Information Governance & Data Protection Caseworker Ref 3721 in Cheltenham

Corporate Services

£37,892, including a concessionary payment of £2,758

Flexible working: As you’ll be working with highly sensitive information, home working is not possible in this role. However, we recognise the importance of a healthy work-life balance, which is why we offer flexible working options, including flexitime, part-time (a minimum of 30 hours per week) full-time, and compressed hours. Travel to London will also be required on an ad-hoc basis, this may range from once a month to once every three months.

GCHQ is an intelligence, cyber and security agency with a mission to keep the UK safe. We use cutting-edge technology, ingenuity, and partnerships to identify, analyse and disrupt threats. Working with our intelligence partners, MI5 and MI6, we protect the UK from terrorism, cyber-attacks, and espionage. At GCHQ, you’ll do varied and fascinating work in a supportive and inclusive environment that places emphasis on teamwork.

The role involves:

• Ensuring GCHQ’s handling of personal data is secure, lawful, and compliant with legislation.
• Completing data protection casework, responding to internal and external enquiries, carrying out sensitivity reviews, and developing compliance arrangements.
• Handling data protection enquiries from colleagues throughout the organisation, advising on questions and concerns as they arise.
• Managing a caseload of data and information requests, reviewing sensitive material to determine what must be redacted, and keeping colleagues informed throughout the process.
• Investigating and providing responses to data breaches, and supporting teams across GCHQ to manage their data effectively through training and guidance.

About you:

• Hold a minimum of a Level 3 qualification, such as an A-level or equivalent in Humanities, Social Sciences, STEM subjects or other disciplines where theoretical knowledge, critical thinking, and academic writing have been demonstrated.
• Relevant experience working with GDPR and data protection, as well as the Freedom of Information Act (FOIA), or in information management or regulatory compliance.
• Familiarity with subject access requests, data breach management, and information disclosure processes.
• Proven ability to assess, redact, and protect highly sensitive material, as well as to advise others on effective and lawful management of personal data.
• Sound judgement, discretion, and integrity are essential.
• Attention to detail is key, particularly when assessing risk and making balanced decisions.
• Effective communication skills are essential for explaining complex data protection and information access requirements to a range of stakeholders.
• Ability to work to deadlines, manage challenging enquiries and oversee a personal caseload of competing priorities.
• A genuine interest in data protection, information rights, or public service, together with curiosity about how an organisation such as ours protects sensitive information while meeting legal responsibilities.
• Openness to learning and development is important, as training will be provided on internal processes.

Training and development:

The role offers structured on-the-job training, particularly during the initial period, with opportunities to shadow experienced colleagues and gradually take responsibility for casework. This includes learning through practical experience, supported by regular guidance, feedback, and mentoring within the team from your assigned buddy. You’ll also have access to departmental training courses, including data protection, security, and organisational processes. There may be opportunities to attend external courses or workshops, where appropriate, to build specialist expertise and support professional development over time.

Rewards and benefits:

• Starting salary of £37,892, comprising a basic salary of £35,134 plus a concessionary payment of £2,758.
• 25 days’ annual leave, automatically rising to 30 days after 5 years’ service, plus an additional 10.5 days of public and privilege holidays.
• Opportunities to be recognised through our employee performance scheme.
• An interest-free season ticket loan.
• A cycle-to-work scheme.
• Facilities such as a gym, restaurant, and on-site coffee bars (at some locations).
• Paid parental and adoption leave.

Equal opportunities:

At GCHQ, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word, those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking, and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including individuals from groups that are under-represented in our workforce, such as women, people from ethnic minority backgrounds, people with disabilities, and those from low socio-economic backgrounds.

Before you apply:

To work at GCHQ, you must be a British citizen, or hold dual British nationality. This role requires the highest level of security clearance, known as Developed Vetting (DV). We have a strict drugs policy; once you start your application, you must not take any recreational drugs, and you’ll be required to declare any previous drug usage at the relevant stage. We expect you to consider the financial implications of living in Cheltenham, as we do not offer relocation costs.