About the job

Job summary

Do you have experience delivering business improvements in data protection compliance and information security? 

Are you a self-starter who can lead from the front to apply hands on expertise? 

Will you thrive in an environment where you will be at the forefront in driving data compliance and embedding change across a large business group? 

Our core purpose is to be a Corporate Centre of Excellence where we work with our partners to support Customer Compliance Group in delivering its objectives effectively, efficiently, and safely. 
 
We influence and drive decision making across CCG through the provision of data management information and insight, to ensure data compliance. 
 
We are an inclusive, collaborative and innovative community of around 300 people working across finance, performance, security, risk, control, assurance and data protection roles. Always forward looking, adopting different ideas and new ways of working to deliver efficiently.

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

Job description

As a data driven, self-starter you will be part of a small geographically dispersed team where you will look to expand your own and colleagues’ skills.  

Working as part of our Security and Information Management (S&IM) team, you will help provide services that relate to information management, data protection, cyber and information security, incident management and business continuity.

You will be at the forefront of driving data compliance and embedding change for CCG business group. 

Working collaboratively across all grades and business areas, you will be given the opportunity to lead improvement and innovation, adopting strategic and data frameworks. 

You will have the opportunity to drive high quality and dynamic reporting.

Person specification

As Data Compliance Lead you will:

• Improve information security and data compliance by supporting the design, build and delivery of a robust data compliance regime against legislative requirements, policies, frameworks, and best practice.
• Lead changes to data, security, information governance and compliance strategies per HMRC guidelines.
• Deliver quality reporting, Management Information (MI), statistical analysis, designing and developing Key Performance Indicators (KPI’s) to support data led decision making and senior briefings.
• Deploy data, security and compliance activities in accordance with legislation and regulatory expectation.
• Deliver risk, remediation and compliance activities to improve data security posture.
• Develop products, processes and deliverables which are systematic, repeatable, and consistent. 
• Promote a continuous development and improvement ethos, to improve staff capability and drive strategy implementation.

Essential Criteria

You are required to demonstrate experience of the following within your application:

• Data protection compliance, data architecture, data modelling, data security; information security, information assurance, cyber security, Governance, Risk and Compliance (GRC) or data science. 
• Leading the development of data protection compliance, information security or cyber products. Examples:
  asset registers, data modelling, data architecture, security risk assessments, impact assessment, Subject Access Requests, information assurance audits, risk treatment plans, Record of Processing Activities.  
• Writing clear and concise reports, briefings and management information with the ability to shape complex data into insights.  

Knowledge of:  

• Frameworks, policies, procedures, guidance and/or industry best practices in data protection, information security or cyber. Examples: ICO Accountability Framework, NCSC Cyber Assessment Framework (CAF), ISO27001 Information Security Management Systems (ISMS), NIST or equivalent.

Holding 1 or more from any of the following professional/academic qualifications or equivalent:  

• Professional: CISSP, CISM, CISA, ISO27001 ISMS Lead Auditor, GDPR/Data Protection Practitioner, SABSA, SANS GIAC, Agile practitioner, Prince 2 Practitioner or equivalent. 
• Academic: Graduate or a postgraduate qualification in information security, cyber, engineering, data science, statistics, programme management or a related subject. 

Desirable Criteria: 

• Knowledge of technology/cloud services. Examples: AWS and/or Microsoft products, Robotics, Artificial Intelligence (AI), machine learning.

Benefits

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%

Find more about HMRC benefits in 'Your little extras and big benefits handbook' for further information or visit Thinking of joining the Civil Service.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

How to Apply 

As part of the application process, you will be asked to complete a name blind CV and 500 word Personal Statement.

Your 500 Personal Statement should be used to describe how your skills and experience would be suitable for the advertised role, making reference to the essential criteria and person specification outlined in the advert. 

Your CV should cover your job history and will be scored against the experience required outlined in the advert. 

Desirable criteria will not be sifted on but may be used in the event of a tie-break.

Sift

The sift will be carried out against the CV and Personal Statement, with the successful candidates being invited to interview.

An initial sift based may be held if a large number of applications are received. If your application progresses to a full sift, all sift criteria will then be considered.

Interview

During the panel interview, your experience will be assessed and you will be asked behaviour-based questions to explore in detail what you are capable of. Candidates will be asked to carry out a 5 minute presentation on the topic of Data Compliance, details of which will be sent to those candidates invited to interview.

We reserve the right to raise the score required at any stage of the process in order to manage numbers.

Interview dates to be confirmed.

A reserve list may be held for a period of up to 12 months from which further appointments may be made for the same or similar roles – if this applies to you, we’ll let you know via your Civil Service Jobs account.

Eligibility

To check that you are eligible to apply, review this eligibility information

Important information for existing HMRC contractual homeworkers:

This role may be suitable for existing HMRC employees who are contractual homeworkers. Occasional attendance to the office will be required where there is a business need, so please review the advertised office locations for this role when applying and only select locations from the ‘location preferences’ section that you are able to travel to.

Reasonable Adjustments 

We want to make sure no one is put at a disadvantage during our recruitment process because of a disability, condition, or impairment. To assist you with this, we will reduce or remove any barriers where possible and provide additional support where appropriate. 

If you need a reasonable adjustment or a change to be made so that you can make your application, review this information on reasonable adjustments, and contact hmrcrecruitment.grs@cabinetoffice.gov.uk as soon as possible.

Diversity and Inclusion

At HMRC we are committed to creating a great place to work for all our colleagues and creating an inclusive and respectful environment that reflects the diversity of the society we serve.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role. We’re committed to creating a great place to work for all our colleagues here at HMRC. We want everyone to feel valued and supported to achieve their potential at HMRC.

For more information on how we make this happen, review this information on our culture and values

Applications received from candidates with a criminal record are considered fairly in accordance with the DBS Code of Practice and the Recruitment of ex-offenders Policy.

We welcome applications from those who need to work a more flexible arrangement and will agree to requests where possible after considering operational and customer service needs. We can’t guarantee that we can meet all requests to work flexibly, as agreement will be subject to business ability to accommodate, and any request to work a more flexible arrangement should be made prior to your acceptance of the provisional offer.

Customer facing roles in HMRC require the ability to converse at ease with members of the public and provide advice in accurate spoken English and/or Welsh where required. Where this is an essential requirement, this will be tested as part of the selection process. 

The Civil Service runs a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. 

Locations 

HMRC has a presence in every region of the UK. For more information on where you might be working, review this information on our locations.

Security Update

For more information on the level of security checks we will carry out, review this information on security checks 

Further Information

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. The evidence you provide in your application must relate to your own experiences.

Any instances of plagiarism or other forms of cheating will be investigated and, if proven, the relevant application/s will be withdrawn from the process. 

Duplicate applications for the same vacancy will also be withdrawn.

Transferring into HMRC from Civil Service If you are currently working for an ‘Other Government Department’ (OGD) and would like to consider the impact on your pay when joining HMRC, please see the attached document "Combined T&C and OGD Pay English”, found at the bottom of this advert. Further information on staff transfers can be found on gov.uk

Problems during the application process 

If you experience accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. 

If you think you’ve made a mistake on a short application form (e.g. you’ve ticked the incorrect eligibility box), please contact hmrcrecruitment.grs@cabinetoffice.gov.uk at least two working days before the vacancy closes. After this, we won’t be able to reopen your application.   

Please use the subject line to insert appropriate wording e.g. Please re-open my application - 329587 & vacancy closing date 17/01/2024. Please note that we cannot amend or re-open your application if you have submitted your full application in the interests of fair and open recruitment.

For reasonable adjustments queries or requests, please see details within reasonable adjustments section above.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.