Directorate - Security and Information Directorate (SID)

Data Protection Strategic Lead G7


Job Description

Job Title

Data Protection Strategic Lead

Group Profile

Data Protection Team

Grade

G7

Overview of SIG

SID is part of the Service Transformation Group. The Group oversees the building of a strategic vision for modernising and digitising our legacy systems, generating a coordinated plan across the MoJ and its agencies for transformation, and tracking delivery of this transformation.

Security and information management are fundamental building blocks of enabling the department to deliver. We have highly skilled experts working collaboratively with the department, Government Security Group and other partners to enable the whole of the MoJ to function securely, lawfully and transparently.

We identify, manage, and mitigate MoJ’s security, data protection and information risks, and provide assurance against those risks. We’re also home to the Counter Fraud Centre of Expertise. Part of our mission is to up-skill the department so that security becomes second nature to our people and partners.

Team Profile

The remit of the Data Protection Team covers Headquarters, the five Executive Agencies and 12 Arm’s Length Bodies.


Their work includes:


  1. Monitoring and overseeing compliance with data protection legislation and MoJ personal data policies

  2. Advising on Data Protection Impact Assessments

  3. Acting as the point of contact with the Information Commissioner’s Office

  4. Receiving requests from data subjects who wish to exercise their rights to - access, restrict, rectify or erase - their personal data

Summary

The Role 

We’re recruiting a Data Protection Strategic Lead here at MoJ (Ministry of Justice) Security and Information Governance Group, to be part of our warm and collaborative Data Protection Team. 


Knowledge and information are the lifeblood of the MoJ. They can transform the way we deliver public services as well as the relationship between government and public. It is important for the Department to show that we are capable of handling information carefully as well as making it readily available and widely accessible wherever we can and should.  Managing information well can have a direct impact on our ability to deliver core services to our customers. 


The Security and Information Governance Group is responsible for helping business groups across the department manage and use personal information in a manner compatible with the law.  Its core function is to promote compliance with the Data Protection Act (DPA) 21018 and the UK General Data Protection Regulation across policies, projects, processes and services which involve personal data, through the provision of bespoke advice, training and guidance to business areas. 


Reporting to a Deputy Data Protection Officer you will have a leading role in contributing to improvements to the way the department manages its personal data including responsibility for promoting adherence to and providing guidance across a vast spectrum of business areas on information legislation; you will also be part of the management of high impact incidents involving personal data. 

 

Responsibilities,

Activities and Duties

The job holder will be required to carry out the following responsibilities, activities, and duties:


Key Responsibilities of the role: 

  • Provide advice and guidance on data protection issues for the MoJ and to make decisions on whether to report data breaches to the ICO. 

  • Contribute to regular commissions from Government departments to identify the most critical activities and likely risks. 

  • Act as point of contact for several of the MoJ’s Executive Agencies and Arm’s Length Bodies and the central workstreams covering commercial and contract management, HR, finance and digital/ technology functions. Generating a common interpretation of emerging cross-government guidance, to provide specific interpretations to cultivate a strong MoJ approach towards achieving compliance. 

  • Explore and promote critical deliverables on a department-wide basis.

  • Maintaining relationships with appropriate teams / stakeholders in support of delivering UK GDPR/DPA18 compliance across MoJ technology systems.

  • Providing compliance advice and guidance on:

    • The transparency requirements of the UK GDPR and the DPA18 

    • Data Protection-by-design and default throughout the data journey and across multiple platforms. 

    • The ability of the Department to evidence proactive supplier management and compliance, with expected standards (as a data controller). 

    • A long-term compliance plan for information held within systems across the MoJ estate, including new and legacy systems. 

    • An incident management process for data incidents and assessing whether data breaches should be reported to the ICO. 

  • Providing in the above in liaison with appropriate technical information assurance professionals within the business including: 

    • The Information Assurance Leads 

    • Senior Information Risk Owners (SIROs) and their delegated Information Asset Owners (IAOs) 

    • Senior technical and non-technical stakeholders across Government, including Government Digital Service and Open Government Data 

  

  

Person Specification: 

Essential 

The successful role-holder will have: 

  • A current, and constantly renewed, understanding of both UK GDPR and the DPA 18 - especially regarding the processing of data for law enforcement purposes and must be able to recognise, and advise upon, the potential impacts of such on MoJ’s existing and emerging technology systems / projects.

  • A proven track record in developing and leading information assurance strategy in government, including stakeholder engagement, specifically in relation to risk. 

  • Proven leadership experience in an information / data management setting. 

  • Experience and knowledge of existing working practices within government, including technical security advice, risk management, off-shoring, data protection impact assessments, governance and compliance.

  • Proven ability to adapt to changing priorities, and maintain focus and alignment of the team’s activities - including experience of the management of a team of information security / assurance specialists. 

  • Experience of engaging with stakeholders and staff to resolve business issues and ensure effective and efficient delivery of services. 

  • In a comparable business environment, experience of providing evidence based, risk balanced advice to seniors, presenting complex considerations in clear and non-technical terms. 

  • Be an effective communicator, who can; discuss and understand technical security controls or systems alongside security professionals and software developers. 

  • Explain technical concepts to senior leaders and stakeholders. 

  • Communicate risk in a neutral way to allow understanding of impact and likelihood. 

  • Demonstrate strong written and verbal communication skills. 

  • Be capable of thinking in the style of a threat-actor, to avoid complacency or over-confidence in how we defend the Department’s information. 

  • Be passionate about technology, technical transformation and technical information security, where keeping up to date is just part of how you work. 

  

Desirable   

  • A data protection/GDPR qualification e.g. CIPP/E or CIPM. 



This list is at present and is not intended to be exhaustive. The job holder is expected to accept reasonable alterations and additional tasks of a similar level that may be necessary.



Minimum Eligibility

▪ All candidates are subject to security and identity checks prior to taking up post.

▪ All external candidates are subject to a minimum of 6 months’ probation. Internal candidates are subject to probation if they have not already served a probationary period within MoJ.

▪ All staff are required to declare whether they are a member of a group or organisation which MoJ consider to be racist.

Application Process

This vacancy will be assessed using Success Profiles to assess behaviours and technical expertise. The application process will require 250 word STAR format for the identified behaviours, the submission of a CV and a statement of suitability to evidence how you meet the essential and technical criteria required for the role.

In the Civil Service, we use Success Profiles, a flexible framework, to assess candidates against a range of elements using a variety of selection methods, therefore giving you the opportunity to demonstrate the various elements required to be successful in the role.

The sift will be based on the following behaviour:

  • Leadership (lead behaviour)

Leadership will be the lead behaviour, so if there a lot of applicants we will sift solely on this. Note: due to the volume of applications we receive we are unable to provide feedback after the CV review (sift) stage.

Shortlisted candidates will be invited to attend a panel interview and will be requested to deliver a 5-minute presentation with slides to demonstrate their technical analyst skills, plus answer 3 behaviour-based questions.  

  • Delivering at pace - Interview

  • Working together - Interview

Hours of Work/Working Pattern


37 hour working week (standard).




Additional Information

Job Description Additional Information 

We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: https://www.gov.uk/government/organisations/ministry-of-justice/about/equality-and-diversity. 

Introduction 

We’re recruiting a Permanent Data Protection Team Data Protection Strategic Lead here at MoJ (Ministry of Justice) Security and Information Directorate, to be part of our warm and collaborative Data Protection Team.   

Knowledge and information are the lifeblood of the MoJ. They can transform the way we deliver public services as well as the relationship between government and public. It is important for the Department to show that we are capable of handling information carefully as well as making it readily available and widely accessible wherever we can and should. Managing information well can have a direct impact on our ability to deliver core services to our customers.  

The Data Protection Team is responsible for helping business groups across the department manage and use personal information in a manner compatible with the law. Its core function is to promote compliance with the Data Protection Act (DPA) 2018 and the 

UK General Data Protection Regulation across policies, projects, processes and services which involve personal data, through the provision of bespoke advice, training and guidance to business areas. 

Working Arrangements & Further Information 

The MoJ offers Hybrid Working arrangements where business need allows. This is an informal, non-contractual form of flexible working that blends working from your base location, different MoJ sites and / or from home (please be aware that this role can only be worked in the UK and not overseas). Some roles will not be suitable for Hybrid Working. Similarly, Hybrid Working will not suit everyone’s circumstances. Arrangements will be discussed and agreed with the successful candidate(s) and subject to regular review. 

For nationally advertised roles, the successful candidate(s) will be appointed to a MoJ office location, which may include their nearest Justice Collaboration Centre or Justice Satellite Office. This will be discussed and agreed on the completion of pre-employment checks. 

Some of MoJ’s terms and conditions of service are changing as part of Civil Service reform. The changes will apply to staff joining MoJ who are new to the Civil Service. Staff joining MoJ from other civil service employers will transfer onto the new MoJ terms if they are already on 'modernised' terms in their current post or onto 'unmodernised' MoJ terms if they are on 'unmodernised' terms at their current post. Details will be available if an offer is made. 

Flexible working hours 

The Ministry of Justice offers a flexible working system in many offices. 

Benefits 

The MoJ offers a range of benefits: 

Annual Leave 

Annual leave is 25 days on appointment and will increase to 30 days after five years’ service. 

There is also a scheme to allow qualifying staff to buy or sell up to three days leave each year. Additional paid time off for public holidays and 1 privilege day. Leave for part-time and job share posts will be calculated on a pro-rata basis. 

Pension 

The Civil Service offers a choice of pension schemes, giving you the flexibility to choose the pension that suits you best. 

Training 

The Ministry of Justice is committed to staff development and offers an extensive range of training and development opportunities. 

Networks 

The opportunity to join employee-run networks that have been established to provide advice and support and to enable the views of employees from minority groups to be expressed direct to senior management. There are currently networks for employees of minority ethnic origin, employees with disabilities, employees with caring responsibilities, women employees, and lesbian, gay, bisexual and transgender employees.