JOB TITLE: Head of Risk and Governance and Data Protection Officer. REPORTS TO: Director of Corporate Affairs and Governance

Transcription

1 JOB DESCRIPTION AND PERSON SPECIFICATION JOB TITLE: Head of Risk and Governance and Data Protection Officer REPORTS TO: Director of Corporate Affairs and Governance SALARY: Level G HOURS: 37 per week PURPOSE OF POST To lead the Information Commissioner s Office (ICO) Risk and Governance Department, including a range of functions and services which together ensure that standards of internal governance and risk management are maintained across the ICO. The Head of Risk and Governance also fulfils the role of Data Protection Officer (DPO). In this capacity the post holder is accountable to Management Board, regularly reporting risks or opportunities and recommending appropriate action regarding the ICO s compliance with information rights legislation direct to the Information Commissioner. KEY RESPONSIBILITIES As Head of Risk and Governance, oversee the development and implementation of effective strategies, policies and procedures to ensure appropriate and proportionate standards of internal governance and risk management are maintained for the ICO. Have strategic oversight of the ICO s Corporate Governance function, ensuring that risk and opportunities are managed and co-ordinated effectively across the organisation in line with agreed corporate risk appetite, advising and supporting the Senior Leadership Team to make sure that all governance policies, procedures and forums are proportionate and fit for purpose. As the ICO s Data Protection Officer: o embed appropriate strategies, policies and procedures to maintain standards of good practice and compliance for the ICO s processing of personal information o be accountable to the Management Board for the ICO s processing of personal information, regularly reporting risks or opportunities and recommending appropriate actions direct to the Information Commissioner

2 o Fulfil the tasks of the data protection officer set out at Article 39 GDPR, including: - Informing and advising the ICO and its employees of their data protection obligations - Monitoring compliance with our data protection obligations and with our own policies in relation to the protection of personal data, including assignment of responsibilities, awarenessraising and training of staff involved in process operations, and the related audits; - Providing advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35 GDPR - Cooperate with the ICO in its capacity as the supervisory authority - Act as the contact point for the supervisory authority on issues relating to professing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter. Be the main point of contact with the ICO s Government sponsor department (DCMS) regarding all matters of corporate governance and sponsorship, ensuring regular liaison and reporting and that any matters requiring ICO attention are dealt with promptly and to a high standard. As part of the Corporate Governance function, maintain strategic oversight of a Private Office service, supporting the Commissioner and members of the Senior Leadership Team. Have strategic oversight of the ICO s Information Governance function, ensuring that appropriate strategies, policies and procedures are in place to support the maintenance of high standards of information management and security across the ICO. This includes provision of an Information Access Service responsible for responding to requests for information made to the ICO as a public authority and data controller. Provide a central function for the co-ordination, investigation and resolution of allegations of statutory noncompliance by the ICO. Lead a corporate change management function, overseeing change projects and programmes in response to specific corporate and information governance risks and opportunities.

3 To be responsible for the provision of the ICO s internal audit function, attending the ICO s Audit Committee to provide regular reports addressing areas of assurance identified by the Audit committee. This internal audit function is likely to be provided through a mixture of in house and out sourced resources. To seek continuous improvement in all areas of responsibility. To recommend changes. To manage and lead on projects and initiatives ensuring that implementation is achieved on time and in budget. To be fully conversant with all relevant legislation. To ensure, within the Risk and Governance Department, that effective and appropriate policies and procedures are in place to drive performance, which meet legal requirements, best practice and organisational objectives. To participate on behalf of the Commissioner/ICO as directed at meetings and events where senior representation is required, deputising for the DCEO during times of absence or unavailability. To participate actively as a senior manager at the ICO, both as a member of the DCEO Directorate senior management team and as a member of cross office teams as required. PERSON SPECIFICATION Criteria Education and Degree or relevant Qualifications professional qualification or equivalent experience. At least one professional qualification relevant to information rights law, or equivalent experience demonstrating this level of ability How Assessed Application form/certificates Work Experience Significant senior level management experience (around 5 years)

4 Experience of leading within an internal governance/audit and risk management environment or equivalent Experience of interpreting and analysing complex legislation, in particular that relating to information rights Application form/ Knowledge, skills and ability Experience of leading, developing and managing people Experience of leading significant change projects from concept to sign off, including the development of complex business cases Experience of managing in a risk based environment and the ability to assess and interpret complex strategic risk and engage in debate about these issues Knowledge of the regulatory environment and the public sector generally. Including the democratic, political and organisational framework Application form/

5 Excellent written and verbal communication and presentation skills Personally Effective excellent organisational skills, ability to prioritise and delegate Ability to lead during times of uncertainty, identifying strategic priorities and responding efficiently to changing business needs Experience of analysing complex financial / statistical information and producing accurate / intelligent forecasts and plans Application form/ interview Please note that post holders for this role will be required to receive security clearance to SC level. This requires the disclosure of spent and unspent convictions. Although convictions will be taken into account, any such information will not necessarily prevent you from obtaining a security clearance.

6