Security Development and Compliance Lead - ONS - SEO

Location

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham), and Manchester.

All colleagues on office-based contracts should be working primarily in their contractually allocated site for at least 40% of their working time. The exception is for colleagues based at the Manchester office, who will only be required to attend the office for 20% of their work time due to current capacity constraints. It is expected that Manchester will move to 40% in 2025-2026.

The induction process for the role will be conducted in person.

The Office for National Statistics (ONS) is the UK's largest producer of official statistics, covering key economic, social, and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution, and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime, and migration.

The role is within the Security Development, Compliance, and Audit (SDCA) team, which is part of the Security and Information Management (SaIM) directorate. The SDCA team provides advice to stakeholders for the complete lifecycle, security, and governance of sensitive information stored within data access environments. It also acts as an interface between stakeholders to deliver data protection assurance, monitor compliance with security policies, and provide evidence to support these functions.

The primary focus of the role will be leading the Security Development and Compliance team in developing and implementing data protection assurance and audit capabilities, aligned with security strategy and data protection standards. This includes advising internal users, stakeholders, and Information Asset Owners on compliance and risk related to data use. The role includes line management responsibilities for Security Development and Compliance Policy Associates at HEO and EO levels.

The Role

The role supports ONS core security capabilities, including service management, assurance, and incident response, offering opportunities for cross-skilling and development.

The responsibilities align primarily with the Government Security Profession Cyber Security Monitoring Lead role, with elements from Corporate Enablers Security Adviser and Process Lead roles.

Responsibilities:

• Developing, owning, and implementing effective data protection assurance processes and compliance documentation (e.g., DPIAs, SyOPs) to meet regulatory and legal requirements.
• Developing and implementing security auditing, monitoring, and assessment capabilities for data systems and data use, incorporating industry best practices.
• Understanding the scope, context, purposes, and risks of data processing across business areas to provide guidance and oversight of compliance.
• Promoting training, engagement, and awareness activities to foster data protection and compliance best practices.
• Investigating non-compliance incidents and breaches, coordinating with Cyber Security, and directing mitigation actions.
• Supporting the shaping of security audit and monitoring strategies, ensuring policies and standards are met.
• Supporting Cyber Security in managing security alerts, incident response, and escalation processes.

Essential Criteria:

• Knowledge of data protection legislation and regulations, including their implementation across government contexts.
• Ability to assess risks and advise on mitigations for diverse data use cases.
• Understanding and evaluating threats based on data, recommending security measures.
• Experience managing a team of specialists across different sites in a dynamic environment.
• Understanding of UK Government Security Policy Framework and standards like ISO 27001, Data Protection Act.
• Teamwork skills in a multi-disciplinary environment.
• Security Clearance (SC) will be required prior to starting.

Desirable Criteria:

• Willingness to pursue professional development qualifications within security, such as ISO 27001 Security Auditor.

Assessment during the selection process will cover:

• Communicating and Influencing
• Managing a Quality Service
• Leadership
• Working Together

Assessment during the selection process will include:

• Applied Security Capability - Practitioner
• Information Risk Assessment and Risk Management - Practitioner
• Protective Security - Working
• Threat Understanding - Working