Group Privacy & Security GRC Lead

Our Business:

Glen Dimplex is a privately-owned international group headquartered in Ireland across four main product areas: Heating & Ventilation, Consumer Appliances, Flame and Precision Cooling. We are one of the world's leading manufacturers of electric heating appliances and a global leader in the development and delivery of low carbon solutions for space and water heating, cooling, and ventilation.  

Our Purpose is to be leader in the transition to a sustainable world by empowering our customers in their everyday lives. This purpose drives our teams in the work we do to help customers transition through using our products and services.

The Role:

The Group Privacy and Security GRC Lead is responsible for overseeing the Glen Dimplex Group GRC program across both Data Privacy and Cyber Security. This includes aligning our strategy to industry frameworks and regulatory requirements, building out policies that align with risk appetite and ensuring appropriate governance is in place across the Group. The role will own and drive the data protection / privacy programme and the cyber security governance programme

and will provide support and advice on ongoing compliance activities across all entities in the Group. The role is standalone, reporting to the Group CITO / COO and will be required to work with Privacy Sponsors, Security Leads, and other stakeholders across the Group.

Responsibilities:

• Oversee the Human Risk Management function as it relates to all aspects of Data Privacy and Cyber Security by developing and nurturing a positive culture through setting the appropriate tone, organising staff training and awareness programmes, briefings, and managing the staff induction process.


• Provide expert advice and support to Group business units in relation to all data privacy matters.


• Own and chair the Group Data Privacy Forum to influence, guide and support Group business units in relation to good practice data privacy and security.


• Conduct ongoing review and update of all policies as required in GRC suite including cyber security, data protection policies, privacy statements, processing agreements and other privacy records.


• Manage Data Subject Access Requests and advise and support Group business units with the process.


• Advise on investigation and notification of data breaches, conduct risk assessments, and act as the main point of contact with the Data Protection Commissioner’s office or other relevant supervisory authority as required on all data protection issues, complaints and queries.


• Work closely with the Group Cyber Security function to ensure consistent, complimentary data security governance approach and associated policy, protections and communications.


• Be a key stakeholder in the Cyber Security Forum with input into Cyber Security Governance


• Conduct appropriate security and privacy due diligence for relevant third-party suppliers and support and advise business units in the Group with third party due diligence activities.


•  Begin process for ISO 27001 certification


• In conjunction with key stakeholders across the Group business units, further develop data asset inventories and records of processing and implement agreed data classification and data retention policies across the Group.


• Provide guidance and support on the DPIA process to all Group businesses, assist with conducting DPIAs and managing and remediating any risks which are identified.


•  Monitor and ensure ongoing compliance with data protection requirements, regulations and best practice and report to senior leaders and the executive on key data protection compliance metrics and compliance status.


• Keep up to date on all matters about data privacy and data protection law and application.


• Any other ad hoc duties that arise from time to time.

Our Values:

At Glen Dimplex we are strongly committed to providing equal employment opportunities for all.