We’re Hiring – System Integration & Support Manager

System Integration & Support Manager

Location: Newbury & Client Sites

Passionate about customer success? Tenacious about support? Driven to do what’s needed, not what’s easy? If the answer to these is yes then Exonar could be the the perfect home for you!

We’re on the lookout for a smart, motivated manager to lead our system integration and support team to help our customers achieve great things!

Over the last year we have grown our customer base and product extensively and have ambitious plans for 2019. As a result the team is relatively new so you’ll need a vision for the best customer experience and the drive to make that happen.

Our platform uses a mix of big data, machine learning and other cool tech to understand & manage information simply, instantly and at scale. It’s deployed as part of a large information governance, data discovery and GDPR programmes – this is why we’ve combined support and system integration.

You’ll have a small technical team working with you but don’t panic – there’s a large engineering team to back that up and a client consulting team to help customers get the best out of the platform once it’s deployed.

It doesn’t matter if you’re an old hand, new to the game or looking to get away from the corporate grind – what matters to us most is your attitude.

Exonar Culture

Exonar is a fun and friendly place to work, benefitting from a start up culture and the opportunity to work with and learn from a fantastic group of colleagues. You will be working on new challenges every day and will find yourself pushing the boundaries of your knowledge and developing new skills frequently.

A huge benefit of working for Exonar is the flexibility you’ll have in developing yourself and shaping your role. You will work with a supportive and close knit team, and will have responsibility for delivering client success and the opportunity to drive the growth of the company from day one.

If you are motivated by solving complex problems with out of the box thinking, and providing solutions that deliver real results, you’ll enjoy Exonar.

Did we mention, there’s a gin club started by the CEO? Don’t be surprised, we also have:

  • Regular company BBQ’s and social events
  • Time for hackathons / meetups / industry events
  • Exonar university
  • Espresso Machine/Beer Fridge/Soft drinks
  • Small office on the side of the canal in picturesque Newbury
  • Anything else you want to start – poker night and standup paddle board club have been rumoured!

For more details and an initial chat, please get in touch.

Responsibilities

  • Lead the System Integration and Support team.
  • Own the end to end support and system integration process ensuring that clients get an excellent level of service.
  • Move the customer interaction from a fix-it to a drive-it approach.
  • Innovate and contribute to the uptake of the Exonar platform.
  • Ensure we take lessons from the frontline into product development and company processes.
  • Build up an internal / customer facing knowledge base.
  • Shift the conversation and mindset – we don’t have problems, we have customers!

Required profile, skills and experience

You’ll demonstrate experience in customer facing positions; managing service delivery, system integration and support will come as second nature to you and you’ll have:

  • A career history within the Technology/Software industry
  • Experience implementing systems and processes
  • Experience managing, coaching and growing teams
  • Working with and configuring customer facing ticketing systems.
  • Managing SLA’s and KPIs
  • A Tech-Savvy approach and interests
  • Experience leading and driving support and system integration projects in a technical / product environment.

If this is the role for you please send your CV with a covering letter to tim.cutland@exonar.com

 

Aviate, Navigate, Communicate – Concord Compliance post-GDPR

2018 has been a horror for aviation and data breaches. British Airways, Cathay Pacific, Air Canada, Delta Airlines and Arik Air all fallen victim to major data breaches. In the case of British Airways, a 15-day cyber attack in July compromised 244,000 credit card details. The breach sparked a criminal inquiry by the National Crime Agency (NCA) and BA now faces a maximum fine of nearly £500 million, with the Information Commissioner’s Office (ICO) investigating the incident.

Why is aviation a high risk sector?

Airlines, airports and their service providers process millions of passenger, crew and employee information, customer lists, details of business contacts and sensitive business information across hundreds of jurisdictions. The complex and international nature of aviation and the detailed nature of the personal data required to participate, often across national borders, make aviation an attractive target to attackers, and a difficult one to defend by security professionals.

How should Data Protection Officers react?

According to the Federal Aviation Agency, pilots are given the following priorities: Aviate, Navigate, Communicate. Data Protection programmes within aviation can be analogously prioritised in the same way:

Aviate

“The top priority — always — is to aviate. That means fly the airplane by using the flight controls and flight instruments to direct the airplane’s attitude, airspeed and altitude. The instruments directly in front of the pilot provide important information on how well the pilot is doing with respect to basic aircraft control”

For a Data Protection Officer, basic aircraft control means being able to answer: ‘What data do I have? Where is it? Who has access to it? How is it secured?’. With an oversight of data, DPOs can then start to develop insight.

For that initial oversight, data discovery technology is being turned to as the answer. According to the 2018 EY-International Association of Privacy (IAPP) Information Governance report:

  • Amongst companies preparing for GDPR, 57% are investing in technology in 2018, up from 27% in 2016.
  • 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.

As the aviation industry comes under increasing scrutiny for the security of its data practices, the minimum that is expected is for those at the helm to have an accurate oversight of their data.

Navigate

Figure out where you are and where you’re going. Turn oversight into insight.

For data protection officers, navigation is about understanding where privacy risk lies, and what needs to be done to mitigate it. Is it in the sales and marketing platform with 8 million passengers? The HR department with the pilots’ files? The partnership programme with the right to work documentation?

Understanding privacy risk means understanding the context of data. To do this, DPOs need to ensure that the uses of data are legitimate, that the reasons for processing are documented, and that the processes are mapped and understood.

  • 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.

By mapping the business process, DPOs can develop a real, intuitive understanding of where privacy risk lies in the organisation, mapped to a business process that is described in language that the rest of the organisation can understand.

Communicate

Make sure your passengers are aware of standard safety procedures and know what to do in the event of an emergency landing.

Once you’ve mapped your data to your business processes, you can articulate expected data practices for each of those processes, allowing you to deliver tailored training for data protection for your different sets of employees.

The better the oversight and insight into the data estate by the DPO, the better communicated the messages for data protection will be.

In 2018, periodic training and manual data audits have their limits. With new solutions available, creating rules within a data discovery technology to automatically monitor for acts of non-compliance is the way to give the DPO the level of oversight and insight needed to best protect data.

For concord compliance: aviate, navigate, communicate.

John Tsopanis
Data and Privacy Director, Exonar

We’re Hiring – Are you our new Client Consultant?

Client Consultant

Location: Newbury & Client Sites

If you want to work at a fast-paced technology and customer driven company, then look no further than Exonar. We’re on the lookout for smart motivated individuals to join our client consulting team to help our customers achieve great things!

We use a mix of big data, machine learning and other cool tech to understand and manage information simply, swiftly and at scale.

A typical week might find you: showing off our tech to a CTO/CIO; shaping a privacy/data discovery program alongside data protection officers and CISOs; working with information security experts, analysts, project/programme managers; and in-between you’ll be finding new ways to improve our technology and the client experience.

We’re looking for a mix of skills and experience in the team ranging from pre-sales, post sales, consulting and project management. You’ll have a knack for communication, be interested in technology and have a mind for business.

It doesn’t matter if you’re an old hand, new to the game or looking for that opportunity to get away from the corporate grind – what matters to us most is your attitude – we want you to be a passionate, hands-on and integral member of our growing team.

Exonar Culture

Exonar is a fun and friendly place to work, benefitting from a start up culture and the opportunity to work with and learn from a fantastic group of colleagues. You will be working on new challenges every day and will find yourself pushing the boundaries of your knowledge and developing new skills frequently.

A huge benefit of working for Exonar is the flexibility you’ll have in developing yourself and shaping your role. You will work with a supportive and close knit team, and will have responsibility for delivering client success and the opportunity to drive the growth of the company from day one.

If you are motivated by solving complex problems with out-of-the-box thinking, and providing solutions that deliver real results, you’ll enjoy Exonar.

Did we mention, there’s a gin club started by the CEO? Don’t be surprised, we also have:

  • Regular company BBQs and social events
  • Time for hackathons/meetups/industry events
  • Exonar University
  • Espresso machine/beer fridge/soft drinks
  • Small office on the side of the canal in picturesque Newbury
  • Anything else you want to start – poker night and standup paddle board clubs have been rumoured!

Role Description – the detail bit

The Exonar solution is uniquely placed to enable organisations to understand the content and intent of the data they hold. We use machine learning and big data technology to ingest, index and organise data at scale often as part of large information governance, data discovery and privacy programmes.

Following a period of rapid growth and investment, we are seeking a client consultant to engage with existing and prospective clients as part of the client consulting team. You’ll be acting as an advisor focusing on customer pains, challenges and objectives and linking that to a solution (technology, services & consulting) that will deliver a business outcome for our clients.

You will have excellent client facing skills and be able to draw on your pre-sales, delivery and technical knowledge to drive success for our clients. if you’re a self-starter, passionate about customers and comfortable working in a fast-paced matrix environment then this is a fantastic opportunity to work with leading edge technology and high-profile clients in a growing sector.

Responsibilities

  • Act as the lead role between technical, commercial teams and the customer, taking ultimate responsibility for client success.
  • Be a go-to solution expert for direct and partner sales teams. Responding to requests for information, proposals and solution clarifications.
  • Deliver technical presentations, workshops, product demonstrations, proof of concepts and pilots.
  • Work directly with clients’ personnel to lead deployments, define project deliverables and use the Exonar platform to translate business issues into logical data searches and analysis.
  • Contribute to training materials for clients, partners and Exonar personnel.
  • Collaborate as part of a close team to drive the growth of the company, contributing in any way possible toward the greater success of our company and our clients.

Required profile, skills and experience

  • Enjoy working with customers; leading, advising and challenging them in their business processes and solution design.
  • Experience of working with multiple clients in a consultative environment.
  • Experience of working with business applications, a good grasp of technology and ability to understand technical concepts when designing solutions for clients.
  • Knowledge and/or experience of Information or Cyber Security, Risk Management, eDiscovery Privacy or Information Governance and Compliance will be beneficial.
  • Experience of working as part of technology and business transformation projects with knowledge of the typical delivery, support and integration challenges in enterprise clients.
  • Technical awareness e.g. operating systems, cloud computing (Azure, AWS), data types (CSV, XML, JSON), database technologies and storage.

If this is the role for you please send your CV with a covering letter to tim.cutland@exonar.com

 

Would Espionage at the Marriott mean the Maximum GDPR Fine?

Marriott Hotels recently announced that 500 million residents of its Starwood subsidiaries were affected by a data breach. 327 million of those residents were reported to having had ‘some combination’ of their arrival and departure information, passport numbers and account information accessible by an attacker from 2014 to 2018. Encrypted credit card details were also taken in the breach, with Marriott yet to confirm whether the keys for decryption were also taken.

Why is this breach so serious?

Persistent access to the database, particularly to “arrival and departure information”, would have allowed the attackers to view the travel schedules of millions of clientele as they stayed in luxury hotels across the world. With a number of commentators suggesting espionage as a potentially powerful motivation behind the attack, this breach has been talked about as a security issue as much as a privacy issue.

It seems today (December 7th) that those fears took one step closer to reality.

Reuters have reported that an investigative team that’s looking into the Marriott Breach found “hacking tools, techniques and procedures” that are associated with hacking groups working for Chinese intelligence.
www.msn.com

Espionage and intelligence gathering is believed to be the motive behind the attack because the hackers were inside the database for so long, and only took copies of the names, addresses, passport details and in some cases, credit card information, in 2018.

This suggests that access to the system would have been of value for intelligence gathering purposes, although the report also suspects that multiple groups of cyber criminals may have had access to the database, making it difficult to attribute this breach solely to China.

How will this play out under the GDPR?

When European regulators assess the privacy impact of this breach the possibility of millions of European residents’ planned locations being surveilled over a 4 year period will be a difficult one to provide mitigation for, especially if security controls are proven to be substandard.

With government officials, industry lobbyists, and senior executives from around the world using the luxury Starwood hotel chain, the citizens affected by this breach are citizens who are much more likely to attract attempted acts of surveillance, extortion or blackmail, and this raises both individual and national security concerns.

For European regulators, there are two serious harms to reckon with:

  • Millions of individuals whose privacy and security were compromised over a 4 year period, and whose personal information has been taken by potentially multiple cyber criminal groups
  • Threats to national security if proven that the motivation behind the attack was for surveillance reasons by a nation state

With lawsuits filed we may see the first truly large GDPR fine for this breach. The maximum fine has been estimated at £117m (4% of global revenue) and if the regulators find evidence of negligent data practices, there are enough potential harms to enough citizens that could justify its levy.

For citizens affected this breach is difficult to reckon with and it might be time to ask whether we can place a price on a data breach that affects individual privacy and national security in this way.

For data privacy and information governance professionals this breach poses serious questions about our ability to govern and protect data of this detail at this scale. Is some data too big to protect or is it that we’re not taking the issue of protecting it seriously enough? If it’s the former then the priority for innovation has to shift from ‘let’s do big data’ to ‘let’s avoid too big data’. This would mean a recession in data practices. If it’s the latter then this is a wake up call for organisations to discover and protect the data they process. Citizens’ right to privacy and security must come first.

John Tsopanis
Data and Privacy Director, Exonar

The Era of the Technology Enabled DPO has Begun

Confucius once said ‘Life is really simple, but we insist on making it complicated.’ One can only imagine Confucius’ reaction to a roundtable with a DPO, CISO and CIO in 2018. ‘You connected what, why?’ ‘You understand this behaviour, how?’ ‘Robots are storing information, why, how and where?’

Staring bleary-eyed back at Confucius the tech leaders might retort, ‘We aren’t making it complicated, we are the ones managing complexity.’

Herein lies the reality for the technology leader in 2018; the advance of technology lies outside of our control, and like the frog in the boiling pot, the heat to protect critical data is starting to bubble, with little support for upgrading the more resistant capabilities of those who find themselves in the pot.

In a search for that extra protection, DPOs in particular are turning to technology, and here’s how.

The Era of the Technology Enabled DPO has Begun

The 2018 EY-International Association of Privacy (IAPP) study showed that 56% of businesses believe they are not entirely GDPR compliant with 20% of businesses believing full compliance is impossible.

To understand how DPOs are turning to technology to close the compliance gap, let’s look at how spending on data privacy/GDPR compliance has changed over the past few years.

The EY-IAPP report has a few telling statistics in this regard:

  • Amongst companies preparing for GDPR 57% are investing in technology in 2018, up from 27% in 2016.
  • 68% of programme leaders now say data inventory and mapping is a priority, up from 48% in 2016.
  • IT and Information Security are now responsible for housing 30% of GDPR/information governance programmes up from 14% in 2016.
  • Right to Be Forgotten and Subject Access Requests were voted the two most difficult GDPR obligations to fulfil. Both currently rely on manual data discovery processes across multiple applications and platforms.

The observed compliance gap, alongside the shift away from human-resource spending to technology spending, suggests that the problem of data discovery, compliance and security is one whose solution supersedes the capabilities of even the best-intentioned human resources.

At the same time the number of DPOs are on the rise, with DPO vacancies up a staggering 700% from 2 years ago.

We can learn two things from this:

  • Data Protection Officers are turning to technology to help discover and protect data
  • Despite the increase in technology uptake, the human role of directing technology is more important and involved than ever.

And so the era of the technology enabled DPO has begun. Fortunately, technology for DPOs seeks for the most part to automate manual process, making the marriage between humans and tech in data protection truly Cyborgian in nature.

This marriage should seem intuitive as the first role of any newly appointed DPO is to answer, ‘What data do I have? Where is it? Who has access to it? How is it secured?’. It’s unrealistic for Data Protection Officers to be literally hands-on with data in 2018 hence smart data discovery and control tools coming to the fore.

So what technology solutions can help?

Data discovery and compliance technologies like Exonar in the UK have emerged in the past 18 months with plug in and play solutions for automated enterprise data discovery where previously none existed. The solutions discover data automatically to create accurate, real-time, classified inventories of information that allow DPOs to see a full breakdown of data and its sensitivity across an organisation, enabling DPOs to govern and protect data effectively.

Through the marriage of DPOs and data discovery technologies, data protection programmes can instantly become much more achievable, accurate, and less work for those involved. The era of the technology enabled DPO has begun.

https://iapp.org/media/pdf/resource_center/IAPP_EY_Gov_Report_2018.pdf

John Tsopanis
Data and Privacy Director, Exonar