Description
We are current ly seeking an Information Risk and Assurance Officer for Her Majesties TreasuryInformation Risk and Assurance Officer
1.Data Protection
Provide departmental advice for Data Protection, ensure that policies are fit for purpose, training is appropriate and DPA risks are consistently recognised and addressed
Metrics:
. DPA policies are current and relevant
. DPA training is delivered on time to the right people
. Key risks are demonstrably addressed
. HMT's approach is consistent with the rest of government
. Alinement with other areas (DSO. ITSO)
. Good communication skills across all levels of HMT
2.BAU Information Assurance
Compile, maintain and enhance the core products associated with the information assurance service, notably the Information Asset Register, IAO guidance, the Information Incident Log and incident reporting forms
Metrics:
. The Information Asset Register (IAR) is up to date and complete
. IAO guidance is circulated and well received by asset Owners
. The incident log is up to date (including Legacy incidents) and lessons learned/after actions are recorded appropriately
. Incident reporting is demonstrably working well and forms are easy to find and complete
. Feedback from the CIO, DSO and SIRO is positive
3.Change - Support preparations for Data Protection Reform
Data Collection and assessment and the development of solutions to support transition of HMT policies processes to be compliant with GDPR
Metrics:
. Data mapping and assessment
. Develop GDPR compliance solutions
. Development of GDPR compliant policies are current and relevant
. GDRP training solutions are developed and delivered on time to the right people
. GDPR Key risks are identified and solutions developed to support HMT address compliance
. Monitor GDPR compliance progress
1. Business Analysis
. Analyse business change initiatives.
. Work with business change owners to gather, develop and document process maps and requirements.
. Producing "as is" and "to be" business process maps.
. Work with business change owners and suppliers (where required) to ensure that requirements are clearly understood and necessary information is available.
. Issue resolution between internal and external stakeholders.
Core skills
. Experience of the application of Data Protection Act within government.
. Experience of (government) protective markings and security measures protective markings
. Experience of paper and electronic information management practises and systems
. Experience of writing and updating data protection policies
. Experience of provision of data protection training
. SC level of security clearance
. Good understanding of information assurance (IA) practises
. Working knowledge of current Data Protection Act (DPA)
. Working knowledge data breach procedure under the DPA
. Working knowledge of Freedom of Information act
. Working knowledge of Subject access request
. Experience of project planning and execution
Competencies
Seeing the bigger picture
Making effective decisions
Leading and communicating
Managing a quality service
Delivering at pace
Please note that the client has determined that the off-payroll working rules will apply to this assignment and where a worker elects to provide their services through an intermediary (such as a personal services company) then income tax and primary national insurance contributions will be deducted at source from any payments made to the intermediary.