Length of employment: Job Summary: Data is the lynchpin that supports the energy industry and Ofgem has responsibility for protecting sensitive information. We are strengthening our defences to ensure the integrity and confidentiality of the data that powers our critical decisions and are looking for a Data Protection Monitoring & Compliance Analyst to join us and play a vital role in safeguarding our systems, operations, and people. Ofgem is Great Britain's independent energy regulator. We're at the forefront of change across the energy sector, driving toward Net Zero whilst protecting energy consumers - especially vulnerable people. We're offering a permanent opportunity within our Cyber Security directorate, a role that places you right at the heart of our mission to protect not only our data, but the UK's energy infrastructure. You'll help shape our approach to monitoring and compliance, driving improvements that reduce risk and enhance resilience. This is a high-profile post for someone who wants to make a real and lasting impact. You'll have the chance to work in a forward-thinking, nationally significant organisation where your analytical insight and data protection expertise will help prevent data loss and maintain trust in our operations. You'll collaborate with experts across Corporate Services and Security, gaining exposure to a wide range of privacy, information assurance and strategic compliance activity. We're looking for someone with a strong grasp of information risk and governance, a talent for translating findings into clear actions, and a confident, collaborative approach to working with stakeholders. You'll have a keen eye for identifying and addressing vulnerabilities and the communication skills to turn insight into influence. You'll benefit from an excellent rewards package, including flexible working options, and will be enabled to develop your professional portfolio with an array of engaging and critical activities. This is a rare opportunity to step into a role with strategic importance and real scope for personal growth, working with an inclusive and supportive team that values innovation and integrity. We have a critical purpose to prevent the loss or misuse of sensitive information, combating data risk and enhancing our defences across the board. If you're passionate about protecting data and enabling change, we'd love to hear from you. Job Description: The Data Protection Monitoring & Compliance Analyst's (DPMCA) key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent, detect, and mitigate loss of confidentiality or other exposure of Ofgem data. The DPMCA will work with Subject Matter Experts across Ofgem, typically within Corporate Services, to: Determine and address both actual and potential instances of data loss, through: Identifying instances of unsanctioned or uncontrolled data egress; Working with Corporate Services to: address specific issues arising; determine and address root cause, vulnerabilities, and exposure; Support resulting activities including investigations instigated and/or required by corporate and line manager functions. Determine and undertake regular Dashboard reporting at both macro and micro levels, to feed into Risk Management and Governance reporting regimes. Feeding into Risk and Vulnerability Registers; Feeding into weekly and monthly reporting cycles; Reporting ad-hoc in relation to investigatory work, as required by local and corporate management. Construct and undertake a programme of monitoring and compliance that will span: Manual and automated interventions and techniques; Exploitation of existing capabilities; Identification of new and improved tooling and techniques; Embedding - where possible - continuous Audit capabilities across multiple channels, but initially focusing attention on data egress via Email and removable media. The DPMCA will formally report to the Ofgem Data Protection Officer (DPO) and support both the DPO and Departmental Records officer (DRO) as required. Key Responsibilities The DPMCA's key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent loss of confidentiality or other exposure of Ofgem data. In order to discharge this effectively they will need to: Understand reported Data Breaches, root causes, trends, patterns, and potential for recurrence, and apply this to a prioritised programme; Working closely with the Data Protection Officer (DPO, and providing support where required in relation to managing Data breaches, and - essentially - lessons learned. Understand risk and vulnerabilities spanning physical, personnel and technical controls, that might lead to potential non-compliance and loss of confidentiality of data, and apply this to a prioritised programme; Working with the Deputy Security Advisor (DSA); Understand the spectrum and sensitivity of Ofgem Data, associated risk and apply this to a prioritised programme; Working closely with the Departmental Records Officer (DRO), including providing support to cover absences and unavailability. Accordingly, the DPMCA's role will interact with key personnel within SPaR, but also wider personnel in Corporate Services, in relation to formulation and conduct of the overall programme. There will also need to be interaction with Ofgem staff and line managers in relation to specific findings, which will (at times) be sensitive and require careful handling. Accordingly, the role will necessitate achieving SC clearance. Key Outputs and Deliverables Construction and delivery of a continuous programme of monitoring and compliance relating to loss of confidentiality or other exposure of Ofgem data; Production of ad-hoc; weekly and monthly reports and dashboard reporting spanning: Other products as required as requested by the DPO and DRO, including providing cover through periods of unavailability. Ofgem can offer you a comprehensive and competitive benefits package which includes; up to 30 days annual leave. Excellent training and development opportunities. The opportunity to join the Civil Service pension arrangements which include a valuable range of benefits. Flexible working hours and family friendly policies. Restaurant and subsidise gym (London only). Interest free season ticket loan. Role Criteria Essential: Experience of business operations within Ofgem, or a comparable environment. Good understanding of HMG Policies, The Data Protection Act 2018 and their application. Experience of analysing information, identifying risks arising, and priority actions needed, within the context of Information risk, and specifically loss of confidentiality, relating to instances of unsanctioned or uncontrolled data egress. A strong track record of engaging, advising and influencing across an organisation, whilst projecting credibility and self-assurance - ideally with some experience of Data Protection and Information and Records Management. Strong demonstration of drafting capability, both for individual reports, but also dashboard reporting spanning metrics and risk Able to achieve and maintain SC Clearance Desirable: Experience of supporting an organisation's Data Protection Officer (DPO); Departmental Records Officer (DRO); and wider Security team. Practical understanding and application of Data Loss Prevention (DLP) and wider monitoring techniques and applications. When you press the 'Apply now' button, you will be asked to complete personal details (not seen by the sift panel), and upload a copy of your CV anonymising all details where necessary. You will then be asked to provide a 1250 word 'personal statement' evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential and desirable skills and capabilities. The Civil Service values honesty and integrity and expect all candidates to abide by these principles. Ofgem take any incidences of cheating very seriously. Please ensure all examples provided are of your own experience. Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant applications will be withdrawn from the process.