Data Protection Strategic Lead in City of Westminster

Overview

SID is part of the Service Transformation Group. The Group oversees the building of a strategic vision for modernising and digitising our legacy systems, generating a coordinated plan across the MoJ and its agencies for transformation, and tracking delivery of this transformation.

Security and information management are fundamental building blocks of enabling the department to deliver. We have highly skilled experts working collaboratively with the department, Government Security Group and other partners to enable the whole of the MoJ to function securely, lawfully and transparently. We identify, manage and mitigate MoJ's security, data protection and information risks, and provide assurance against those risks. We are also home to the Counter Fraud Centre of Expertise. Part of our mission is to up‑skill the department so that security becomes second nature to our people and partners.

The remit of the Data Protection Team covers Headquarters, the five Executive Agencies and twelve Arm's Length Bodies. Their work includes monitoring and overseeing compliance with data protection legislation and MoJ personal data policies, advising on Data Protection Impact Assessments, acting as the point of contact with the Information Commissioner's Office and receiving requests from data subjects who wish to exercise their rights to access, restrict, rectify or erase their personal data.

We are recruiting a Data Protection Strategic Lead to be part of our warm and collaborative Data Protection Team. Reporting to a Deputy Data Protection Officer, the role will play a leading part in improving how the department manages personal data, including the promotion of adherence to and provision of guidance across a vast spectrum of business areas on information legislation, and be part of the management of high‑impact incidents involving personal data.

Responsibilities

• Provide advice and guidance on data protection issues for the MoJ and to make decisions on whether to report data breaches to the ICO.
• Contribute to regular commissions from Government departments to identify the most critical activities and likely risks.
• Act as point of contact for several of the MoJ's Executive Agencies and Arm's Length Bodies and the central workstreams covering commercial and contract management, HR, finance and digital/technology functions. Generate a common interpretation of emerging cross‑government guidance, and provide specific interpretations to cultivate a strong MoJ approach towards achieving compliance.
• Explore and promote critical deliverables on a department‑wide basis.
• Maintain relationships with appropriate teams and stakeholders in support of delivering UK GDPR/DPA18/DUAA25 compliance across MoJ technology systems.
• Providing compliance advice and guidance on:
  • The transparency requirements of the UK GDPR and the DPA18.
  • Data Protection‑by‑design and default throughout the data journey and across multiple platforms.
  • The ability of the Department to evidence proactive supplier management and compliance, with expected standards (as a data controller).
  • A long‑term compliance plan for information held within systems across the MoJ estate, including new and legacy systems.
  • An incident management process for data incidents and assessing whether data breaches should be reported to the ICO.
• Providing in the above in liaison with appropriate technical information assurance professionals within the business including:
  • The Information Assurance Leads.
  • Senior Information Risk Owners (SIROs) and their delegated Information Asset Owners (IAOs).
  • Senior technical and non‑technical stakeholders across Government, including Government Digital Service and Open Government Data.
• Job holder is expected to accept reasonable alterations and additional tasks of a similar level that may be necessary.

Qualifications

• A current and constantly renewed understanding of both UK GDPR and the DPA18/DUAA25 – especially regarding the processing of data for law enforcement purposes and the ability to recognise and advise upon the potential impacts of such on MoJ's existing and emerging technology systems/projects.
• A proven track record in developing and leading information assurance strategy in government, including stakeholder engagement, specifically in relation to risk.
• Proven leadership experience in an information / data management setting.
• Experience and knowledge of existing working practices within government, including technical security advice, risk management, off‑shoring, data protection impact assessments, governance and compliance.
• Proven ability to adapt to changing priorities and maintain focus and alignment of the team's activities – including experience of the management of a team of information security / assurance specialists.
• Experience of engaging with stakeholders and staff to resolve business issues and ensure effective and efficient delivery of services.
• In a comparable business environment, experience of providing evidence‑based, risk‑balanced advice to seniors, presenting complex considerations in clear and non‑technical terms.
• Be an effective communicator, able to discuss and understand technical security controls or systems alongside security professionals and software developers.
• Explain technical concepts to senior leaders and stakeholders.
• Communicate risk in a neutral way to allow understanding of impact and likelihood.
• Demonstrate strong written and verbal communication skills.
• Be capable of thinking in the style of a threat‑actor, to avoid complacency or over‑confidence in how we defend the Department's information.
• Be passionate about technology, technical transformation and technical information security, where keeping up to date is part of how you work.
• A data protection/GDPR qualification (e.g., CIPP/E or CIPM).

Desirable Qualifications

• Experience of providing data protection advice within a law enforcement or criminal justice environment.
• Experience of advising on the responsible and lawful use of emerging technologies, AI governance and data ethics.

Working Pattern

37‑hour working week (standard). The role is offered with Hybrid Working arrangements where business need allows. All employees will be expected to spend a minimum of 60% of their working time in an office, subject to local estate capacity. Hybrid Working is not suitable for all circumstances and will be discussed and agreed with the successful candidate.

Security Checks

Baseline Personnal Security Standard (BPSS).

Benefits

• Annual leave: 25 days on appointment, increasing to 30 days after five years’ service, plus up to three days buy/sell each year and additional paid time off for public holidays and one privilege day.
• Pension: choice of Civil Service pension schemes.
• Training: extensive range of staff development and training opportunities.
• Networks: employee‑run networks for minority ethnic origin, employees with disabilities, employees with caring responsibilities, women employees and LGBT+ employees.
• Family friendly policies such as opportunities to work reduced hours or job share.
• Access to flexible benefits such as voluntary benefits, retail vouchers and discounts on a range of goods and services.
• Paid paternity, adoption and maternity leave.
• Free annual sight tests for employees who use computer screens.