HM Courts and Tribunals Service

Directorate: Digital Technology Services (DTS)

Pay Band: Grade 7

Job Title: Head of Data Incident Team

Location: London / National

Successful applicants will be expected to be office based 3 days per week in any HMCTS Office (subject to business availability).

Term: Permanent

Interview: Video conference via Teams

Important salary details:

New recruits to the Civil Service joining MoJ are expected to join at the band minimum.

Existing Civil Servants applying on promotion, will usually be appointed on the salary minimum of the new pay band, or receive an increase of 10 percent on the current base salary, whichever is higher (This is restricted to the pay maximum of the new band).

Reserve List:

HMCTS run a Reserve List, where candidates who are unsuccessful at interview by only a few points, can be offered other roles, at the same band, for up to 12 months. You will be able to view your status via the application screen. If you have been added to the Reserve List, your status will show either Merit or Reserve list.

Introduction:

These are exciting times at HM Court and Tribunals Service (HMCTS). As an agency of the MoJ, we support the judiciary across England and Wales to deliver justice by running courts and tribunals and processing outcomes, and we are looking for talented people to help us achieve our ambitions. It will be challenging, important and rewarding.

HMCTS Digital and Technology Services (DTS) is a specialist technology directorate which provides support to HMCTS in the use of IT and Digital.

DTS is committed to being a great place to work and part of our offer is brilliant training opportunities and support from expert colleagues. As well as that you’ll find flexible working, an inclusive culture and a place where your opinion is valued.

Please follow the link below for further information about HMCTS. www.gov.uk/government/organisations/hm-courts-and-tribunals-service

Job Description:

• The post holder will be responsible for ensuring that all HMCTS staff follow the HMCTS framework for information security and provide HMCTS executive team with appropriate, accurate and effective levels of assurance. They will identify and monitor data incidents to address any weaknesses in the framework through supportive and collaborative working with the service providers and stakeholders. They will be expected to resolve complex data incidents using their initiative to develop new solutions or adapting existing ones and will deal with the most difficult cases which cannot be resolved within the normal management process or precedents.

• They will drive a culture of excellence and transparency in how data incidents are managed across HMCTS. They will be involved in national initiatives that continue to develop the information security function with regard to delivering services and improving management information.

Key Responsibilities will include:

1. Incident Response Management:

• Responsible for the investigation of suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken.

• Identify and monitor security incidents and implement robust incident management practice and process.

• Assess the severity and impact of identified incidents, prioritising them based on their potential risks to HMCTS.

• Determine the appropriate response and escalation procedures.

• Conduct thorough investigations into security incidents to identify the root cause and extent of the breach.

• Ensure timely and accurate communication regarding incidents to internal teams, HMCTS executive team, and external parties as necessary.

• Conduct post-incident reviews to identify lessons learned and implement improvements to prevent similar incidents in the future.

2. Team Management:

• Provide guidance, mentorship, and performance feedback to team members.

• Foster a collaborative and inclusive team culture.

• Encourage knowledge sharing and professional development.

3. Stakeholder Collaboration:

• Collaborate with MoJ (and wider Government) cross-functional teams to ensure alignment in incident response efforts.

• Work closely with the MoJ Data Protection Team to ensure compliance with data protection regulations and standards.

• Establish strong relationships with external partners to stay informed about data incident trends and share knowledge.

4. Documentation and Reporting:

• Maintain detailed documentation of incident response procedures, including incident reports, timelines, and actions taken via the HMCTS incident management tool OPTIC.

• Lead in the management of the production of the HMCTS Annual report and prepare quarterly reports to the Audit and Risk Assurance Committee, Serious Incident Forum, Service Excellence Committee, and the Data Protection Sub-Committee.

• Support the SIRO in the development of and compliance with the internal control framework in respect to Data Security.

5. Data Security Awareness training

• Responsible for developing and implementing a training programme for all HMCTS staff to raise information security awareness and build capability by:

• enhancing understanding and ownership across HMCTS, through the delivery of targeted and dedicated training,

• the application of continuous improvement activities,

• effective feedback channels,

• attendance at management meetings and ensuring accessibility to clear and robust information security guidance.

Essential Skills & Experience:

• Proven experience in incident response management and data security, preferably in a leadership role.

• Excellent communication skills with the ability to convey complex data security concepts to all stakeholders across government agencies.

• Strong analytical and problem-solving skills, with a proactive and detail-oriented approach.

• Ability to work under pressure and manage multiple incidents simultaneously.

• Leadership qualities with the ability to inspire and motivate a team.

Desirable Experience:

• Proven experience in incident response management and data security, preferably in a leadership role.

• Relevant certifications (e.g., CISSP, CISM) are a plus.

• Strong understanding of data protection principles, regulations (such as GDPR and DPA), and industry best practices.

• Strong understanding of data breach investigation and information handling.

Application process:

The following areas of Success Profile Framework will be used to assess and score your application during the sift, and interview.

.

• Experience - As demonstrated in your application form.

• Strengths - The interview will involve a discussion around 2 strengths.

• Behaviours - You will be required to provide evidence of the following key behaviours at Level 4.

• Leadership

• Delivering at Pace

• Communicating and Influencing

• Managing a Quality Service

• Level of Clearance - You will be required to successfully complete Security Clearance (SC) once you are in the role.