Data & Information Security Intern
We are seeking a dynamic, values-driven and technically capable intern to support the Operations team.
Sheffield - but working from home for the foreseeable future until the office opens again.
£18,525 per annum
Hours of work
37.5 hours per week
Good Things Foundation is the UK’s leading digital and social inclusion charity. Our mission is a world where everyone can benefit from digital. Through our Online Centres Network of hyperlocal partners, we are supporting people and communities to overcome some of the most pressing social challenges they are facing through digital.
Since 2010 we’ve helped over 3.5 million people to improve their lives using digital, driving positive outcomes such as employment, reducing loneliness, supporting basic digital skills, and health and wellbeing.
Good Things Foundation is a social change organisation with a mission to ensure that everyone benefits from digital. We live the change we are seeking to achieve and encourage applications from diverse backgrounds. We operate a policy of providing equal opportunities in all aspects of work including recruitment, training, and promotion, whatever the colour, race, religion, belief, ethnic or national origin, gender, sexual orientation, marital status, age or disability of an employee, having regard to the individual’s aptitudes and abilities and requirements for the job. Good Things Foundation is opposed to all forms of unlawful and unfair discrimination. Our goal is also to be truly reflective of the makeup of society and we actively welcome difference.
About the role
We are seeking a dynamic, values-driven and technically capable intern to support the Operations team in managing our obligations for data protection and information security.
You will have good knowledge of GDPR and a background in Data Privacy and Protection. You will need to be a self starter – willing to conduct further research to develop your knowledge and help find solutions to challenges as they arise.
You will also have a passion for Information Security and a good grasp of trends within the industry. This is a great time to join Good Things as we embark on a new Data Strategy to improve the collection, processing and storage of our data.
As an applicant it is essential that you are able to demonstrate that you possess the following experience, knowledge, skills, education, and qualifications (see Job Description for full details):
- Degree, or equivalent experience in UK data protection laws and implementation of associated processes (e.g.: GDPR)
- Knowledge of compliance frameworks for information security, cyber security or GDPR
- Excellent time management skills and ability to prioritise
- Ability to work well under pressure
- Excellent organisational skills and attention to detail
- Excellent IT skills
- Strong written and verbal communication and interpersonal skills
- Able to handle confidential information in a sensitive and trustworthy way
- Ability to digest and confidently communicate complex legislation in an easily understandable way to both peers and laypersons
- Ability to think innovatively and problem solve, including work under own initiative, escalating where needed
- Understanding data protection law and the area of information security
- Contribute to the development of the organisation’s Data Protection policies and documented procedures
- Work closely with the Data Analytics Manager to deliver improvements to the quality and security of the data we collect and store
- Help process responses to Subject Access Request in accordance with applicable data protection legislation
- Work with the Research, Data and Insights team to provide guidance and feedback on Data Protection Impact Assessments
- Assist with identification and remediation of data incidents
- Conduct privacy impact assessments as and when required for new projects and systems
- Provide GDPR guidance to teams across the organisation as and when required
- Build strong relationships with data owners and colleagues across all teams
- Provide secretariat support for the Operational Compliance Board, ensuring that an agenda is agreed, papers are ready in time, actions are carried out and the non-conformance and risks logs are kept up to date and reviewed regularly.
- Support the process of obtaining and maintaining certifications such as ISO 27001, Cyber Essentials, including liaising with certification bodies.
- Manage the updating and version control of our ISO 27001 Information Security Management Systems (ISMS)
- Support the Head of Operations and COO to ensure effective implementation and tracking of our ISMS, including staff training and awareness on information security.
- Manage all logged security incidents and support with investigation of suspected and actual security incidents in accordance with the security incident management policy. Produce reports with recommendations and ensure any remedial action is taken.
- Produce Management Information reports for the board, internal governance bodies and Senior Management as required.
- Support with the internal audit schedule, working closely with HR, Technology and the Operations team and organise and conduct internal information security audits.
- Keep up to date with information, guidance and best practice from National Cyber Security Centre, IS0 and other similar organisations
- Identify and implement continuous improvement of our ISMS, through close working with teams across the organisation.
- Work with the Operations Manager to develop and run staff awareness training programs in areas of information security and data protection and regularly monitor gaps in staff knowledge to ensure any future training reflects staff needs.
- Manage our internal slack channel for information security queries working closely with our Technology Team to ensure prompt resolution of queries and proactive posting of useful content.
- Compliance with our corporate systems and processes, using them day to day and becoming champions of these.
- Willingness and openness to doing training to increase knowledge of corporate systems (currently Salesforce, G Suite, Monday.com, Slack, Tableau)
- Act with integrity when handling confidential, sensitive or personal data
How to apply
Please return the Application Form and your CV to: email@example.com by the closing date of 30th July 2021. Please also complete our Equality and Diversity form to help us monitor our commitment to Equity, Diversity and Inclusion.
*Information can be made available in other formats (for example, large print), so please contact us if you need to discuss what alternative format would be accessible for you.
Safeguarding Statement and Pre-Employment Checks
Here at Good Things Foundation, we work with vulnerable adults and are fully committed to ensuring their safeguarding and welfare at all times, in line with our Safeguarding Policy and Procedures. All of our employees, contractors and volunteers will be expected to comply with the policy and procedures. Upon a conditional offer of appointment being made, all employees will also be required to satisfy our pre-employment screening process which for this position, will include:
- An identity check (photo ID)
- Receipt of two satisfactory references
- Documentary evidence of right to work in the UK