Security Development and Compliance Lead - ONS - SEO

Location

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham) and Manchester.

All colleagues on office-based contracts should be working primarily in their contractually allocated site for at least 40% of their working time. The exception to this is for colleagues based at the Manchester office. Due to current capacity constraints, colleagues based there will only be required to attend the office for 20% of their work time. It is expected Manchester will move to 40% in 2025-2026.

The induction process for the role will be conducted in person.

About the job

Job summary

The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering a range of key economic, social and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution, and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime, and migration.

The role is within the Security Development Compliance and Audit (SDCA) team which forms part of the Security and Information Management (SaIM) directorate. The SDCA team provides an advice service to stakeholders for the complete lifecycle, security and governance of sensitive information stored within data access environments. The SDCA team also acts as an interface between stakeholders to deliver data protection assurance, monitor compliance with security policies and principles as well as provide evidence to stakeholders in support of these functions.

The primary focus of the role will be leading the Security Development and Compliance team in the development and implementation of data protection assurance and audit capabilities, in line with clearly defined security strategy and data protection standards. This also includes advising internal users, stakeholders and Information Asset Owners on compliance and risk associated with use of data. The role includes line management responsibilities for Security Development and Compliance Policy Associates HEO & EO Level.

Job description

The Role

The role supports ONS core security capability, covering service management, assurance and incident response, and provides many opportunities for cross-skilling and development.

The focus, outcomes and responsibilities are primarily aligned to the Government Security Profession Cyber Security Monitoring Lead role, with elements from Corporate Enablers Security Adviser and Process Lead roles.

Responsibilities:

• Developing, owning and implementing effective data protection assurance processes and compliance documentation (e.g. DPIAs, SyOPs, etc.) to meet regulatory and legal requirements.
• Developing and implementing effective security auditing, monitoring and assessment capability for data systems and data use incorporating advice from security and industry best practice.
• Establishing detailed understanding of the nature, scope, context, purposes and risk of data processing by different business areas to provide comprehensive guidance and effective oversight of compliance.
• Developing and promoting effective training, engagement and awareness-raising activities to promote data protection and compliance best practice.
• Investigating non-compliance incidents and breaches in conjunction with Cyber Security and directing mitigating actions.
• Supporting the shaping of the security audit and monitoring strategy, ensuring requirements, policies and standards to govern all activities and outputs are met.
• Supporting Cyber Security in the management of monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents and reviewing analysis of security event data to manage security incident response, reporting, or escalation where appropriate.

Person specification

Essential Criteria:

• Detailed knowledge of data protection legislation and regulations, including understanding of their implementation in different contexts across Government.
• Ability to assess risk of diverse data use cases across multiple business areas advise on mitigations.
• Ability to understand and evaluate threat based on quantitative and qualitative data and recommend protective security measures.
• Ability to effectively manage a team of specialists based across different sites within a dynamic working environment.
• Understanding of UK Government Security Policy Framework and relevant Information Assurance Standards, e.g. ISO 27001, Data Protection Act.
• Ability to work as part of a team in a multi-discipline environment.
• HMG Vetting at Security Clearance (SC) level will be required prior to starting in role.

Desirable Criteria:

• Holding or willing to work towards professional development qualifications within specialist Security discipline g.ISO 27001 Security Auditor etc. 

Behaviours

We'll assess you against these behaviours during the selection process:

• Communicating and Influencing
• Managing a Quality Service
• Leadership
• Working Together

Technical skills

We'll assess you against these technical skills during the selection process:

• Applied Security Capability - Practitioner
• Information Risk Assessment and Risk Management - Practitioner
• Protective Security - Working
• Threat Understanding - Working