our outstanding customer retention rate possible.
EPM’s performance in the market has been and continues to be, exceptional, resulting in significant growth year after year. Our success can be attributed to our proactive, forward-thinking approach and passionate team. Our strategy is people and customers first with continual growth across the education sector.
Purpose of the Job:
To review process flows on current procedures and implement plans enabling the business to minimise risk. Working closely with the EPM board as well as the wider Citation group Supporting and implementing organisational policies and processes that ensure the organisation complies with data protection law and good information management practice. You will also lead on or support workstreams at a senior level to sustain compliance across all data streams in order to meet business objectives.
This role is pivotal in supporting the business achieve its goals, finding the balance between objectives, data protection law, group policy and each department’s influence will be critical. Standing firm from pressures in all directions whilst trying to find solutions that enable and not restrict will be a key.
Main Responsibilities/Duties of the job:
1. Lead the implementation of the group data protection and information governance framework locally, keeping leaders on at EPM and Citation group updated on progress and challenges.
2. Work with the business in setting and achieving data retention timeframes
3. Ensure that appropriate due diligence is carried out prior to onboarding a new supplier, ensuring that appropriate information security practices and data protection compliance are at play.
4. Keep up to data record of processing activity, data maps and ensure they are a primary reference point for all projects and data processing
5. Be the onsite SME for data protection laws and their practical application, in particular dealing with the exercise or rights and supporting the business in meeting each of the data protection principles
6. Managing significant projects requiring dedicated time to manage, review and implement
7. Analysing and making recommendations against information security concepts and working with IT and the business to identify risks to information and mitigation strategies
8. Influencing stakeholders at all levels of the business and lead change
9. Be the contact point for the ICO
10. Support the business with privacy impact assessments when they are necessary