Data Protection and Information Security Lead
| Posting date: | 21 January 2026 |
|---|---|
| Salary: | £58,429 to £72,617 per year |
| Hours: | Full time |
| Closing date: | 05 February 2026 |
| Location: | Birmingham, Bristol, Bootle, Croydon, Leeds, Manchester, Newcastle, Reading and Swansea |
| Remote working: | Hybrid - work remotely up to 2 days per week |
| Company: | Government Internal Audit Agency |
| Job type: | Permanent |
| Job reference: | 445294 |
Summary
The Government Internal Audit Agency (GIAA) is driven by its unparalleled access across government to build better insights, better outcomes for our clients. This role offers a strong platform for career progression within the Agency and the wider civil service, providing opportunities to develop leadership, stakeholder engagement and strategic relationship management skills across government. The Agency’s unique access across the public sector exposes you to different risk and control environments, allowing you to gain insights, apply experience, contribute meaningfully, and continue developing professionally.
About the Job
The Data Protection and Information Security Lead will protect the agency’s people, information and assets. You will develop and oversee compliance with UK GDPR, the Data Protection Act 2018 and government security standards. You will also shape and maintain effective policies, procedures and controls that support secure and resilient operations.
Working within a multi-disciplinary team, you will also contribute to wider Central Services areas such as estates, business continuity and health and safety. You will work closely with the Senior Information Responsible Owner and the Data Protection Officer, offering expert advice and supporting responses to incidents and data breaches.
In this role, you will:
• Carry out evidence-based risk assessments for suppliers and internal services
• Assess threats, vulnerabilities and emerging risks
• Support security health checks and GovS 007 compliance
• Implement and monitor information security and data protection policies
• Lead DPIAs, data sharing agreements and records management activities
• Manage data breaches and incidents including ICO reporting
• Maintain and test business continuity and incident response plans
• Monitor compliance and report findings to senior stakeholders
• Provide training and raise awareness across the organisation
• Develop guidance to improve data quality and management
About You
You will bring a strong record of improving data protection and information security, working collaboratively to identify issues and deliver meaningful change. You build positive relationships and influence others effectively, sharing knowledge openly and working inclusively with a wide range of colleagues. You are confident explaining risks and compliance requirements to technical and non-technical audiences and are comfortable working flexibly across different functions. You will be a certified data protection practitioner or hold an equivalent qualification, and you should also have or be willing to work towards business continuity and ISO27001 Practitioner certification.
Benefits of working for the Government Internal Audit Agency
• Competitive salaries and in year rewards
• Flexible working
• Competitive contributory pension scheme with employer contributions starting from 28.97%.
• Discounts on big brands and supermarkets, online shops and on the high street.
• Paid volunteering days
• Season ticket loans/Cycle to work scheme
• Free eyesight test
• Family friendly HR policies
• 25 days annual leave, increasing one day each year to 30 days after 5 years’ service
We are committed to being an inclusive employer. We encourage applications from all backgrounds, and we welcome applications from candidates who wish to work flexibly, for example, part-time, term time or job share.
Hybrid Working is available to GIAA colleagues. This means a combination of office working and working from home. This includes time spent in our GIAA office locations and can also include any time spent attending our customers' sites.
GIAA colleagues are expected to work in an office location for three days a week on average (60%). Naturally, this expectation will be applied on a pro-rata basis for people who have a part-time or compressed hours working pattern.
For more information about the GIAA, role, salary, benefits, who to contact and how to apply please follow the Apply link.
If you need any reasonable adjustments to take part in the selection process, please tell us about this in your online application form, or speak to the recruitment team at GIAArecruitment@GIAA.gov.uk
About the Job
The Data Protection and Information Security Lead will protect the agency’s people, information and assets. You will develop and oversee compliance with UK GDPR, the Data Protection Act 2018 and government security standards. You will also shape and maintain effective policies, procedures and controls that support secure and resilient operations.
Working within a multi-disciplinary team, you will also contribute to wider Central Services areas such as estates, business continuity and health and safety. You will work closely with the Senior Information Responsible Owner and the Data Protection Officer, offering expert advice and supporting responses to incidents and data breaches.
In this role, you will:
• Carry out evidence-based risk assessments for suppliers and internal services
• Assess threats, vulnerabilities and emerging risks
• Support security health checks and GovS 007 compliance
• Implement and monitor information security and data protection policies
• Lead DPIAs, data sharing agreements and records management activities
• Manage data breaches and incidents including ICO reporting
• Maintain and test business continuity and incident response plans
• Monitor compliance and report findings to senior stakeholders
• Provide training and raise awareness across the organisation
• Develop guidance to improve data quality and management
About You
You will bring a strong record of improving data protection and information security, working collaboratively to identify issues and deliver meaningful change. You build positive relationships and influence others effectively, sharing knowledge openly and working inclusively with a wide range of colleagues. You are confident explaining risks and compliance requirements to technical and non-technical audiences and are comfortable working flexibly across different functions. You will be a certified data protection practitioner or hold an equivalent qualification, and you should also have or be willing to work towards business continuity and ISO27001 Practitioner certification.
Benefits of working for the Government Internal Audit Agency
• Competitive salaries and in year rewards
• Flexible working
• Competitive contributory pension scheme with employer contributions starting from 28.97%.
• Discounts on big brands and supermarkets, online shops and on the high street.
• Paid volunteering days
• Season ticket loans/Cycle to work scheme
• Free eyesight test
• Family friendly HR policies
• 25 days annual leave, increasing one day each year to 30 days after 5 years’ service
We are committed to being an inclusive employer. We encourage applications from all backgrounds, and we welcome applications from candidates who wish to work flexibly, for example, part-time, term time or job share.
Hybrid Working is available to GIAA colleagues. This means a combination of office working and working from home. This includes time spent in our GIAA office locations and can also include any time spent attending our customers' sites.
GIAA colleagues are expected to work in an office location for three days a week on average (60%). Naturally, this expectation will be applied on a pro-rata basis for people who have a part-time or compressed hours working pattern.
For more information about the GIAA, role, salary, benefits, who to contact and how to apply please follow the Apply link.
If you need any reasonable adjustments to take part in the selection process, please tell us about this in your online application form, or speak to the recruitment team at GIAArecruitment@GIAA.gov.uk
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.