Location

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham), and Manchester.

All colleagues on office-based contracts should work primarily in their contractually allocated site for at least 40% of their working time. The exception is for colleagues based at the Manchester office, who will only be required to attend the office for 20% of their work time due to current capacity constraints. It is expected that Manchester will move to 40% in 2025-2026.

The induction process for the role will be conducted in person.

About the job

Job summary

The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering key economic, social, and demographic topics. These include measuring changes in the UK economy, estimating the size, geographic distribution, and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime, and migration.

The role is within the Security Development, Compliance, and Audit (SDCA) team, which is part of the Security and Information Management (SaIM) directorate. The SDCA team advises stakeholders on the complete lifecycle, security, and governance of sensitive information stored within data access environments. It also acts as an interface between stakeholders to deliver data protection assurance, monitor compliance with security policies, and provide evidence to support these functions.

The primary focus of the role is to lead the Security Development and Compliance team in developing and implementing data protection assurance and audit capabilities, aligned with security strategy and data protection standards. This includes advising internal users, stakeholders, and Information Asset Owners on compliance and risk related to data use. The role includes line management responsibilities for Security Development and Compliance Policy Associates at HEO & EO levels.

Job description

The Role

The role supports ONS’s core security capabilities, including service management, assurance, and incident response, offering opportunities for cross-skilling and development.

The responsibilities are primarily aligned with the Government Security Profession Cyber Security Monitoring Lead role, with elements from the Corporate Enablers Security Adviser and Process Lead roles.

Responsibilities:

• Develop, own, and implement effective data protection assurance processes and compliance documentation (e.g., DPIAs, SyOPs) to meet regulatory and legal requirements.
• Develop and implement security auditing, monitoring, and assessment capabilities for data systems and data use, incorporating industry best practices.
• Understand the scope, context, purposes, and risks of data processing across business areas to provide guidance and oversight of compliance.
• Promote training, engagement, and awareness activities to encourage data protection and compliance best practices.
• Investigate non-compliance incidents and breaches, supporting mitigating actions in collaboration with Cyber Security.
• Support the shaping of the security audit and monitoring strategy, ensuring compliance with policies and standards.
• Assist Cyber Security in managing security alerts, investigating security incidents, and reviewing security event data for response and escalation.

Person specification

Essential Criteria:

• Detailed knowledge of data protection legislation and regulations, including their implementation across government contexts.
• Ability to assess risks of data use cases and advise on mitigations.
• Understanding of threat assessment based on data analysis and security measures recommendation.
• Experience managing a team of specialists across different sites in a dynamic environment.
• Knowledge of UK Government Security Policy Framework and relevant standards like ISO 27001, Data Protection Act.
• Ability to work collaboratively in a multidisciplinary team.
• HMG Vetting at Security Clearance (SC) level required prior to starting.

Desirable Criteria:

• Willingness to pursue professional development qualifications in security (e.g., ISO 27001 Security Auditor).

Behaviours

• Communicating and Influencing
• Managing a Quality Service
• Leadership
• Working Together

Technical Skills

• Applied Security Capability - Practitioner
• Information Risk Assessment and Risk Management - Practitioner
• Protective Security - Working
• Threat Understanding - Working