Head of Data Protection & Information Management

The Head of Data Protection and Information Management role forms part of a Department wide Data Protection Unit led by the DfT Departmental Data Protection Officer, and locally reports into the DVSA Chief Data & Security Officer. The role is responsible for carrying out the delegated statutory tasks of the Departmental Data Protection Officer in accordance with the DfT DPO Governance Framework. They also act as the principal point of contact for the ICO and for Data Subjects for the DVSA within the DfT controllership.

The role manages the information and records management function as part of the Government Knowledge and Information (KIM) Profession and ensures that management of both electronic and physical records is compliant with GDPR and other regulations. The team also works with the DVSA Corporate Reputation team to help DVSA meet statutory obligations originating from GDPR and Freedom of Information legislation assuring processes, and also leading Internal Reviews or information rights requests under data protection legislation.

Joining our department comes with many benefits, including:

• Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave), plus 8 bank holidays a privilege day for the Kings birthday
• Flexible working options where we encourage a great work-life balance.

Read more in the Benefits section below!

Find out more about what it's like working at Driver and Vehicle Standards Agency - Department for Transport Careers

The Head of Data Protection and Information Management role forms part of a Department wide Data Protection Unit led by the DfT Departmental Data Protection Officer, and locally reports into the DVSA Chief Data & Security Officer. The role is responsible for carrying out the delegated statutory tasks of the Departmental Data Protection Officer in accordance with the DfT DPO Governance Framework. They also act as the principal point of contact for the ICO and for Data Subjects for the DVSA within the DfT controllership.

The role manages the information and records management function as part of the Government Knowledge and Information (KIM) Profession and ensures that management of both electronic and physical records is compliant with GDPR and other regulations. The team also works with the DVSA Corporate Reputation team to help DVSA meet statutory obligations originating from GDPR and Freedom of Information legislation assuring processes and also leading Internal Reviews or complaints under data protection.

Your responsibilities will include, but arent limited to:

1. To act as the Data Protection Manager for the DVSA, carrying out the statutory tasks delegated to the role and DVSA by the Departments DPO (as set out in the DfT Data Protection Governance Policy)
2. Leading the records management function ensuring alignment with DfT and wider Government.
3. Providing assurance to the Digital & Technology Leadership Team that the organisation's systems are designed in accordance with the data protection policies and regulations.
4. Lead FOI internal reviews, ensuring our response is fair and robust, and when necessary challenging senior managers on decisions to disclose or withhold.

Great line management is important to us as an organisation, and we will equip and support line managers to develop the skills they need. We aim to empower line managers to create teams where people can flourish and deliver excellent outcomes for the public. 

For further information on the role, please read the attached role profile. Please note that the role profile is for information purposes only - whilst all elements are relevant to the role, they may not all be assessed during the recruitment process. This job advert will detail exactly what will be assessed during the recruitment process.

Open Sessions: Would you like to find out more about the role, the team and what its like to work in our department? If so, we are organising an open session where you can virtually 'meet the team' on Thursday 25th June at 5.00 pm. Sign up here

Essential qualifications:

• You must have an industry-recognised practitioner-level qualification in data protection.

• You will either have a qualification in FOI or a security qualification such as CISMP or ISO27001. For these area (FoI and security) where no qualification isheld, you should be willing to acquire them within 9 months of joining us.

To be successful in this role you will need to have the following experience:

• A history of being involved in incident management and forming part of a wider incident management team.
• A history of working collaboratively and inclusively with external organisations and other stakeholders, sharing information and knowledge to achieve common aims.
• Experience of information and records management function and be able to advice on Freedom of Information legislation and supporting the business with any training
• Experience in assessing and improving compliance and reporting on this to all levels.
• Experience of risk management and working with cyber security colleagues

Additional Information

Working hours, office attendance and travel requirements

Full time roles consist of 37 hours per week.

Whilst we welcome applications from those looking to work with us on a part time basis, there is a business requirement for the successful candidate to be able to work at least 30 hours per week. 

Regular travel to other offices will be required, which may involve overnight stays. 

This role is suitable for hybrid working, which is a non-contractual arrangement where a combination of workplace and home-based working can be accommodated subject to business requirements.

The expectation at present is a minimum of 60% of your working time a month will be spent at either your designated workplace (one of the locations cited in the advert) or, when required for business reasons, in another office/work location. There may be occasions where you are required to attend above the minimum expectation. 

If you have a question about hybrid working, part time/job share hours, flexible working, travelling for work, or require a reasonable adjustment, please contact the Vacancy Holder during the recruitment process to avoid possible disappointment later in the process should your working arrangements not be compatible with the requirements of the role (see below for contact details).

Please note that we do not hold a UK Visa & Immigration (UKVI) Skilled Worker Licence sponsor and are unable to sponsor any individuals for Skilled Worker Sponsorship. Candidates must ensure they have the appropriate rights to work in the UK before application. 

The role requires DV clearance however candidates can onboard with SC Clearance and undergo DV whilst in post. Should the successful candidate not obtain DV then there will be a requirement to be re-deployed to an alternative post should a position be available.