Data Protection and Information Security Officer Job at Department for Education – in Bristol
Higher Executive Officer
DFE – Education and Skills Funding Agency – Customer Experience, Digital and Data
Type of role
Knowledge and Information Management
Flexible working, Full-time, Job share, Part-time
Number of posts
Bristol, South West, BS1 6EH : Coventry, West Midlands, CV1 2WT : Darlington, North East, DL1 5QE : Manchester, North West, M1 2WD : Nottingham, East Midlands, NG1 6HJ : Sheffield, Yorkshire and the Humber, S1 2FJ
About the job
The Education and Skills Funding Agency (ESFA) is the agency accountable for funding education and training for children, young people and adults. ESFA is an executive agency, sponsored by the Department for Education (DfE).
Do you have a passion for delivering excellent customer service, helping and supporting colleagues, protecting and managing data and information, and improving processes? Do you have an interest in or experience of working within a data protection, information security or information management setting, and are you willing to undertake appropriate training? If so, we would like to hear from you.
We are looking for a committed and enthusiastic HEO to join the ESFA’s new Data Protection and Security (DPS) team. This is an exciting opportunity to help shape the agency’s approach to data protection and information security. The newly formed DPS team provides expert knowledge, advice and support to colleagues across the ESFA on data protection and security issues as they arise, often within tight timescales. The team also supports the ESFA Senior Information Risk Owner (SIRO) in discharging their responsibilities for information risk and leads the agency’s data protection, and information and records management functions.
You will support the team in undertaking key activities to ensure ESFA information rights, data sharing responsibilities and information assets are managed in accordance with data protection law, and departmental and government policy. You will play an important part in the way the ESFA manages its personal data, including promoting compliance with legislation and helping develop an aware, secure, and compliant agency.
The role will involve regular interaction with a wide range of internal stakeholders such as Information Asset Owners/Managers, senior managers, service owners and cross-cutting policy leads. You will encourage teams to adopt a data protection by design culture to enable lawful delivery of a customer centric agency that can support, develop and fund education and skills provision for everyone.
The role is varied and will involve:
- Responsibility for discrete areas of work or activity
- Problem-solving, including making recommendations and decisions
- Carrying out research and analysis
- Making judgements and carrying out assessments
- Generating ideas and solutions
- Writing and editing communications and correspondence
- Briefing customers and partners
- Providing advice, guidance and support
- Monitoring compliance and record-keeping
We are recruiting to a number of posts and successful candidates will be expected to have a range of skills, knowledge and experience in order to work flexibly across the team. Individual responsibilities will be determined once successful candidates are confirmed, taking into consideration your individual skills, knowledge and experience. Collectively, DPS HEOs will:
- Proactively establish and maintain positive relationships with stakeholders and offer advice and support on information assets, data protection, data sharing and information security.
- Investigate and respond to a variety of data protection and security related enquiries and requests for assistance from ESFA staff, senior managers, customers, and other government departments.
- Support the ESFA’s network of Information Asset Owners, Information Asset Managers, Records Management leads and Business Continuity leads.
- Have oversight of the Information Asset Register and Record of Processing Activity (RoPA), providing communications and reporting on information risks.
- Support colleagues in response to security incidents and data breaches, including writing clear incident reports and making accurate records of mitigating activities.
- Contribute to the agency’s compliance with data protection law, including providing case specific advice and guidance on ESFA data protection queries.
- Coordinate, collate and write responses for ESFA Subject Access Requests (SARs) and other information rights requests made under data protection law.
- Support and facilitate the centralisation of ESFA data sharing activity and coordinate, update and monitor ESFA Data Sharing Agreements.
- Monitor DSP and cross-cutting data protection, security and information risks.
- Support the ESFA Departmental Records Officer in responding to queries regarding data retention and records, managing records storage, overseeing the agency’s archive and compliance with the Public Records Act, and liaising with stakeholders.
- Ensure timely collection and dissemination of content for ESFA Security and Business Continuity Board meetings.
- Create communications, including writing content for the intranet and training and awareness raising activities for example.
- Provide ad-hoc support for the DPS Senior Management Team.
Experience in the following areas will be essential and we will look at these as part of the selection process:
- Providing excellent administrative and organisational support, demonstrating your ability to deliver work on time and to a high standard, consistently meeting targets, effectively planning and prioritising.
- Delivering excellent written and verbal communications.
- Interpreting and explaining complex issues clearly to all stakeholders.
- Working independently and with others to solve problems, resolve issues and improve practices.
In addition to the above, you will also need to provide evidence of your experience in at least one of the following areas:
- Experience of providing support, advice and guidance.
- Experience of working in data protection and/or information security.
- Delivering training, awareness raising activities and/or communications activities.
- Creating policies, guidance, processes, and other resources to support colleagues, customers and stakeholders.
- Managing information and records (e.g. to comply with the Public Records Act).
Training and development, including optional Apprenticeship to support development.
Training will be provided to develop successful candidates’ knowledge and skills in these areas. We anticipate that a percentage of a person’s time will be spent developing their knowledge about the Knowledge and Information Management, and the Digital, Data and Technology professions.
Successful candidates will also have the opportunity to undertake an appropriate higher-level apprenticeship (i.e. level 5, 6 or 7). Appropriate apprenticeship opportunities available will be discussed and agreed with successful candidates once in post. For more information about this, please contact the vacancy contact detailed below.
Applicants currently holding a permanent post in the Civil Service should note that, if successful, their salary on appointment would be determined by the Department’s transfer / promotion policies.
As a member of the DfE, you will be entitled to join the highly competitive Civil Service Pension Scheme, which many experts agree is one of the most generous in the UK.
You will have 25 days leave, increasing by 1 day every year to a maximum of 30 days after five years’ service. In addition, all staff receive the Queen’s Birthday privilege holiday and 8 days’ bank and public holidays.
We offer flexible working arrangements, such as job sharing, term-time working, flexi-time and compressed hours.
As an organisation, which exists to support education and lifelong learning, we offer our staff excellent professional development opportunities.
Company: Department for Education –
Company Location: Bristol