Data Protection and Information Security Lead
| Dyddiad hysbysebu: | 21 Ionawr 2026 |
|---|---|
| Cyflog: | £58,429 i £72,617 bob blwyddyn |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 05 Chwefror 2026 |
| Lleoliad: | Birmingham, Bristol, Bootle, Croydon, Leeds, Manchester, Newcastle, Reading and Swansea |
| Gweithio o bell: | Hybrid - gweithio o bell hyd at 2 ddiwrnod yr wythnos |
| Cwmni: | Government Internal Audit Agency |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: | 445294 |
Crynodeb
The Government Internal Audit Agency (GIAA) is driven by its unparalleled access across government to build better insights, better outcomes for our clients. This role offers a strong platform for career progression within the Agency and the wider civil service, providing opportunities to develop leadership, stakeholder engagement and strategic relationship management skills across government. The Agency’s unique access across the public sector exposes you to different risk and control environments, allowing you to gain insights, apply experience, contribute meaningfully, and continue developing professionally.
About the Job
The Data Protection and Information Security Lead will protect the agency’s people, information and assets. You will develop and oversee compliance with UK GDPR, the Data Protection Act 2018 and government security standards. You will also shape and maintain effective policies, procedures and controls that support secure and resilient operations.
Working within a multi-disciplinary team, you will also contribute to wider Central Services areas such as estates, business continuity and health and safety. You will work closely with the Senior Information Responsible Owner and the Data Protection Officer, offering expert advice and supporting responses to incidents and data breaches.
In this role, you will:
• Carry out evidence-based risk assessments for suppliers and internal services
• Assess threats, vulnerabilities and emerging risks
• Support security health checks and GovS 007 compliance
• Implement and monitor information security and data protection policies
• Lead DPIAs, data sharing agreements and records management activities
• Manage data breaches and incidents including ICO reporting
• Maintain and test business continuity and incident response plans
• Monitor compliance and report findings to senior stakeholders
• Provide training and raise awareness across the organisation
• Develop guidance to improve data quality and management
About You
You will bring a strong record of improving data protection and information security, working collaboratively to identify issues and deliver meaningful change. You build positive relationships and influence others effectively, sharing knowledge openly and working inclusively with a wide range of colleagues. You are confident explaining risks and compliance requirements to technical and non-technical audiences and are comfortable working flexibly across different functions. You will be a certified data protection practitioner or hold an equivalent qualification, and you should also have or be willing to work towards business continuity and ISO27001 Practitioner certification.
Benefits of working for the Government Internal Audit Agency
• Competitive salaries and in year rewards
• Flexible working
• Competitive contributory pension scheme with employer contributions starting from 28.97%.
• Discounts on big brands and supermarkets, online shops and on the high street.
• Paid volunteering days
• Season ticket loans/Cycle to work scheme
• Free eyesight test
• Family friendly HR policies
• 25 days annual leave, increasing one day each year to 30 days after 5 years’ service
We are committed to being an inclusive employer. We encourage applications from all backgrounds, and we welcome applications from candidates who wish to work flexibly, for example, part-time, term time or job share.
Hybrid Working is available to GIAA colleagues. This means a combination of office working and working from home. This includes time spent in our GIAA office locations and can also include any time spent attending our customers' sites.
GIAA colleagues are expected to work in an office location for three days a week on average (60%). Naturally, this expectation will be applied on a pro-rata basis for people who have a part-time or compressed hours working pattern.
For more information about the GIAA, role, salary, benefits, who to contact and how to apply please follow the Apply link.
If you need any reasonable adjustments to take part in the selection process, please tell us about this in your online application form, or speak to the recruitment team at GIAArecruitment@GIAA.gov.uk
About the Job
The Data Protection and Information Security Lead will protect the agency’s people, information and assets. You will develop and oversee compliance with UK GDPR, the Data Protection Act 2018 and government security standards. You will also shape and maintain effective policies, procedures and controls that support secure and resilient operations.
Working within a multi-disciplinary team, you will also contribute to wider Central Services areas such as estates, business continuity and health and safety. You will work closely with the Senior Information Responsible Owner and the Data Protection Officer, offering expert advice and supporting responses to incidents and data breaches.
In this role, you will:
• Carry out evidence-based risk assessments for suppliers and internal services
• Assess threats, vulnerabilities and emerging risks
• Support security health checks and GovS 007 compliance
• Implement and monitor information security and data protection policies
• Lead DPIAs, data sharing agreements and records management activities
• Manage data breaches and incidents including ICO reporting
• Maintain and test business continuity and incident response plans
• Monitor compliance and report findings to senior stakeholders
• Provide training and raise awareness across the organisation
• Develop guidance to improve data quality and management
About You
You will bring a strong record of improving data protection and information security, working collaboratively to identify issues and deliver meaningful change. You build positive relationships and influence others effectively, sharing knowledge openly and working inclusively with a wide range of colleagues. You are confident explaining risks and compliance requirements to technical and non-technical audiences and are comfortable working flexibly across different functions. You will be a certified data protection practitioner or hold an equivalent qualification, and you should also have or be willing to work towards business continuity and ISO27001 Practitioner certification.
Benefits of working for the Government Internal Audit Agency
• Competitive salaries and in year rewards
• Flexible working
• Competitive contributory pension scheme with employer contributions starting from 28.97%.
• Discounts on big brands and supermarkets, online shops and on the high street.
• Paid volunteering days
• Season ticket loans/Cycle to work scheme
• Free eyesight test
• Family friendly HR policies
• 25 days annual leave, increasing one day each year to 30 days after 5 years’ service
We are committed to being an inclusive employer. We encourage applications from all backgrounds, and we welcome applications from candidates who wish to work flexibly, for example, part-time, term time or job share.
Hybrid Working is available to GIAA colleagues. This means a combination of office working and working from home. This includes time spent in our GIAA office locations and can also include any time spent attending our customers' sites.
GIAA colleagues are expected to work in an office location for three days a week on average (60%). Naturally, this expectation will be applied on a pro-rata basis for people who have a part-time or compressed hours working pattern.
For more information about the GIAA, role, salary, benefits, who to contact and how to apply please follow the Apply link.
If you need any reasonable adjustments to take part in the selection process, please tell us about this in your online application form, or speak to the recruitment team at GIAArecruitment@GIAA.gov.uk
Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd
Hyderus o ran Anabledd
Gwybodaeth am Hyderus o ran Anabledd
Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.