The Data Protection Monitoring & Compliance Analysts (DPMCA) key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent, detect, and mitigate loss of confidentiality or other exposure of Ofgem data.
The DPMCA will work with Subject Matter Experts across Ofgem, typically within Corporate Services, to:
Determine and address both actual and potential instances of data loss, through:
* Identifying instances of unsanctioned or uncontrolled data egress;
* Working with Corporate Services to:
o address specific issues arising;
o determine and address root cause, vulnerabilities, and exposure;
o Support resulting activities including investigations instigated and/or required by corporate and line manager functions.
Determine and undertake regular Dashboard reporting at both macro and micro levels, to feed into Risk Management and Governance reporting regimes.
* Feeding into Risk and Vulnerability Registers;
* Feeding into weekly and monthly reporting cycles;
* Reporting ad-hoc in relation to investigatory work, as required by local and corporate management.
Construct and undertake a programme of monitoring and compliance that will span:
* Manual and automated interventions and techniques;
* Exploitation of existing capabilities;
* Identification of new and improved tooling and techniques;
* Embedding - where possible continuous Audit capabilities across multiple channels, but initially focusing attention on data egress via Email and removable media.
The DPMCA will formally report to the Ofgem Data Protection Officer (DPO) and support both the DPO and Departmental Records officer (DRO) as required.
Key Responsibilities
The DPMCAs key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent loss of confidentiality or other exposure of Ofgem data.
In order to discharge this effectively they will need to:
* Understand reported Data Breaches, root causes, trends, patterns, and potential for recurrence, and apply this to a prioritised programme;
o Working closely with the Data Protection Officer (DPO, and providing support where required in relation to managing Data breaches, and essentially lessons learned.
* Understand risk and vulnerabilities spanning physical, personnel and technical controls, that might lead to potential non-compliance and loss of confidentiality of data, and apply this to a prioritised programme;
o Working with the Deputy Security Advisor (DSA);
* Understand the spectrum and sensitivity of Ofgem Data, associated risk and apply this to a prioritised programme;
o Working closely with the Departmental Records Officer (DRO), including providing support to cover absences and unavailability.
Accordingly, the DPMCAs role will interact with key personnel within SPaR, but also wider personnel in Corporate Services, in relation to formulation and conduct of the overall programme.
There will also need to be interaction with Ofgem staff and line managers in relation to specific findings, which will (at times) be sensitive and require careful handling. Accordingly, the role will necessitate achieving SC clearance.
Key Outputs and Deliverables
* Construction and delivery of a continuous programme of monitoring and compliance relating to loss of confidentiality or other exposure of Ofgem data;
* Production of ad-hoc; weekly and monthly reports and dashboard reporting spanning:
* Other products as required as requested by the DPO and DRO, including providing cover through periods of unavailability.
Person specification
Role Criteria
Essential:
* Experience of business operations within Ofgem, or a comparable environment.
* Good understanding of HMG Policies, The Data Protection Act 2018 and their application.
* Experience of analysing information, identifying risks arising, and priority actions needed, within the context of Information risk, and specifically loss of confidentiality, relating to instances of unsanctioned or uncontrolled data egress.
* A strong track record of engaging, advising and influencing across an organisation, whilst projecting credibility and self-assurance ideally with some experience of Data Protection and Information and Records Management.
* Strong demonstration of drafting capability, both for individual reports, but also dashboard reporting spanning metrics and risk
* Able to achieve and maintain SC Clearance
Desirable:
* Experience of supporting an organisations Data Protection Officer (DPO); Departmental Records Officer (DRO); and wider Security team.
* Practical understanding and application of Data Loss Prevention (DLP) and wider monitoring techniques and applications.
Behaviours
We'll assess you against these behaviours during the selection process:
* Seeing the Big Picture
* Communicating and Influencing
* Managing a Quality Service
Technical skills
We'll assess you against these technical skills during the selection process:
* Please refer to the Candidate Pack and Role Profile attached for full details.
Benefits
Alongside your salary of 34,123, OFGEM contributes 9,885 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
Ofgem can offer you a comprehensive and competitive benefits package which includes; up to 30 days annual leave. Excellent training and development opportunities. The opportunity to join the Civil Service pension arrangements which include a valuable range of benefits. Flexible working hours and family friendly policies. Restaurant and subsidise gym (London only). Interest free season ticket loan.
Things you need to know
Artificial intelligence
Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
When you press the Apply now button, you will be asked to complete personal details (not seen by the sift panel), and upload a CV of no more than 2 pages.
You will then be asked to provide a 1250 word personal statement evidencing how you meet the essential skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential skills and capabilities.
Please refer to Civil Service candidate advice on the acceptable use of Artificial intelligence within the recruitment and selection process - Artificial intelligence and recruitment, Civil Service Careers
The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [ https://www.cifas.org.uk/fpn ].
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window) .
See our vetting charter (opens in a new window) .
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
* UK nationals
* nationals of the Republic of Ireland
* nationals of Commonwealth countries who have the right to work in the UK
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
* individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
* Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window) .
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .
Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window) .
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job contact :
* Name : Sandra Segal
* Email : recruitment@ofgem.gov.uk
Recruitment team
* Email : recruitment@ofgem.gov.uk
Attachments Role Profile - Data Protection Monitoring Compliance Analyst Opens in new window (pdf, 131kB) Candidate Pack_445452 Opens in new window (pdf, 1304kB) Terms and Conditions Apr25 Opens in new window (pdf, 335kB)