3 x Data Protection Officer Vacancies: 2 x Part time DPO (Permanent contract, 2 days per week – flexibility with working pattern) 1 x Part time DPO (Fixed Term Contract - 1 year maternity cover, 1.5 days per week – flexibility with working pattern) Applications are invited for any combination of the above roles. Please specify for which role(s) you wish to be considered, or minimum days for which you wish to be considered, in your covering letter. Single applicants are welcome to apply for multiple roles. Background HEFESTIS is a not-for-profit shared service organisation, jointly owned by member institutions across the University and College sector. It provides shared services to institutions and where applicable to sector owned bodies and support services. Our core vision is "to be the shared service partner of choice for sustainably delivering information services across the Further and Higher Education sector". HEFESTIS has established a successful Data Protection & Governance share service, currently comprising nine Data Protection Officers (DPO’s) and two Information Rights Officers (IRO’s), who serve a large proportion of Further and Higher Education institutions. The DPO-share service is provided as part of this wider offering, in addition to IRO-share and FOI-share services. Each DPO fulfils the statutory obligations of the role for one or more institutions and/or associated bodies. The DPO’s work virtually as a team with the IRO’s, providing a peer network of support, with many years of experience across a variety of backgrounds. This allows individuals to grow professionally as well as providing an effective and resilient resource for our members. The role We have a requirement for a number of Data Protection Officers for a number of our member organisations in Scotland. You will be the named DPO, with a reporting line to an appropriate member of the senior management team at each institution as well as to the HEFESTIS Head of Service. You will be expected to work remotely with occasional on-site visits if required and as agreed with clients. This role will provide the opportunity to guide institutions so that data protection is well-managed, supporting compliance and best practice to protect the privacy rights of data subjects. This role offers the independence and responsibility of a DPO as outlined under UKGDPR, with the benefits of being part of a knowledgeable, experienced, and well-respected team. Assisting with the FOI service as required, with full training to be provided. The key aspects of this role include but are not limited to: • Provide experience, expertise and guidance in data protection law including UKGDPR and the Data Protection Act 2018. • To review and periodically update each institution’s data protection policy and supporting procedures/guidance. • To have knowledge of case law and ICO regulatory action and disseminate this through recommending actions and issuing guidance. • To provide reports to senior management teams, compliance checks and audits. • To achieve a fundamental understanding of the sector, ensuring delivery of pragmatic, proportionate and workable guidance and support. • Participation in operational meetings and advising on the impact of regulations on institutions. • Raise awareness of data protection and provide training to institutional staff as required. • Tailor service delivery by considering each institution’s environment/circumstances. • Contextualise guidance in different functional areas within institutions, ensuring advice is consistent with that provided to other shared service members. • Support and develop data protection tools and templates and share them across DPO-share service and/or utilise tools and templates developed by other DPOs in the Team to maximise efficiency across the service. • Undertake data security incident/breach investigations and report matters to senior management. • Cooperate with and act as a single point of contact for the ICO where appropriate. • Provide a central/single point of contact during an investigation (should an incident/breach impact more than one Member institution). • Available by phone for urgent enquiries (e.g. data incidents/breaches). • Use balanced judgement to prioritise and deal with competing demands. • Provide consistency of advice across institutions as part of the Service team. • Learning about FOI, PECR, and records management to contribute to the HEFESTIS service and client work, including FOI work as required (with appropriate training). The Person The post holder(s) must be able to work as part of the DPO-share service, engaging with and supporting the team to develop the service. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels across your institutions as well as other stakeholders. As such, candidates will be required to demonstrate capability and experience in a significant number of the following areas: Experience and Skills • A detailed knowledge of data protection legislation, including UKGDPR and the Data Protection Act 2018, is essential. • A strong background in data protection, information governance, legislation and/or policy development is essential, preferably with a recognised qualification. • A genuine passion for data protection. • Experience of conducting compliance audits would be beneficial. • An understanding of the Higher and Further Education sector would be beneficial although not essential. • Experience of working in or with the public sector. • Experience, or knowledge, applying FOI law (English or Scottish). Personal • Excellent verbal and written communication and presentation skills. • Analytical background with attention to detail. • Openness, transparency, and the ability to engender trust. • Self-assured and capable. • Skills in negotiating and influencing, with the ability to identify common ground and solutions. • Demonstrable commitment to Equality and Diversity in all aspects of the company’s operation. Terms • 2 x Part time DPO (Permanent contract, 2 days per week) or 1 x Part time DPO (Fixed term contract – maternity cover, 1.5 days per week) flexibility with working patterns. • One person could cover all contracts detailed above, if they wished • Remote (very occasional on-site visits may be required) • Competitive Salary: £38K - £43K per annum which will be prorated for part time hours. • Annual leave: 26 days annual leave plus 14 fixed/floating days per annum pro-rated for part-time hours. • Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts. How to Apply Applications should be made by forwarding your CV and covering letter outlining why you would like to work for HEFESTIS and stating which job you are applying for (along with your preferred working pattern). Closing date for applications is 5pm on Friday the 29th of November. Interviews will likely be held on week commencing 9th December 2024 virtually via Microsoft Teams.