The Serious Fraud Office fights complex financial crime, delivers justice for victims and protects the UK’s reputation as a safe place to do business. We take on the crimes that others cannot tackle, often involving huge sums of money, multiple victims, and significant impacts for the UK economy and global reputation.
Data is at the heart of that mission. The companies and individuals we investigate are increasingly digitised, and so we collect and process large volumes of data in diverse formats throughout the lifecycle of a case. Given the nature of our casework that will include sensitive personal data relating to victims of crime, as well as witnesses, whistle-blowers, members of the public, suspects and law enforcement colleagues. As a data controller we must process all personal data responsibly and in line with relevant legislation, including changes to the data protection landscape implemented through the Data Protection and Digital Information Bill.
The Data Protection Manager role will lead on the SFO’s compliance with UK GDPR and Data Protection Act 2018. You will be responsible for managing the SFO’s privacy management programme and developing the roles, policies and processes that ensure the SFO can protect, manage and exploit personal data lawfully. You will work with colleagues in IT, Security, Governance, Project Delivery, and operational teams to create approaches that embed privacy by design, specifically as part of the adoption of new technologies. You will proactively lead on engagement and refine the process for conducting data protection impact assessments, and manage the team responsible for providing quality advice, guidance and training to SFO staff on data protection and information management. As the Data Protection Manager, you will also create a process for assessing the SFO’s maturity in data protection and provide assurance to senior management on compliance.
Job description
As a Data Protection Manager you will be responsible for:
- Deputising for the SFO’s Data Protection Officer where required
- Maintaining an up to date knowledge of data protection legislation
- Analysing complex problems in a multi stakeholder environment and making effective decisions under pressure.
- Communicating complex technical matters to stakeholders in a meaningful and understandable way relevant to the audience.
- Proactively engaging with the wider business to identify and manage data protection risks, by centrally managing completion of DPIAs and other relevant documentation, as well as undertaking assurance of compliance in line with the ICO’s Accountability Framework and delivering improvement work where gaps are identified.
For more information about the role and for a full list of key responsibilities, please see attached Job Pack.
Person specification
See above and attached Job Pack.
Behaviours
We'll assess you against these behaviours during the selection process:
- Changing and Improving
- Managing a Quality Service
- Communicating and Influencing
Technical skills
We'll assess you against these technical skills during the selection process:
- Recognised qualification (CIPP/E or equivalent) AND/OR expert knowledge and experience of data protection law, including UK GDPR and Data Protection Act 2018
Apply before 11:55 pm on Thursday 30th May 2024
