About the job

Job summary

This position is based Nationally   

Job description

We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: https://www.gov.uk/government/organisations/ministry-of-justice/about/equality-and-diversity.

Eligibility to Apply / Technical Requirement:

There will be a requirement for staff within the National Security Division to apply for Enhanced Level 2 Clearance

Applications are open to substantive PS band 2’s and band 3’s on promotion who would (if appointed) be temporarily promoted to Band 4 on a part-time basis. 

Applicants invited to interview must be able to confirm that they have discussed this post with their line manager and have support to apply and to be released to take up the loan/secondment.

Working Arrangements & Further Information

The MoJ offers Hybrid Working arrangements where business need allows. This is an informal, non-contractual form of flexible working that blends working from your base location, different MoJ sites and / or from home (please be aware that this role can only be worked in the UK and not overseas). Some roles will not be suitable for Hybrid Working. Similarly, Hybrid Working will not suit everyone’s circumstances. Arrangements will be discussed and agreed with the successful candidate(s) and subject to regular review.

For nationally advertised roles, the successful candidate(s) will be appointed to a MoJ office location, which may include their nearest Justice Collaboration Centre or Justice Satellite Office. This will be discussed and agreed on the completion of pre-employment checks.

Overview of the job    

The Regional Information Security and Assurance Officer (RISAL) sits within the Corporate Service function in the Probation Service region and reports directly to the Head of Corporate Services.

They will have line management responsibility for Information Security related Project Officers within the region.

The RISAL is the link between the Probation Service region and the HMPPS Information Security Team.

The geographical base for the RISAL post can be flexible within their regional area and will require travel across the region and some work in London and other locations.
Summary    The RISAL is responsible for ensuring compliance across all Probation Service units within the region with all Information Security Policy Framework requirements and ensuring all quarterly and annual departmental returns are completed and submitted in an accurate and timely manner on behalf of the Regional Probation Director who is the Information Asset Owner.

As the Subject Matter Expert, the RISAL will be required to lead investigations into all security incidents and breaches and report their findings and recommendations in full to the commissioning manager.

The RISAL will chair and manage the Regional Information Assurance Committee and will have a seat on the National Information Management Programme Board chaired by the Business Strategy and Change Lead.

Responsibilities, Activities & Duties    

The job holder will be required to carry out the following responsibilities, activities and duties:

•    As Subject Matter Expert, the RISAL will be the Lead investigator into information security incidents and data breaches. They will lead investigations into how incidents occur and report their findings to the commissioning officer and will give evidence when required, such as disciplinary hearings. The RISAL is responsible for ensuring all recovery actions, both for individuals and for the Service, following an incident are completed and that lessons are learned and shared to avoid future incidents across the region. They will update local policy and best practice guidance to reflect any lessons learned. The RISAL will also be the Regional Point of Contact for any investigations arising from the Information Commissioners Office ( ICO).
•    The RISAL is responsible for adapting and regionalising the National Information Security Policy Frameworks into a robust and embedded local policy to deliver key milestones. Through collaboration and consultation with senior leaders across the region the RISAL will ensure the policy is implemented and embedded. The RISAL will be the driver, on behalf of the Regional Probation Director, for culture change around all aspects of the Information Security Policy Framework and Information Risk, delivering best practice.
•    The RISAL will routinely undertake compliance visits across all sites in the region and will be responsible for developing and managing the Regional Risk Register appropriately, managing any emerging risks providing assurance and escalating risk where required to Regional Probation Director or HMPPS Information Security. They will identify and agree any necessary recovery actions with the site lead and monitor progress through to completion.
•    Cabinet Office commission completion of an annual information security compliance statement, (Departmental health check), across Government. The RISAL is responsible for ensuring the ongoing departmental health check is completed on behalf of the Regional Probation Director, within a timely manner as stipulated by HMPPS Information Security. The RISAL will be required to understand any areas of deficiency within the Region and implement a robust strategy to improve levels of compliance across the Region.
•    Provide technical expertise to ensure the Regional Probation Director and Senior Leadership Team understand their responsibilities as Information Asset Owner and Information Asset Custodians.
•    Provide a monthly status report on Security Incidents/Breaches, to the Senior Leadership Team, including trends and risks analysis and demonstrating actions and mitigations the RIASL has completed and any further required recommendations for controls and mitigating actions.
•    Provide technical advice and guidance to Heads of Departments to ensure the correct information is gathered to develop accurate Information Sharing Agreements (ISAs) with 3rd party providers and charities. The RISAL will be responsible for approving all ISAs on behalf of the Regional Probation Director.
•    The RISAL will have line management responsibility for any Project Officer resource in the region that has been allocated to the information assurance ambitions of the region. They will be responsible for oversight of their work, formal line management of individuals, management of capability and performance, development of individuals, and day to day supervision of project officers.
•    Leading on a culture change programme in the Region to ensure a positive Information Management culture is embedded across the Probation Service region making all staff are aware of best practice and their individual responsibility for information security; the RISAL will employ a range of approaches including developing and issuing bulletins to highlight key messages on lessons learned and shared best practice and innovative strategies to maximise impact.
•    Develop and deliver training and awareness sessions on Information Security and Information Risk Policies and/or best practice and lessons learned.
•    As Subject Matter expert, the RISAL is required to have an in-depth and current knowledge of all MoJ/HMPPS Information Security and Risk Management policies, and National legislation, i.e. UK GDPR. This will also include in-depth knowledge and understanding of trends as identified by the Information Commissioners office (ICO) . The RISAL will also be required to understand the role of the National Cyber Security Centre (NCSC) and how they support the work of HMPPS and other government departments.
•    Direct and drive the quarterly Regional Information Assurance Committee on behalf of the Regional Probation Director and attend the monthly National Information Assurance forum to represent their region, they will be responsible for disseminating information regionally and engaging with leaders across the region where there are actions to implement, including the RISAL updating their Local Information Security Policy Framework and, where applicable, the Regional Information Assurance Registers.
•    Responsible for ensuring all required Information Sharing Agreements are in place and are recorded in the relevant systems. Own and maintain the ISA database for the region, undertaking routine quality assurance of the ISAs included on the database, providing reports to senior leadership team and HMPPS Information Security team as required and commissioned.
•    The RISAL will be required undertake stakeholder engagement across HMPPS, MoJ, other Government agencies and 3rd party suppliers. This will be to ensure that data is being shared and managed appropriately.

The duties/responsibilities listed above describe the post as it is at present and is not intended to be exhaustive. The job holder is expected to accept reasonable alterations and additional tasks of a similar level that may be necessary. Significant adjustments may require re-examination under the Job Evaluation Scheme and shall be discussed in the first instance with the job holder.

Person specification

Please refer to Job Description

Benefits

Alongside your salary of £31,582, HM Prison & Probation Service contributes £8,369 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Strengths.https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.