Data Protection and Information Security Advisor

JobsCloseBy Editorial Insights

Bertelsmann is seeking an experienced Information Security and Data Protection Advisor to guide data protection, privacy, and information security across the business, advising senior leadership and teams, ensuring compliance, managing risk, and embedding privacy by design. This onsite Birmingham role at Hams Hall offers up to £34,000, 40 hours per week, Monday to Friday. You will maintain RoPA, manage data flows, oversee DPIAs, liaise with regulators like the ICO, and handle data subject requests and breach response. You will review policies and vendor agreements, deliver training, develop the information security framework, monitor incidents, and report KPIs to leadership. To apply, tailor your CV to show GDPR and UK GDPR expertise, DPIA and RoPA outcomes, incident response, and vendor risk management, and highlight collaboration with IT, legal, and operations. Certifications are desirable.

Salary: Up to £34,000

Location: Hams Hall

Hours: 40 hours per week. Monday to Friday

We are looking for an experienced Information Security & Data Protection Advisor to guide and strengthen our approach to data protection, privacy, and information security. You will act as a trusted expert, advising senior leadership and teams across the organisation, ensuring compliance, managing risk, and embedding privacy- and security-by-design practices.

Your Tasks

• Advise leadership and teams on data protection obligations, ensuring compliance with GDPR, UK GDPR, and sector-specific laws.
• Maintain Records of Processing Activities (RoPA), manage data flows, and oversee Data Protection Impact Assessments (DPIAs).
• Act as liaison with regulators (e.g., ICO) and handle investigations, data subject requests, and breach/incident response.
• Review policies, contracts, and vendor agreements to embed privacy-by-design and ensure compliance.
• Deliver training and awareness programs to foster a strong culture of privacy and security.
• Develop, maintain, and continuously improve the organisation’s information security framework, including policies, standards, and procedures.
• Monitor and respond to security incidents, manage vendor security compliance, and oversee business continuity and disaster recovery.
• Collaborate with IT, development, and operations to embed security controls and ensure secure system design.
• Lead security awareness initiatives and report on security posture, risks, and KPIs to senior management.
• Stay informed on emerging cyber threats, regulatory changes, and best practices, advising leadership on risk mitigation.

Your Profile 

• Strong knowledge of data protection and privacy laws (GDPR, UK GDPR, UK DPA) and sector-specific regulations.
• Experience in a similar role (DPO, Privacy Officer, Information Security Officer, or equivalent).
• Skilled in risk assessment, audit, governance, incident response, and vendor risk management.
• Excellent communication and influencing skills, able to translate technical topics for non-technical stakeholders.
• Strong analytical, problem-solving, and project management abilities.
• Able to work independently while collaborating across IT, legal, HR, and operations.
• Integrity, independence, and discretion, with high confidentiality standards.
• Degree in information security, computer science, law, or related field; certifications in privacy or cybersecurity desirable.

We Offer 

• 25 days annual leave plus 8 UK bank holidays with the option to purchase up to an additional 5 days  
• Pension contribution 
• A life assurance policy that pays out 4 x Salary  
• Employee Assistance Programme that provides you with confidential support, information, and advice to help you 
• Employee Discount Scheme
• Free car parking