Directorate - Security and Information Directorate (SID)

Data Protection Manager SEO


Job Description

Job Title

Data Protection Manager

Group Profile

Data Protection Team

Grade

SEO

Overview of SID

SID is part of the Service Transformation Group. The Group oversees the building of a strategic vision for modernising and digitising our legacy systems, generating a coordinated plan across the MoJ and its agencies for transformation, and tracking delivery of this transformation.

Security and information management are fundamental building blocks of enabling the department to deliver. We have highly skilled experts working collaboratively with the department, Government Security Group and other partners to enable the whole of the MoJ to function securely, lawfully and transparently.

We identify, manage, and mitigate MoJ’s security, data protection and information risks, and provide assurance against those risks. We’re also home to the Counter Fraud Centre of Expertise. Part of our mission is to up-skill the department so that security becomes second nature to our people and partners.

Team Profile

The remit of the Data Protection Team covers Headquarters, the five Executive Agencies and 12 Arm’s Length Bodies.


Their work includes:


  1. Monitoring and overseeing compliance with data protection legislation and MoJ personal data policies

  2. Advising on Data Protection Impact Assessments

  3. Acting as the point of contact with the Information Commissioner’s Office

  4. Receiving requests from data subjects who wish to exercise their rights to - access, restrict, rectify or erase - their personal data

Summary

The Role

Reporting to the Data Protection Strategic Lead you will have a leading role in contributing to improvements to the way the department manages its personal data including responsibility for promoting adherence to and providing guidance across a vast spectrum of business areas on information legislation; you will also be part of the management of high impact incidents involving personal data.


Responsibilities,

Activities and Duties

The job holder will be required to carry out the following responsibilities, activities, and duties:

Key Responsibilities include:


  • Act as principle point of contact for a number of the MoJ’s component agencies/ organisations and central work-streams; providing expert advice and guidance on the application of data protection legislation in their business area and particular circumstances. You will have to deal with complex issues and will need to be able to produce accurate advice on compliance matters quickly, to a high standard.

  • Contribute to commissions from within the business and cross-government, to help ensure the proper application of data protection law and reliance on appropriate legal gateways to data processing mindful of the potential risks and outcomes associated with such.

  • Review and advise upon Data Protection Impact Assessments (DPIAs) and data sharing agreements / memorandums produced (or in production) to mitigate privacy risks and advise on potential solutions and changes to processes / policies proposed to aid both their legal and practical application.

  • Build and maintain excellent working relationships with key colleagues in the Ministry, its executive agencies as well as with other government departments.

  • The role also provides the opportunity to draft a range of written communications including advice and submissions to senior officials and Ministers. You may also have to draft clear letters and other correspondence setting out the legal position in the context of the circumstances in each case to stakeholders and the public.

Person Specification


Essential


  • A current working knowledge and understanding of both the GDPR and DPA 2018 and must be able to recognise, and advise upon, the potential impacts of such on MoJ’s existing and emerging technology systems / projects.

  • A proven track record in developing and leading information assurance strategy in government, including stakeholder engagement, specifically in relation to risk,

  • Proven leadership experience in an information / data management setting.

  • Experience and knowledge of existing working practices within government, including technical security advice, risk management, off-shoring, data protection impact assessment, governance and compliance.

  • Proven ability to adapt to changing priorities and maintain focus and alignment of the team’s activities - including experience of the management of a team of information security / assurance specialists.

  • Experience of engaging with stakeholders and staff to resolve business issues and ensure effective and efficient delivery of services.

  • In a comparable business environment, experience of providing evidence based, risk balanced advice to seniors, presenting complex considerations in clear and non-technical terms.


Desirable


  • A data protection/GDPR qualification e.g. CIPP/E or CIPM



This list is at present and is not intended to be exhaustive. The job holder is expected to accept reasonable alterations and additional tasks of a similar level that may be necessary.



Minimum Eligibility

▪ All candidates are subject to security and identity checks prior to taking up post.

▪ All external candidates are subject to a minimum of 6 months’ probation. Internal candidates are subject to probation if they have not already served a probationary period within MoJ.

▪ All staff are required to declare whether they are a member of a group or organisation which MoJ consider to be racist.

Application Process

This vacancy will be assessed using Success Profiles to assess behaviours and technical expertise. The application process will require 250 word STAR format for the identified behaviours, the submission of a CV and a statement of suitability to evidence how you meet the essential and technical criteria required for the role.

The sift will be based on the following behaviours:

  • Communicating and Influencing

  • Working together


Communicating and Influencing will be the lead behaviour, so if there a lot of applicants we will sift solely on this.


The interview will be based on the following behaviours:

  • Delivering at pace

  • Managing a Quality Service



Selection process details

  • All candidates must submit a CV and Statement of Suitability (of up to 1000 words) which demonstrates the key behaviours required for the role.

Note: due to the volume of applications we receive we are unable to provide feedback after the CV review (sift) stage.

At the interview we will be assessing your technical/specialist skills and experience, testing your ability through relevant assessments and asking you questions around the behaviours we require to be successful in this role.

Hours of Work/Working Pattern


37 hour working week (standard).

▪ All external candidates are subject to a minimum of 6 months’ probation. Internal candidates are subject to probation if they have not already served a probationary period within HMPPS.

▪ All staff are required to declare whether they are a member of a group or organisation which MoJ consider to be racist.