HM Courts and Tribunals Service

Directorate: Digital Technology Services (DTS)

Pay Band: Grade 7

Job Title: Head of Data Protection Governance and Information Security Policy

Location: London / National

Successful applicants will be expected to be office based 3 days per week in any HMCTS Office (subject to business availability).

Term: Permanent

Interview: Video conference via Teams

Important salary details:

New recruits to the Civil Service joining MoJ are expected to join at the band minimum.

Existing Civil Servants applying on promotion, will usually be appointed on the salary minimum of the new pay band, or receive an increase of 10 percent on the current base salary, whichever is higher (This is restricted to the pay maximum of the new band).

Reserve List:

HMCTS run a Reserve List, where candidates who are unsuccessful at interview by only a few points, can be offered other roles, at the same band, for up to 12 months. You will be able to view your status via the application screen. If you have been added to the Reserve List, your status will show either Merit or Reserve list.

Introduction:

These are exciting times at HM Court and Tribunals Service (HMCTS). As an agency of the MoJ, we support the judiciary across England and Wales to deliver justice by running courts and tribunals and processing outcomes, and we are looking for talented people to help us achieve our ambitions. It will be challenging, important and rewarding.

HMCTS Digital and Technology Services (DTS) is a specialist technology directorate which provides support to HMCTS in the use of IT and Digital.

DTS is committed to being a great place to work and part of our offer is brilliant training opportunities and support from expert colleagues. As well as that you’ll find flexible working, an inclusive culture and a place where your opinion is valued.

Please follow the link below for further information about HMCTS. www.gov.uk/government/organisations/hm-courts-and-tribunals-service

Job Description:

• The post holder will be responsible for ensuring that HMCTS is compliant with all data protection and information legislation and regulation including Data Protection Act 2018, UK GDPR, Public Records Act 1958.

• They will drive a culture of excellence and transparency in how personal data and information assurance is managed across HMCTS. They will be involved in national initiatives that continue to develop the information security and assurance function with regard to delivering services which are compliant with data protection and information obligations.

• They will lead the review and continuous improvement of the HMCTS Information Security Management System (ISMS), to keep pace with all relevant legislative and regulatory developments in the information security and governance landscape.

Key Responsibilities will include:

• You’ll lead a team within the HMCTS Digital and Technology Services directorate to maintain and develop an effective data protection service, defining policy, process and controls to bring a high level of assurance and transparency to how we protect data.

• Lead engagement across jurisdictions to drive HMCTS compliance with Information and records management best practices and legal obligation.

• Foster a collaborative and inclusive team culture. Encourage knowledge sharing and professional development. You will work closely with central Ministry of Justice Data Protection and Information teams to ensure HMCTS is well aligned with central department information governance work.

• You will own and update the HMCTS Information Security Management System (ISMS), which is the central hub for all security policies, standards, processes and guidance and forms the basis of information assurance and governance across HMCTS.

• You will be responsible for data governance products including assurance of Data Protection Impact Assessments, Data Sharing Agreements/Memorandums of Understanding related to HMCTS services and management of a comprehensive risk register.

• Work with relevant Information Asset Owners (IAO) and senior stakeholders across the business and act as an ambassador for governance and assurance, promoting best practice and facilitating upcoming initiatives in the wider organisation.

• Provide high quality data protection advice to all HMCTS jurisdictions, directorates and project teams. Similarly, advising on data protection risks associated with processing personal data.

• Proactively ensure alignment with wider organisational, Civil Service and external governance and assurance regimes. This includes identifying gaps and having awareness of overlaps between different compliance regimes and managing any residual risks or competing requirements.

• Management of Information Risks and Issues to facilitate Senior Information Risk Owner (SIRO) reporting.

• Work with, and attend as necessary, key HMCTS and MoJ information governance boards and sub-committees such as the Technical Architecture Board, Data Protection / Information Security Sub-committees, various Jurisdiction Service Boards and Data Governance Committee.

Essential Skills & Experience:

• Strong understanding and working knowledge of data protection and information related legislation, government frameworks and directives (e.g. Data Protection Act 2018 and UK GDPR).

• Experience of contributing to government assurance regimes.

• Experience of providing strategic and tactical support to senior leaders.

• Experience of engaging with stakeholders and staff to resolve business issues.

• Experience of identifying and managing risk.

Desirable Experience:

• Data Protection qualification at post-graduate level/CIPPE or equivalent.

• Strong working experience of implementing ISO27001 or be a qualified Lead implementer.

Application process:

The following areas of Success Profile Framework will be used to assess and score your application during the sift, and interview.

• Experience - As demonstrated in your application form.

• Strengths - The interview will involve a discussion around 2 strengths.

• Behaviours - You will be required to provide evidence of the following key behaviours at Level 4.

• Leadership - this will be covered via a presentation.

• Making Effective Decisions

• Communicating and Influencing

• Changing and Improving

• Level of Clearance - You will be required to successfully complete Security Clearance (SC) once you are in the role.