Job Description
Costain Limited is a leading smart infrastructure solutions company, dedicated to shaping a sustainable future for the UK. Founded in 1865, we have established ourselves as a forward‑thinking leader in the engineering and technology sectors, delivering innovative solutions that drive progress and enhance lives across diverse industries including transportation, energy, water and defence. We focus on creating value for our clients through integrated solutions that combine digital technology, consultancy and complex project delivery. Guided by our core values of safety, integrity, collaboration and innovation, Costain is committed to maintaining the highest standards in everything we do. Our collaborative approach and inclusive culture empower teams to innovate and deliver exceptional results that make a tangible difference.
We are seeking a strategic and principled individual with a passion for data protection to develop Costain’s data protection strategy and enable us to harness data as a strategic asset. The successful candidate will lead the expansion and implementation of data protection initiatives across the Costain Group and joint‑venture partnerships, working closely with the Head of Cyber Assurance and the Group Information Security Manager, to ensure full compliance with data protection laws and regulations and to embed data‑protection practices into business operations and decision‑making.
Responsibilities
* Promote and embed a culture of compliance that embraces data protection by design.
* Lead the development of internal personal data and information security champions, fostering a strong understanding of data protection principles across the business, and providing guidance, training and support on data protection matters.
* Develop and maintain processes for handling data subject requests in a timely manner, keeping accurate records of requests and responses.
* Act as the primary point of contact for data subjects, supervisory and regulatory authorities, and internal teams.
* Review data protection agreements, monitor practices and, if necessary, conduct data protection audit assessments of third‑party vendors and sub‑processors.
* Conduct assessments of new and existing systems, processes and policies involving the collection, processing, transfer or storage of personal data and special‑category data, including mapping data storage locations and processing activities, assessing privacy and data security risks and proposing mitigation strategies.
* Work with stakeholders to develop and maintain incident response plans; investigate and manage breaches and execute corrective actions while ensuring timely legal reporting.
* Ensure that effective governance arrangements and documentation are in place to achieve and maintain compliance with all relevant legal, regulatory and policy requirements governing the processing of personal data and special‑category data.
* Conduct horizon scanning of developments in data protection law, regulations and practices and take appropriate steps to keep the business aligned with any changes.
* Ensure appropriate data protection certifications are in place and renewed on a timely basis.
Essential Knowledge, Skills and Experience
* Proven Data Protection Officer experience in a business environment.
* In‑depth knowledge of UK and EU legislation, case law, codes of practice and guidance (e.g. ICO, EDPB), including the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations; familiarity with the Human Rights Act.
* Exceptional leadership skills and a proven track record in stakeholder management.
* Experience working in an audit/compliance/governance context and knowledge of compliance audit best practice.
* Ability to anticipate and evaluate potential privacy and data protection compliance challenges.
* Ability to assimilate and interpret information quickly and explain complex legal, regulatory and policy requirements to stakeholders at all levels.
* Discretion and integrity when handling confidential information.
* Strong risk‑assessment and decision‑making skills to support best decision making for Costain on data protection issues.
* Excellent communication skills and strong ethical standards.
* Ability to remain impartial and report non‑compliances.
* Exceptional organisational skills, attention to detail and an effective team player.
* Innovative mindset, comfortable challenging the status quo and striving for continual improvement.
* Familiarity with security systems.
Knowledge of sector‑specific data processing practices is preferable.
Desirable
* Knowledge of how to deploy data analytics to proactively detect instances of fraud, bribery and corruption.
About Us
Costain helps improve people’s lives with integrated, leading‑edge, smart infrastructure solutions across the UK’s energy, water, transportation and defence markets. We enable clients to increase capacity, improve customer service, safeguard security, enhance resilience, decarbonise and deliver greater efficiency. Our vision is to be the UK’s leading smart infrastructure solutions company, focusing on blue‑chip clients with strategic national needs, regulatory commitments, legislation or essential performance requirements.
We do not provide individual feedback at the application phase due to the high volume of responses. However, we do share individual feedback following an interview. A Disability Confident employer will generally offer an interview to any applicant who discloses a disability and meets the minimum criteria for the job as defined by the employer. For more details please visit the Disability Confident website: https://www.gov.uk/government/collections/disability-confident-campaign.
#J-18808-Ljbffr