Bertelsmann is a media, services and education company that operates in about 50 countries around the world. It includes the broadcaster RTL Group, the trade book publisher Penguin Random House, the magazine publisher Gruner + Jahr, the music company BMG, the service provider Arvato, the Bertelsmann Printing Group, the Bertelsmann Education Group, and Bertelsmann Investments, an international network of funds. The company has 117,000 employees and generated revenues of €17.1 billion in the 2015 financial year. Bertelsmann stands for creativity and entrepreneurship. This combination promotes first-class media content and innovative service solutions that inspire customers around the world
Salary: Up to £34,000
Location: Hams Hall
Hours: 40 hours per week. Monday to Friday
We are looking for an experienced Information Security & Data Protection Advisor to guide and strengthen our approach to data protection, privacy, and information security. You will act as a trusted expert, advising senior leadership and teams across the organisation, ensuring compliance, managing risk, and embedding privacy- and security-by-design practices.
Your Tasks
Advise leadership and teams on data protection obligations, ensuring compliance with GDPR, UK GDPR, and sector-specific laws.
Maintain Records of Processing Activities (RoPA), manage data flows, and oversee Data Protection Impact Assessments (DPIAs).
Act as liaison with regulators (e.g., ICO) and handle investigations, data subject requests, and breach/incident response.
Review policies, contracts, and vendor agreements to embed privacy-by-design and ensure compliance.
Deliver training and awareness programs to foster a strong culture of privacy and security.
Develop, maintain, and continuously improve the organisation’s information security framework, including policies, standards, and procedures.
Monitor and respond to security incidents, manage vendor security compliance, and oversee business continuity and disaster recovery.
Collaborate with IT, development, and operations to embed security controls and ensure secure system design.
Lead security awareness initiatives and report on security posture, risks, and KPIs to senior management.
Stay informed on emerging cyber threats, regulatory changes, and best practices, advising leadership on risk mitigation.
Your Profile
Strong knowledge of data protection and privacy laws (GDPR, UK GDPR, UK DPA) and sector-specific regulations.
Experience in a similar role (DPO, Privacy Officer, Information Security Officer, or equivalent).
Skilled in risk assessment, audit, governance, incident response, and vendor risk management.
Excellent communication and influencing skills, able to translate technical topics for non-technical stakeholders.
Strong analytical, problem-solving, and project management abilities.
Able to work independently while collaborating across IT, legal, HR, and operations.
Integrity, independence, and discretion, with high confidentiality standards.
Degree in information security, computer science, law, or related field; certifications in privacy or cybersecurity desirable.
We Offer
25 days annual leave plus 8 UK bank holidays with the option to purchase up to an additional 5 days
Pension contribution
A life assurance policy that pays out 4 x Salary
Employee Assistance Programme that provides you with confidential support, information, and advice to help you
Employee Discount Scheme
Free car parking
Profile