Job Description
Officially the title is Data Protection and Risk Officer - training will be provided for the risk management part of the role, please get in contact for more details
2-3 days a week in the South Hampshire offices
We are looking for a Data Protection and Risk Officer who will be responsible for managing data protection responsibilities alongside supporting the risk management strategy. This position plays an integral part in providing advice, guidance and training to all staff in support of this well-known UK law enforcement division.
Reporting to the Head of Legal and Governance you will be responsible for providing ongoing advice and guidance to ensure the organisation is legally and procedurally compliant with data protection legislation and operating within a culture of corporate risk management.
You will support the Head of Legal and Governance with management information and using your professional judgement only escalating matters where necessary.
Job Purpose
To provide functional support and delivery to ensure the organisation is:
Legally and procedurally compliant with data protection legislation
Operating within a culture of corporate risk management and promoting compliance with risk management in line with agreed risk appetites
Role Responsibilities
Information Management/Data Protection:
* The post-holder, as the appointed Data Protection Officer will be responsible for monitoring organisational compliance with data protection requirements and providing advice and support to maintain an appropriate level of compliance and accountability escalating where necessary to appropriate senior stakeholders
* Provide advice, guidance and training at all levels of the organisation and across business areas to support the overall level of data protection compliance
* Monitor and report on compliance across the business
* To process Information Rights requests, (FOI), including Subject Access, Objection and Erasure requests, and associated liaison with Data Subjects and relevant third parties
* Coordinate the management of the register of processing activity
* To review and support in the completion of Data Protection impact assessments in line with the UK GDPR and Data Protection legislation and monitor performance of the assessments
* Review and make recommendations on Data Sharing agreements
* Act as the first point of contact for data breaches and conduct any subsequent investigation liaising with Supervisory Authorities as needed.
Risk Management:
* Support the Chief of Staff and Chief Finance Officer with internal audit, including relationship management and reports to the Joint Audit Committee (JAC)
* To contribute to and implement the Risk Management Strategy and appropriate systems
* To monitor performance of the Risk Management Strategy
* Advise the on corporate and external risk factors to aid decision making via a clear risk assessment process
* Monitor the effectiveness of strategy decisions and change programmes via the risk framework
* Monitor and report on the implementation of the 'risk appetite', to aid decisions on organisational Strategy and provide clarity to external bodies
* Work effectively with partnership arrangements to clearly articulate organisational risks, define ownership and inform strategic decisions
* To support and encourage a culture of risk management across the organisation
Organisational Policies and Procedures:
* The post-holder will support the Head of Service to ensure the organisation reviews, maintains and updates its policies and procedures; specifically, the post-holder has responsibility for information management and risk management policies
Person Specification
Essential Qualifications, Knowledge, Skills and Experience:
* Professional knowledge of the Data Protection Act 2018 including the Law Enforcement Directive, the UK-GDPR, and other relevant privacy legislation
* Commitment to completion of a professional qualification such as Practitioner Certificate in Data Protection
* Experience of working in information management, dealing with personal data requests, and handling information in accordance with data protection legislation
* Professional knowledge of Risk Management and the ISO31000 standard
* Experience of applying and working within a Risk Management framework
* Experience of managing and assessing risk and subsequent analysis as part of an organisations risk profile
* Proven ability to act independently in accordance with legislation, policy, procedures and delegated authorities
* Experience of presenting reports and recommending improvements in processes and data recording to comply with national and local requirements to reduce business risk
* Experience of delivering training and an ability to promote a data protection and risk management culture
* Ability to build constructive relationships with staff at all levels of the organisation and with external agencies
* Some political awareness and with the ability to anticipate potential stakeholder / political responses in discharging the responsibilities associated with the post
Desirable Qualifications, Knowledge, Skills and Experience:
* Professional qualification in Data Protection
* Professional qualification in Risk Management
* Member or associate status of a professional body in at least one discipline
Vetting Requirements:
This post is subject to Personnel Vetting. Further information about this process will be provided to successful candidates. Candidates must have resided in the UK for a minimum of 3 years in order for clearance to be obtained.