The Data Protection Monitoring & Compliance Analysts (DPMCA) key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent, detect, and mitigate loss of personally identifiable information (PII) in accordance with UK GDPR and the Data Protection Act 2018. The DPMCA will work with Subject Matter Experts across Ofgem, typically within Corporate Services, to: Ensure that new project and existing projects within Ofgem are protecting personal have considered and are mitigating risks to personal data by: Guiding the completion review and signoff by the DPO of Data Protection Impact Assessments (DPIAs) and having in place annual plans to ensure annual reviews by the business owners. Engaging and guiding on controls required for Data Sharing Agreements with both OGDs and suppliers. Act as the first point of contact and consultation for business teams launching new efforts, providing innovative thinking on the best ways to protect privacy, ensuring governance and compliance and mitigating risks during the planning, researching, and designing phases. Create monthly reporting to the DPO on progress on delivery of work, highlighting risks and issues, breach metrics and areas of non-compliance with the business. Deliver annual reviews and updates of Data Protection Policies within Ofgem ensuring stakeholder engagement and buy in. Ensuring alignment to any changes from legislation or the ICO. The DPMCA will formally report to the Ofgem Data Protection Officer (DPO) and support both the DPO and Departmental Records officer (DRO) as required. Key Responsibilities The DPMCAs key responsibility is to identify and conduct an ongoing programme of work to ensure that business is protecting, through defined controls, personal data and compliance with UK GDPR, the Data Protection Act 2018 and Ofgem Privacy Policies. In order to discharge this effectively they will need to: Understand and have experience of giving advice to business areas on how to mitigate risk to processing personal data and legal basis for processing. Working closely with the Data Protection Officer (DPO, and providing support where required in relation to sign off of DPIAs and DSAs) Understand risk and vulnerabilities spanning physical, personnel and technical controls, that might lead to potential non-compliance with UK GDPR and the Data Protection Act 2018; Working with the Head of Assurance and Security Advisor (SA); Understand the spectrum and sensitivity of Ofgem Data, associated risk and apply this to a prioritised programme; Working closely with the Departmental Records Officer (DRO), including providing support to cover absences and unavailability. Accordingly, the DPMCAs role will interact with key personnel within SPaR, but also wider personnel in Corporate Services, in relation to formulation and conduct of the overall programme. There will also need to be interaction with Ofgem staff and line managers in relation to specific findings, which will (at times) be sensitive and require careful handling. Accordingly, the role will necessitate achieving SC clearance. Key Outputs and Deliverables Construction and delivery of a continuous programme of monitoring and compliance work ensuring the business does not expose personally identifiable data relating to Ofgem and its stakeholders; Production of monthly reports spanning: Progress against plans; Trends; Risk; Investigations; Recommendations. Other products as required as requested by the DPO and DRO, including providing cover through periods of unavailability. Key Stakeholder Relationships External and Internal Primarily the DPO and DRO, but extending as required to SpaR, wider corporate teams, and specific Ofgem staff and line management as required. Person specification Role Criteria Essential: Experience of business operations within Ofgem, or a comparable environment. Good understanding of HMG Policies, UK GDPR, The Data Protection Act 2018 and their application. Experience of analysing information, identifying risks arising, and priority actions needed, within the context of Information risk, and specifically loss of confidentiality, relating to instances of unsanctioned or uncontrolled data egress. A strong track record of engaging, advising and influencing across an organisation, whilst projecting credibility and self-assurance ideally with some experience of Data Protection and Information and Records Management. Strong demonstration of drafting capability, both for individual reports, but also dashboard reporting spanning metrics and risk Able to achieve and maintain SC Clearance Desirable: Experience of supporting an organisations Data Protection Officer (DPO); Departmental Records Officer (DRO); and wider Security team. Practical understanding and application of Data Loss Prevention (DLP) and wider monitoring techniques and applications. Behaviours We'll assess you against these behaviours during the selection process: Seeing the Big Picture Communicating and Influencing Managing a Quality Service Technical skills We'll assess you against these technical skills during the selection process: Please refer to the Candidate Pack and Role Profile attached for full details. Benefits Alongside your salary of 34,123, OFGEM contributes 9,885 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. Ofgem can offer you a comprehensive and competitive benefits package which includes; up to 30 days annual leave. Excellent training and development opportunities. The opportunity to join the Civil Service pension arrangements which include a valuable range of benefits. Flexible working hours and family friendly policies. Restaurant and subsidise gym (London only). Interest free season ticket loan. Things you need to know Artificial intelligence Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use. Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills. When you press the Apply now button, you will be asked to complete personal details (not seen by the sift panel), and upload a CV of no more than 2 pages. You will then be asked to provide a 1250 word personal statement evidencing how you meet the essential skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential skills and capabilities. Please refer to Civil Service candidate advice on the acceptable use of Artificial intelligence within the recruitment and selection process - Artificial intelligence and recruitment, Civil Service Careers The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [ https://www.cifas.org.uk/fpn ]. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window). Apply and further information This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative. The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window). Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact : Name : Sandra Segal Email : recruitment@ofgem.gov.uk Recruitment team Email : recruitment@ofgem.gov.uk Attachments Candidate Pack_445452 Opens in new window (pdf, 1304kB) Terms and Conditions Apr25 Opens in new window (pdf, 335kB) Role Profile Data Protection Monitoring Compliance Analyst_FEB26 Opens in new window (pdf, 141kB)