Role Profile

PS Job Description (JD)
PS Band 4
Directorate: Probation Service
Job Description: Regional Information Security and
Assurance Lead

Document Ref.
PS JES 0116 Regional Information Security and Assurance Lead
Document Type
Management
Version
1.0
Classification
Official
Date of Issue
21/12/22
Status
Baselined
Produced by
Job Evaluation Assurance and Support Team
Authorised by
Reward Team
JD Evidence

PS JES 0116 Regional Information Security and Assurance Lead v1.0

PS Job Description
Job Title
Regional Information Security and Assurance Lead
Directorate
Probation Service
Band
4

Overview of the job
The Regional Information Security and Assurance Officer (RISAL) sits within the
Corporate Service function in the Probation Service region and reports directly to the
Head of Corporate Services.

They will have line management responsibility for Information Security related
Project Officers within the region.

The RISAL is the link between the Probation Service region and the HMPPS
Information Security Team.

The geographical base for the RISAL post can be flexible within their regional area and
will require travel across the region and some work in London and other locations.
Summary
The RISAL is responsible for ensuring compliance across all Probation Service units
within the region with all Information Security Policy Framework requirements and
ensuring all quarterly and annual departmental returns are completed and submitted
in an accurate and timely manner on behalf of the Regional Probation Director who is
the Information Asset Owner.

As the Subject Matter Expert, the RISAL will be required to lead investigations into all
security incidents and breaches and report their findings and recommendations in full
to the commissioning manager.

The RISAL will chair and manage the Regional Information Assurance Committee and
will have a seat on the National Information Management Programme Board chaired
by the Business Strategy and Change Lead.
Responsibilities,
The job holder will be required to carry out the following responsibilities, activities
Activities & Duties
and duties:

•  As Subject Matter Expert, the RISAL will be the Lead investigator into information
security incidents and data breaches. They will lead investigations into how
incidents occur and report their findings to the commissioning officer and will
give evidence when required, such as disciplinary hearings.  The RISAL is
responsible for ensuring all recovery actions, both for individuals and for the
Service, following an incident are completed and that lessons are learned and
shared to avoid future incidents across the region. They will update local policy
and best practice guidance to reflect any lessons learned. The RISAL will also be
the Regional Point of Contact for any investigations arising from the Information
Commissioners Office ( ICO).
•  The RISAL is responsible for adapting and regionalising the National Information
Security Policy Frameworks into a robust and embedded local policy to deliver
key milestones.  Through collaboration and consultation with senior leaders
across the region the RISAL will ensure the policy is implemented and embedded.
The RISAL will be the driver, on behalf of the Regional Probation Director, for
culture change around all aspects of the Information Security Policy Framework
and Information Risk, delivering best practice.
•  The RISAL will routinely undertake compliance visits across all sites in the region
and will be responsible for developing and managing the Regional Risk Register
appropriately, managing any emerging risks providing assurance and escalating
risk where required to Regional Probation Director or HMPPS Information
Security. They will identify and agree any necessary recovery actions with the site
lead and monitor progress through to completion.
PS JES 0116 Regional Information Security and Assurance Lead v1.0

•  Cabinet Office commission completion of an annual information security
compliance statement, (Departmental health check), across Government. The
RISAL is responsible for ensuring the ongoing departmental health check is
completed on behalf of the Regional Probation Director, within a timely manner
as stipulated by HMPPS Information Security.  The RISAL will be required to
understand any areas of deficiency within the Region and implement a robust
strategy to improve levels of compliance across the Region.
•  Provide technical expertise to ensure the Regional Probation Director and Senior
Leadership Team understand  their responsibilities as Information Asset Owner
and Information Asset Custodians.
•  Provide  a monthly status report on Security Incidents/Breaches, to the Senior
Leadership Team, including trends and risks analysis and demonstrating actions
and mitigations the RIASL has completed and any further required
recommendations for controls and mitigating actions.
•  Provide technical advice and guidance to Heads of Departments to ensure the
correct information is gathered to develop accurate Information Sharing
Agreements (ISAs) with 3rd party providers and charities.  The RISAL will be
responsible for approving all ISAs on behalf of the Regional Probation Director.
•  The RISAL will have line management responsibility for any Project Officer
resource in the region that has been allocated to the information assurance
ambitions of the region. They will be responsible for oversight of their work,
formal line management of individuals, management of capability and
performance, development of individuals, and day to day supervision of project
officers.
•  Leading on a culture change programme in the Region to ensure a positive
Information Management culture is embedded across the Probation Service
region making all staff are aware of best practice and their individual
responsibility for information security; the RISAL will employ a range of
approaches including developing and issuing bulletins to highlight key messages
on lessons learned and shared best practice and innovative strategies to
maximise impact.
•  Develop and deliver training and awareness sessions on Information Security and
Information Risk Policies and/or best practice and lessons learned.
•  As Subject Matter expert, the RISAL is required to have an in-depth and current
knowledge of all MoJ/HMPPS Information Security and Risk Management
policies,  and  National legislation, i.e. UK GDPR. This will also include in-depth
knowledge and understanding of trends as identified by the Information
Commissioners office (ICO) .  The RISAL will also be required to understand the
role of the National Cyber Security Centre (NCSC) and how they support the work
of HMPPS and other government departments.
•  Direct and drive the  quarterly Regional Information Assurance Committee on
behalf of the Regional Probation Director and attend the monthly National
Information Assurance forum to represent their region, they will be responsible
for disseminating information regionally and engaging with leaders across the
region where there are actions to implement, including the RISAL updating their
Local Information Security Policy Framework and, where applicable, the Regional
Information Assurance Registers.
•  Responsible for ensuring all required Information Sharing Agreements are in
place and are recorded in the relevant systems.  Own and maintain the ISA
database for the region, undertaking routine quality assurance of the ISAs
included on the database, providing reports to senior leadership team and
HMPPS Information Security team as required and commissioned.
•  The RISAL will be required undertake stakeholder engagement across HMPPS,
MoJ, other Government agencies and 3rd party suppliers.   This will be to ensure
that data is being shared and managed appropriately.

The duties/responsibilities listed above describe the post as it is at present and is not
intended to be exhaustive. The job holder is expected to accept reasonable
alterations and additional tasks of a similar level that may be necessary. Significant
adjustments may require re-examination under the Job Evaluation Scheme and shall
be discussed in the first instance with the job holder.
PS JES 0116 Regional Information Security and Assurance Lead v1.0

Behaviours
•  Delivering at Pace
•  Communicating and Influencing
•  Making Effective Decisions
•  Working Together
•  Leadership
Strengths
It is advised strengths are chosen locally, recommended 4-8.

Ability
•  IT proficient across the suite of MS Office applications
•  Excellent verbal and written communication skills
•  Delivery of presentations to staff groups and individuals
Experience
•  Awareness and understanding of information management and security
•  Awareness of General Data Protection Regulations (GDPR)
•  Experience in analysing and interpreting data and information
•  Experience of writing reports and presenting data and information
•  Experience of presentations to staff groups and individuals
•  Working with internal and external stakeholders
Technical
•  Post holders will be required to undertake the following external training as
part of this role:
-
UK GDPR Practitioner
-
Records Management
-
Information Assurance for Small and Medium enterprises.(IASME)
governance
-
ISO 2700 1 internal auditor
Minimum Eligibility
•  All candidates are subject to security and identity checks prior to taking up post.
•  All external candidates are subject to 6 months’ probation.  Internal candidates are
subject to probation if they have not already served a probationary period within
HMPPS.
•  All staff are required to declare whether they are a member of a group or
organisation which HMPPS consider to be racist.

Hours of Work

(Unsocial Hours)
Allowances

PS JES 0116 Regional Information Security and Assurance Lead v1.0

Success Profile

Strengths

Behaviours
It is advised strengths
Ability
Experience
Technical
are chosen locally,
recommended 4-8
Delivering at Pace

IT proficient across the
Awareness and understanding of
Post holders will be required to
suite of MS Office
information management and
undertake the following external
applications
security
training as part of this role:
-
UK GDPR Practitioner
-
Records Management
-
Information Assurance for Small and
Medium enterprises.(IASME)
governance
-
ISO 2700 1 internal auditor
Communicating and Influencing

Excellent verbal and
Awareness of General Data

written communication
Protection Regulations (GDPR)
skills
Making Effective Decisions

Delivery of presentations  Experience in analysing and

to staff groups and
interpreting data and information
individuals

Working Together

Experience of writing reports and

presenting data and information

Leadership

Experience of presentations to staff
groups and individuals

Working with internal and external

stakeholders

PS JES Regional Information Security and Assurance Lead v1.0