Data Protection and Risk Analyst
About CEF:
CEF is a global electrical wholesaler, providing electrical products to people in the industry known for its extensive range of products and commitment to customer service. Founded in 1951 in the United Kingdom, it has since expanded to over 1,000 locations across multiple countries, including the United States, Canada, Australia, and Europe.
We in IT are delivering value to our business and our customers with the innovative solutions that enable our business to better serve our customers today and in the future. We recognise that technology and data are at the forefront of this.
Our Global IT team deliver a portfolio of transformative work, expand our digital options, upgrade and future-proof our systems to place us at the forefront of the marketplace.
To do this, we need talented and creative people across all areas to join us in delivering our evolution to enable our forward-thinking business over the next few years and beyond, and this is where you come in...
Life as a Data Protection and Risk Analyst at CEF:
As a Data Protection Risk Analyst at CEF, you will play a crucial role in supporting the business's compliance and risk management efforts. Working within the Information Security Team, you’ll collaborate closely with our Data Protection Officer and Governance and Compliance Manager to ensure the organisation remains compliant with data protection regulations and mitigates risks effectively.
Your contributions will be vital in alleviating workload pressures, streamlining processes, and enhancing our Information Security posture.
This role is ideal for someone who is detail-oriented, proactive, and eager to develop expertise in both data protection and risk management within a dynamic, collaborative team. You'll also be part of ongoing projects to ensure CEF maintains compliance with various information security frameworks such as ISO 27001, PCI DSS, and Cyber Essentials.
Your Objectives:
- In this role, you’ll split your time between supporting data protection and risk management efforts:
- Data Protection Objectives (50%)
- Manage Subject Access Requests (SARs) and Right to be Forgotten requests.
- Handle compliance-related inquiries, such as police requests for CCTV footage and legal data inquiries.
- Support the screening and completion of Data Protection Impact Assessments (DPIAs).
- Provide administrative support to ensure CEF complies with Data Protection legislation.
- Risk Management Objectives (50%)
- Assist with maintaining and updating the EMEA Information Security Risk Register.
- Support PCI renewal and Cyber Essentials recertification processes.
- Help manage phishing simulations, KPI reporting, and information and security risk remediation efforts.
- Maintain and develop the AI risk catalogue and contribute to achieving security standard certifications.
- Liaise with multiple IT teams to monitor and address cybersecurity risks.
- Assist with customer security questionnaires and responses to support compliance efforts.
- Draft regular security communications to raise awareness of information security best practices.
Essential Skills & Experience:
- Experience handling Subject Access Requests (SARs) and Right to be Forgotten requests.
- Familiarity with GDPR compliance requirements and related legislation.
- Understanding of risk management processes, including maintaining risk registers and conducting risk assessments.
- Strong communication skills and the ability to engage professionally with stakeholders across the business.
- Understanding of cybersecurity frameworks such as ISO 27001, PCI DSS, and Cyber Essentials.
- Ability to work independently and manage sensitive data with discretion and confidentiality.
Beneficial Skills and Experience:
- Knowledge of the NIST Security Framework.
- Experience supporting audits and compliance efforts for ISO 27001, ISO 42001, and PCI DSS.
- Recognised certifications related to information security, risk management or data protection.
Location:
- Whilst this role is predominantly home based, you must be willing to travel to Durham and other UK sites as and when required.
Interview Process:
- Call with Talent Acquisition
- Microsoft Teams Video Call with Data Protection Officer and Governance, Risk and Compliance Manager
- Microsoft Teams Video Call with Head of Information Security (EMEA) and Head of Information Security (North America)
Package:
- Competitive basic salary
- Annual IT Bonus scheme
- MySavings - Employee Discount Platform
- Pension: 3% ee’e / 3% e’er (Total 6%)
- Champion Health – a comprehensive physical, mental & financial wellbeing platform, offering bespoke content on all aspects of wellbeing & life including recipes, workouts, blogs and loads of other content for you
- Free use of the state-of-the-art private gym at our award winning IT Headquarters
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
