Are you OK with cookies?

We use small files called ‘cookies’ on Some are essential to make the site work, some help us to understand how we can improve your experience, and some are set by third parties. You can choose to turn off the non-essential cookies. Which cookies are you happy for us to use?

Administration / Corporate Support

Regional Information Security and Assurance Lead – 68904
£30,812 – £38,289 + London weighting allowance of £4,006


We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit:

Overview of the job

The Regional Information Security and Assurance Officer (RISAL) sits within the Corporate Service function in the Probation Service region and reports directly to the Head of Corporate Services.

They will have line management responsibility for Information Security related Project Officers within the region.

The RISAL is the link between the Probation Service region and the HMPPS Information Security Team.

The geographical base for the RISAL post can be flexible within their regional area and will require travel across the region and some work in London and other locations.


The RISAL is responsible for ensuring compliance across all Probation Service units within the region with all Information Security Policy Framework requirements and ensuring all quarterly and annual departmental returns are completed and submitted in an accurate and timely manner on behalf of the Regional Probation Director who is the Information Asset Owner.

As the Subject Matter Expert, the RISAL will be required to lead investigations into all security incidents and breaches and report their findings and recommendations in full to the commissioning manager.

The RISAL will chair and manage the Regional Information Assurance Committee and will have a seat on the National Information Management Programme Board chaired by the Business Strategy and Change Lead.

Responsibilities, Activities & Duties

The job holder will be required to carry out the following responsibilities, activities and duties:

  • As Subject Matter Expert, the RISAL will be the Lead investigator into information security incidents and data breaches. They will lead investigations into how incidents occur and report their findings to the commissioning officer and will give evidence when required, such as disciplinary hearings. The RISAL is responsible for ensuring all recovery actions, both for individuals and for the Service, following an incident are completed and that lessons are learned and shared to avoid future incidents across the region. They will update local policy and best practice guidance to reflect any lessons learned. The RISAL will also be the Regional Point of Contact for any investigations arising from the Information Commissioners Office ( ICO).
  • The RISAL is responsible for adapting and regionalising the National Information Security Policy Frameworks into a robust and embedded local policy to deliver key milestones. Through collaboration and consultation with senior leaders across the region the RISAL will ensure the policy is implemented and embedded. The RISAL will be the driver, on behalf of the Regional Probation Director, for culture change around all aspects of the Information Security Policy Framework and Information Risk, delivering best practice.
  • The RISAL will routinely undertake compliance visits across all sites in the region and will be responsible for developing and managing the Regional Risk Register appropriately, managing any emerging risks providing assurance and escalating risk where required to Regional Probation Director or HMPPS Information Security. They will identify and agree any necessary recovery actions with the site lead and monitor progress through to completion.
  • Cabinet Office commission completion of an annual information security compliance statement, (Departmental health check), across Government. The RISAL is responsible for ensuring the ongoing departmental health check is completed on behalf of the Regional Probation Director, within a timely manner as stipulated by HMPPS Information Security. The RISAL will be required to understand any areas of deficiency within the Region and implement a robust strategy to improve levels of compliance across the Region.
  • Provide technical expertise to ensure the Regional Probation Director and Senior Leadership Team understand their responsibilities as Information Asset Owner and Information Asset Custodians.
  • Provide a monthly status report on Security Incidents/Breaches, to the Senior Leadership Team, including trends and risks analysis and demonstrating actions and mitigations the RIASL has completed and any further required recommendations for controls and mitigating actions.
  • Provide technical advice and guidance to Heads of Departments to ensure the correct information is gathered to develop accurate Information Sharing Agreements (ISAs) with 3rd party providers and charities. The RISAL will be responsible for approving all ISAs on behalf of the Regional Probation Director.
  • The RISAL will have line management responsibility for any Project Officer resource in the region that has been allocated to the information assurance ambitions of the region. They will be responsible for oversight of their work, formal line management of individuals, management of capability and performance, development of individuals, and day to day supervision of project officers.
  • Leading on a culture change programme in the Region to ensure a positive Information Management culture is embedded across the Probation Service region making all staff are aware of best practice and their individual responsibility for information security; the RISAL will employ a range of approaches including developing and issuing bulletins to highlight key messages on lessons learned and shared best practice and innovative strategies to maximise impact.
  • Develop and deliver training and awareness sessions on Information Security and Information Risk Policies and/or best practice and lessons learned.
  • As Subject Matter expert, the RISAL is required to have an in-depth and current knowledge of all MoJ/HMPPS Information Security and Risk Management policies, and National legislation, i.e. UK GDPR. This will also include in-depth knowledge and understanding of trends as identified by the Information Commissioners office (ICO) . The RISAL will also be required to understand the role of the National Cyber Security Centre (NCSC) and how they support the work of HMPPS and other government departments.
  • Direct and drive the quarterly Regional Information Assurance Committee on behalf of the Regional Probation Director and attend the monthly National Information Assurance forum to represent their region, they will be responsible for disseminating information regionally and engaging with leaders across the region where there are actions to implement, including the RISAL updating their Local Information Security Policy Framework and, where applicable, the Regional Information Assurance Registers.
  • Responsible for ensuring all required Information Sharing Agreements are in place and are recorded in the relevant systems. Own and maintain the ISA database for the region, undertaking routine quality assurance of the ISAs included on the database, providing reports to senior leadership team and HMPPS Information Security team as required and commissioned.
  • The RISAL will be required undertake stakeholder engagement across HMPPS, MoJ, other Government agencies and 3rd party suppliers. This will be to ensure that data is being shared and managed appropriately.

The duties/responsibilities listed above describe the post as it is at present and is not intended to be exhaustive. The job holder is expected to accept reasonable alterations and additional tasks of a similar level that may be necessary. Significant adjustments may require re-examination under the Job Evaluation Scheme and shall be discussed in the first instance with the job holder.

  • Delivering at Pace
  • Communicating and Influencing
  • Making Effective Decisions
  • Working Together
  • Leadership


  • IT proficient across the suite of MS Office applications
  • Excellent verbal and written communication skills
  • Delivery of presentations to staff groups and individuals


  • Awareness and understanding of information management and security
  • Awareness of General Data Protection Regulations (GDPR)
  • Experience in analysing and interpreting data and information
  • Experience of writing reports and presenting data and information
  • Experience of presentations to staff groups and individuals
  • Working with internal and external stakeholders


Post holders will be required to undertake the following external training as part of this role:

  • UK GDPR Practitioner
  • Records Management
  • Information Assurance for Small and Medium enterprises.(IASME) governance
  • ISO 2700 1 internal auditor


£30,812 - £38,289 (plus a London Weighting Allowance of £4,006)

Additional Information

Working Arrangements & Further Information

The MoJ offers Hybrid Working arrangements where business need allows. This is an informal, non-contractual form of flexible working that blends working from your base location, different MoJ sites and / or from home (please be aware that this role can only be worked in the UK and not overseas). Some roles will not be suitable for Hybrid Working. Similarly, Hybrid Working will not suit everyone’s circumstances. Arrangements will be discussed and agreed with the successful candidate(s) and subject to regular review.  

For nationally advertised roles, the successful candidate(s) will be appointed to a MoJ office location, which may include their nearest Justice Collaboration Centre or Justice Satellite Office. This will be discussed and agreed on the completion of pre-employment checks.

Some of MoJ’s terms and conditions of service are changing as part of Civil Service reform. The changes will apply to staff joining MoJ who are new to the Civil Service. Staff joining MoJ from other civil service employers will transfer onto the new MoJ terms if they are already on ‘modernised’ terms in their current post or onto ‘unmodernised’ MoJ terms if they are on ‘unmodernised’ terms at their current post. Details will be available if an offer is made.

Standard working hours are 37 hours per week excluding breaks which are unpaid. 


The MoJ offers a range of benefits:

Annual Leave

Annual leave is 25 days on appointment and will increase to 30 days after five years’ service, plus public holidays. Leave for part-time and job share posts will be calculated on a pro-rata basis


The National Probation Service is covered by the Local Government Pension Scheme (LGPS) run through the Greater Manchester Pension Fund (GMPF).  Please visit for further information.

Please note: Any current Civil Servant who is a member of the PCSPS, by accepting an offer of employment to the National Probation Services will be opted out of the PCSPS and auto enrolled into the Local Government Pension Scheme.


The Ministry of Justice is committed to staff development and offers an extensive range of training and development opportunities.


The opportunity to join employee-run networks that have been established to provide advice and support and to enable the views of employees from minority groups to be expressed direct to senior management. There are currently networks for employees of minority ethnic origin, employees with disabilities, employees with caring responsibilities, women employees, and lesbian, gay, bisexual and transgender.


All candidates are subject to security and identity checks prior to taking up post


  • A range of ‘Family Friendly’ policies such as opportunities to work reduced hours or job share.
  • Access to flexible benefits such as voluntary benefits, retail vouchers and discounts on a range of goods and services.
  • For moves to or from another employer or moves across the Civil Service this can have implications on your eligibility to carry on claiming childcare vouchers. You may however be eligible for alternative government childcare support schemes, including Tax Free Childcare. More information can be found on GOV.UK or Childcare Choices. You can determine your eligibility at
  • Paid paternity, adoption and maternity leave.
  • Free annual sight tests for employees who use computer screens.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles. Should you feel that the recruitment process has breached the recruitment principles you are able to raise a formal complaint in the following order

The Civil Service embraces diversity and promotes equal opportunities. As a Disability Confident employer, MoJ are committed to providing everyone with the opportunity to demonstrate their skills, talent and abilities, by making adjustments throughout all elements of the recruitment process and in the workplace. MoJ are able to offer an interview to disabled candidates who meet the minimum selection criteria, except in a limited number of campaigns.

You will be able to request reasonable adjustments to the recruitment process within the application form. If you need additional help completing the application form, please contact the SSCL Recruitment Enquiries Team.

We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: