The Role

Reporting to the Data Protection Strategic Lead, you will have a leading role in contributing to improvements to the way the Department manages its personal data. This includes having responsibility for promoting adherence to and providing guidance across a vast spectrum of business areas on data protection legislation. You will also be part of the management of high impact incidents involving personal data.

SID is part of the Service Transformation Group. The Group oversees the building of a strategic vision for modernising and digitising our legacy systems, generating a coordinated plan across the MoJ and its agencies for transformation, and tracking delivery of this transformation.

Overview of SID 

Security and information management are fundamental building blocks of enabling the department to deliver. We have highly skilled experts working collaboratively with the department, Government Security Group, Government Knowledge and Information Management profession and other partners to enable the whole of the MoJ to function securely, lawfully and transparently.

We identify, manage, and mitigate MoJ’s security, data protection and information risks, and provide assurance against those risks. We’re also home to the Counter Fraud Centre of Expertise. Part of our mission is to up-skill the department so that security becomes second nature to our people and partners.

Team Profile  

The remit of the Data Protection Team covers Headquarters, the five Executive Agencies and 12 Arm’s Length Bodies.  

Their work includes: 

1. Monitoring and overseeing compliance with data protection legislation and MoJ personal data policies 

2. Advising on Data Protection Impact Assessments 

3. Acting as the point of contact with the Information Commissioner’s Office 

4. Receiving requests from data subjects who wish to exercise their rights to - access, restrict, rectify or erase - their personal data 

Key Responsibilities include:

• Act as principle point of contact for a number of the Ministry of Justice’s (MoJ) component agencies/organisations and central workstreams; providing expert advice and guidance on the application of data protection legislation in their business area and particular circumstances. You will have to deal with complex issues and will need to be able to produce accurate advice on compliance matters quickly and to a high standard.

• Contribute to commissions from within the business and cross-government, to help ensure the proper application of data protection law and reliance on appropriate legal gateways to data processing mindful of the potential risks and outcomes associated with such.

• Review and advise upon Data Protection Impact Assessments (DPIAs), Data Sharing Agreements and Memoranda of Understanding to mitigate privacy risks and advise on potential solutions and changes to processes/policies proposed to aid both their legal and practical application.

• Build and maintain excellent working relationships with key colleagues in the MoJ, its executive agencies as well as with other government departments.

• The role also provides the opportunity to draft a range of written communications including advice and submissions to senior officials and Ministers. You may also have to draft clear letters and other correspondence setting out the legal position in the context of the circumstances in each case to stakeholders and the public.

Person Specification

Essential

• A current working knowledge and understanding of both the UK GDPR and DPA 2018. You must be able to recognise, and advise upon, the potential impacts of the law on the MoJ’s existing and emerging technology systems/projects.

• A proven track record in developing and leading data protection strategy in government, including stakeholder engagement, specifically in relation to risk,

• Proven leadership experience in a data protection setting.

• Experience and knowledge of existing working practices within government, including technical security advice, risk management, off-shoring, data protection impact assessments, governance and compliance.

• Proven ability to adapt to changing priorities and maintain focus and alignment of the team’s activities - including experience of the management of a team of information security/assurance specialists.

• Experience of engaging with stakeholders and staff to resolve business issues and ensure effective and efficient delivery of services.

• In a comparable business environment, experience of providing evidence based, risk balanced advice to seniors, presenting complex considerations in clear and non-technical terms.

• A data protection/GDPR qualification e.g. CIPP/E or CIPM

Desirable

• Experience of working in a large and complex organisation

• Experience of delivering training

• Experience responding to requests under the Freedom of Information Act and Parliamentary Questions

Civil Service Success Criteria

In the Civil Service, we use Success Profiles, a flexible framework, to assess candidates against a range of elements using a variety of selection methods, therefore giving you the opportunity to demonstrate the various elements required to be successful in the role. 

Shortlisting Criteria

The sift will be based on the following behaviours: 

1. Working together 

2. Communicating and Influencing 

Communicating and Influencing will be the lead behaviour, so if there are a lot of applicants we will sift solely on this. 

Technical: A data protection/GDPR qualification e.g. CIPP/E or CIPM

Selection process details 

All candidates must submit a CV and answer a question (in no more than 500 words) which demonstrates the key behaviours required for the role. 

Question:

You have been asked to prepare a persuasive brief demonstrating why the organisation’s executives should take data protection seriously.

NB: Due to the volume of applications we receive we are unable to provide feedback after the CV review (sift) stage. 

Interview Criteria

At the interview, we will be assessing your technical/specialist skills and experience, testing your ability through a scenario assessment and asking you questions around two behaviours we require to be successful in this role:

1. Managing a Quality Service 

2. Delivering at pace 

Technical:

1. A current, and constantly renewed understanding of both UK GDPR and DPA 2018.

Vacancy close - Wednesday 2^nd July

Please note the interview dates will be Wednesday 16^th, Friday 18th and Monday 21st July.