Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Data Protection and Risk Analyst image - Rise Careers
Job details

Data Protection and Risk Analyst

About CEF:


CEF is a global electrical wholesaler, providing electrical products to people in the industry known for its extensive range of products and commitment to customer service. Founded in 1951 in the United Kingdom, it has since expanded to over 1,000 locations across multiple countries, including the United States, Canada, Australia, and Europe.


We in IT are delivering value to our business and our customers with the innovative solutions that enable our business to better serve our customers today and in the future. We recognise that technology and data are at the forefront of this. 


Our Global IT team deliver a portfolio of transformative work, expand our digital options, upgrade and future-proof our systems to place us at the forefront of the marketplace. 

 

To do this, we need talented and creative people across all areas to join us in delivering our evolution to enable our forward-thinking business over the next few years and beyond, and this is where you come in... 


Life as a Data Protection and Risk Analyst at CEF:


As a Data Protection Risk Analyst at CEF, you will play a crucial role in supporting the business's compliance and risk management efforts. Working within the Information Security Team, you’ll collaborate closely with our Data Protection Officer and Governance and Compliance Manager to ensure the organisation remains compliant with data protection regulations and mitigates risks effectively. 


Your contributions will be vital in alleviating workload pressures, streamlining processes, and enhancing our Information Security posture. 


This role is ideal for someone who is detail-oriented, proactive, and eager to develop expertise in both data protection and risk management within a dynamic, collaborative team. You'll also be part of ongoing projects to ensure CEF maintains compliance with various information security frameworks such as ISO 27001, PCI DSS, and Cyber Essentials. 


Your Objectives:
  • In this role, you’ll split your time between supporting data protection and risk management efforts: 
  • Data Protection Objectives (50%) 
  • Manage Subject Access Requests (SARs) and Right to be Forgotten requests. 
  • Handle compliance-related inquiries, such as police requests for CCTV footage and legal data inquiries. 
  • Support the screening and completion of Data Protection Impact Assessments (DPIAs). 
  • Provide administrative support to ensure CEF complies with Data Protection legislation. 
  • Risk Management Objectives (50%) 
  • Assist with maintaining and updating the EMEA Information Security Risk Register. 
  • Support PCI renewal and Cyber Essentials recertification processes. 
  • Help manage phishing simulations, KPI reporting, and information and security risk remediation efforts. 
  • Maintain and develop the AI risk catalogue and contribute to achieving security standard certifications. 
  • Liaise with multiple IT teams to monitor and address cybersecurity risks. 
  • Assist with customer security questionnaires and responses to support compliance efforts. 
  • Draft regular security communications to raise awareness of information security best practices. 


Essential Skills & Experience:
  • Experience handling Subject Access Requests (SARs) and Right to be Forgotten requests. 
  • Familiarity with GDPR compliance requirements and related legislation. 
  • Understanding of risk management processes, including maintaining risk registers and conducting risk assessments. 
  • Strong communication skills and the ability to engage professionally with stakeholders across the business. 
  • Understanding of cybersecurity frameworks such as ISO 27001, PCI DSS, and Cyber Essentials. 
  • Ability to work independently and manage sensitive data with discretion and confidentiality. 


Beneficial Skills and Experience:
  • Knowledge of the NIST Security Framework. 
  • Experience supporting audits and compliance efforts for ISO 27001, ISO 42001, and PCI DSS. 
  • Recognised certifications related to information security, risk management or data protection. 


Location:
  • Whilst this role is predominantly home based, you must be willing to travel to Durham and other UK sites as and when required.


Interview Process:
  • Call with Talent Acquisition
  • Microsoft Teams Video Call with Data Protection Officer and Governance, Risk and Compliance Manager
  • Microsoft Teams Video Call with Head of Information Security (EMEA) and Head of Information Security (North America)


Package:
  • Competitive basic salary 
  • Annual IT Bonus scheme 
  • MySavings - Employee Discount Platform
  • Pension: 3% ee’e / 3% e’er (Total 6%) 
  • Champion Health – a comprehensive physical, mental & financial wellbeing platform, offering bespoke content on all aspects of wellbeing & life including recipes, workouts, blogs and loads of other content for you 
  • Free use of the state-of-the-art private gym at our award winning IT Headquarters 


Average salary estimate

$60000 / YEARLY (est.)
min
max
$50000K
$70000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Data Protection and Risk Analyst, City IT

If you're passionate about data protection and risk management, CEF is the perfect place for you to thrive as a Data Protection and Risk Analyst! CEF, a leader in global electrical wholesaling, embodies a culture driven by innovation and a strong commitment to customer service. You’ll be joining our IT team remotely while having the opportunity to contribute significantly to our compliance and risk management initiatives. In this key role, you’ll collaborate with our Data Protection Officer and Governance and Compliance Manager to ensure we’re on top of evolving data protection regulations. Your day-to-day will involve managing Subject Access Requests and providing administrative support for compliance, alongside assisting with maintaining our Information Security Risk Register. If you're detail-oriented, proactive, and eager to dive deep into the realms of data protection and risk management, CEF opens doors to dynamic projects like ensuring compliance with ISO 27001 and PCI DSS. Joining us means being part of a collaborative team focused on enhancing our information security posture, as well as having the chance to grow your expertise in a supportive environment. So, if you’re ready to make a big impact with your skills while working from the comfort of your home, CEF is the place to be!

Frequently Asked Questions (FAQs) for Data Protection and Risk Analyst Role at City IT
What are the responsibilities of a Data Protection and Risk Analyst at CEF?

As a Data Protection and Risk Analyst at CEF, you will be responsible for managing Subject Access Requests (SARs), handling legal data inquiries, and supporting Data Protection Impact Assessments (DPIAs). You’ll also help maintain the EMEA Information Security Risk Register, assist in PCI renewal processes, and participate in mitigating cybersecurity risks. This multifaceted role plays a critical part in safeguarding data compliance while enhancing our organization’s security framework.

Join Rise to see the full answer
What qualifications are needed for the Data Protection and Risk Analyst position at CEF?

Ideal candidates for the Data Protection and Risk Analyst role at CEF should possess experience with handling SARs and an understanding of GDPR compliance requirements. A strong grasp of risk management processes and cybersecurity frameworks like ISO 27001, PCI DSS, and Cyber Essentials is essential. Excellent communication skills and the ability to work independently with sensitive information are also important to succeed in this position.

Join Rise to see the full answer
What is the work environment like for a Data Protection and Risk Analyst at CEF?

Working as a Data Protection and Risk Analyst at CEF offers flexibility with predominantly home-based work while also providing the opportunity to connect with a diverse team. You'll enjoy a collaborative atmosphere and ongoing professional development as you contribute to meaningful projects aimed at compliance and risk management. Team camaraderie and culture put emphasis on innovation and learning, making it a great environment to enhance your career!

Join Rise to see the full answer
What tools or systems do Data Protection and Risk Analysts at CEF use?

Data Protection and Risk Analysts at CEF utilize a variety of tools and systems specific to data protection and risk management. You will work with compliance tracking systems for monitoring SARs and risk registers, as well as cybersecurity frameworks for maintaining certifications. Participation in phishing simulations and KPI reporting also plays a role in enhancing the security posture within the organization.

Join Rise to see the full answer
What advancement opportunities exist for a Data Protection and Risk Analyst at CEF?

At CEF, Data Protection and Risk Analysts have clear pathways for career advancement. Opportunities for professional development, certifications in data protection and risk management, and exposure to various information security projects can greatly enhance your skills and qualifications. Collaborating closely with experienced professionals in the field provides insights into future roles and responsibilities within the organization.

Join Rise to see the full answer
Common Interview Questions for Data Protection and Risk Analyst
Can you explain your experience with Subject Access Requests (SARs)?

When answering this question, it's crucial to provide specific examples of how you have handled SARs in your previous roles. Discuss your understanding of the legal framework surrounding SARs, the process you followed, and any challenges you faced. Highlight how your actions ensured compliance and improved stakeholder communication, showcasing your detail-oriented approach.

Join Rise to see the full answer
How do you stay updated with GDPR compliance requirements?

Demonstrating knowledge of GDPR is essential. You might discuss resources like webinars, blogs, or networking events that you engage with to keep your knowledge current. Mention any relevant certifications you have or are pursuing, and highlight your proactive approach to compliance.

Join Rise to see the full answer
What methods do you use to conduct risk assessments?

Explain your methodology for conducting risk assessments. Discuss how you identify, analyze, and evaluate risks, and what frameworks or tools you utilize. Provide examples of reports you've generated or how the assessments impacted decision-making within a previous role.

Join Rise to see the full answer
Describe a situation where you had to manage risk effectively.

Use the STAR method (Situation, Task, Action, Result) to structure your response. Discuss the context, the risk involved, the steps you took to mitigate that risk, and the outcomes of your actions. Emphasizing successful risk management showcases your ability to handle critical situations.

Join Rise to see the full answer
What experience do you have with data protection legislation?

Share your background and experience with regulatory compliance. Discuss specific laws you've worked with like GDPR and any other relevant legislation. Providing examples of how your work has ensured compliance will add credibility to your answer.

Join Rise to see the full answer
How would you handle a compliance-related inquiry from law enforcement?

This question tests your knowledge of legal obligations. Explain the protocol you would follow, including documenting the request, assessing its validity, and collaborating with internal teams. Highlight the importance of confidentiality and adherence to legal guidelines in your response.

Join Rise to see the full answer
What is your understanding of cybersecurity frameworks like PCI DSS?

Articulate your knowledge of various cybersecurity frameworks. Explain the significance of PCI DSS for payment security and how it impacts the organization. Mention your experience with compliance processes and how you contribute to maintaining these standards.

Join Rise to see the full answer
Can you discuss a time when you had to communicate complex information?

Prepare to give an example where you translated complex legal or compliance information for non-technical stakeholders. Highlight your communication strategy, tools you used (like visuals or summaries), and how this improved understanding and compliance within the team or organization.

Join Rise to see the full answer
How do you prioritize your tasks in a risk management role?

Discuss strategies you use to prioritize tasks, such as risk assessment and urgency. Provide examples of tools or methods you employ to manage your workload effectively, showing how you ensure the most critical issues are addressed promptly.

Join Rise to see the full answer
What steps do you take to raise awareness of information security best practices?

Share specific initiatives you’ve been involved in, such as training sessions or written communications. Explain how you tailor your approach based on the audience and the positive impact these initiatives have had on enhancing the security culture within your organization.

Join Rise to see the full answer
Similar Jobs
C
City IT Remote No location specified
VIEW
Posted 5 days ago
Photo of the Rise User
Renaissance Remote Remote, Remote, Remote, United States
VIEW
Posted 14 days ago
Photo of the Rise User
Fannie Mae Remote Chicago, IL, USA
VIEW
Posted 6 days ago
Photo of the Rise User
Synergy ECP Hybrid Columbia, MD
VIEW
Posted 3 days ago
Photo of the Rise User
H&M Group Remote Årstaängsvägen, Stockholm, Sweden
VIEW
Posted 12 days ago
Photo of the Rise User
G-P Remote Ireland (Remote-First)
VIEW
Posted 11 days ago
Photo of the Rise User
Ardent Remote Washington, D.C. Metro - hybrid/remote
VIEW
Posted 7 days ago
R
Reinventing Geospatial, Inc. (RGi) Hybrid Fairfax, VA
VIEW
Posted 11 days ago
Photo of the Rise User
Allen Integrated Solutions Hybrid California, United States
VIEW
Posted 2 days ago
C By City IT

12 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
No info
LOCATION
No info
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
January 11, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok