Data Protection and Information Security Lead

Job summary

The Government Internal Audit Agency (GIAA) is driven by its unparalleled access across government to build better insights, better outcomes for our clients. This role offers a strong platform for career progression within the Agency and the wider civil service, providing opportunities to develop leadership, stakeholder engagement and strategic relationship management skills across government. The Agency’s unique access across the public sector exposes you to different risk and control environments, allowing you to gain insights, apply experience, contribute meaningfully, and continue developing professionally.

Job description

The Data Protection and Information Security Lead will play an important role in safeguarding the organisation’s people, information, and assets. The role involves developing compliance with data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and government security and functional standards. The role will develop and implement robust policies, procedures, and controls to safeguard sensitive information and mitigate risks to ensure the confidentiality, integrity, and availability of information.

In addition to serving as a subject matter expert in data protection, information management and security, working in a multi-disciplinary team they will be required to perform various activities across other Central Services functions. These functions include security, data protection, estates, business continuity and health and safety. They will work flexibly, adapting to support these areas as needed to enhance the efficiency and resilience of Central Services. By doing so, they will ensure collaboration and contribute to the effective delivery of the organisation's objectives.

This role will involve close liaison with the GIAA Senior Information Responsible Owner (SIRO) and Data Protection Officer (DPO), providing robust advice and guidance as required to handle data breaches and security incidents. Provide advice and guidance to GIAA senior leaders regarding information security, supporting both the SIRO and DPO in the effective discharge of their duties.

Role responsibilities

• Conducting evidence-based security and data protection risk assessments across suppliers and internal services.
• Assessing threats, vulnerabilities and emerging risks and providing informed opinions on security posture and control effectiveness.
• Supporting departmental security health checks and GovS 007 compliance.
• Implementing and monitoring information security and data protection policies and advising on secure data handling.
• Leading DPIAs, data sharing agreements, records of processing, and information asset registers. Managing records lifecycle in line with legislation; support DSARs and FOI requests.
• Managing data breaches and security incidents (including ICO reporting where required). This will include analysing root causes and trends.
• Developing, testing and maintaining business continuity and incident response plans by creating contingency measures and support services during incidents.
• Monitoring compliance through audits and assurance activities and report to DPO, SIRO and governance committees.
• Training colleagues and raising awareness of security and data protection requirements.
• Developing guidance for cleansing and improving organisational data.

Person specification

1. A strong track record of continuous improvement in data protection and information security, working closely with others to identify where things could be made better and then working in partnership to make those improvements happen.
2. Experience of building relationships and influencing stakeholders, working collaboratively and inclusively, sharing information and knowledge to achieve common aims.
3. Experience as a data protection subject matter expert, including communicating data protection risks and compliance requirements to technical and non-technical stakeholders, of varying levels, through various mediums.
4. Experience of working in a multi-disciplinary team, undertaking various activities across different functions, demonstrating flexibility and adaptability to support these areas to improve efficiency and resilience to contribute to the organisation’s objectives.

Qualifications

Certified data protection practitioner or equivalent.
The successful candidate should also have or be willing to work towards:
•Business continuity certification
•Certified ISO27001 Practitioner

Benefits

Alongside your salary of £58,429, Government Internal Audit Agency contributes £16,926 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Competitive salaries and in-year rewards
• Flexible working
• A Civil Service Pension with an employer contribution of 28.97%
• Discount on big brands
• Volunteering days
• Season Ticket Loan and Cycle to Work Schemes
• Free eyesight tests
• Family-friendly HR policies
• 25 days’ annual leave increasing by one day per year of service to 30 days after 5 years’ service
• Geographically based Agency

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Strengths and Experience.

Recruitment Timeline

• Closing date: 05 February 2026
• Shortlisting: 09 February 2026
• Interviews: 02 March 2026

This timeline is indicative and may be subject to change. We will inform you if there is a substantial change to the recruitment timeline.

If your contact details change at any time during the selection process, please ensure you update your Civil Service Jobs profile.

Please note that only applications submitted through Civil Service Jobs will be accepted.

Eligibility Statement

A candidate is not eligible to apply for a role in the Civil Service if the application is made within a 5-year period following a dismissal for carrying out internal fraud against government. Checks will be performed as part of pre-employment checks in line with this. Please refer to the Candidate FAQ document attached to the advert for more information.

Everyone working with government assets must complete Baseline Personnel Security Standard (BPSS) checks. Additionally, individuals appointed to the Treasury group will be subject to National Security Vetting. The level of security vetting required for this role is Security Check (SC)

To allow for meaningful checks to be carried out, applicants will need to have lived in the UK for at least 3 out of the past 5 years. In exceptional circumstances, for example if you have been working abroad on a government posting, a lack of residency would not be a bar to security clearance however the Department will need to consider eligibility on a case-by-case basis once the advert closing date has passed.

Please read the Vetting Charter for information on what to expect during the vetting process and what will be expected from you. Many areas of your life may be explored during your vetting journey, and it is important that every individual, regardless of their background and experiences, should feel comfortable going through this personal process, whilst having confidence that it is fair, proportionate, and inclusive.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Katie Woodhouse
• Email : GIAARecruitment@GIAA.gov.uk

Recruitment team

• Email : giaarecruitment@giaa.gov.uk

Further information

Complaints Procedure: The law requires that selection for appointment to the Civil Service is on merit on the basis of fair and open competition as outlined in the Civil Service Commission's Recruitment Principles. If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, you should contact: GIAARecruitment@giaa.gov.uk in the first instance. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission.

Attachments

Grade 7-Data Protection and Information Security Lead-Candidate Pack Opens in new window (pdf, 965kB)