Data Protection Monitoring and Compliance Analyst

Data is the lynchpin that supports the energy industry and Ofgem has responsibility for protecting sensitive information. We are strengthening our defences to ensure the integrity and confidentiality of the data that powers our critical decisions and are looking for a Data Protection Monitoring & Compliance Analyst to join us and play a vital role in safeguarding our systems, operations, and people., The Data Protection Monitoring & Compliance Analyst’s (DPMCA) key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent, detect, and mitigate loss of confidentiality or other exposure of Ofgem data.

The DPMCA will work with Subject Matter Experts across Ofgem, typically within Corporate Services, to:

Determine and address both actual and potential instances of data loss, through:

• Identifying instances of unsanctioned or uncontrolled data egress;
• Working with Corporate Services to:

• address specific issues arising;
• determine and address root cause, vulnerabilities, and exposure;
• Support resulting activities including investigations instigated and/or required by corporate and line manager functions.

Determine and undertake regular Dashboard reporting at both macro and micro levels, to feed into Risk Management and Governance reporting regimes.

• Feeding into Risk and Vulnerability Registers;
• Feeding into weekly and monthly reporting cycles;
• Reporting ad-hoc in relation to investigatory work, as required by local and corporate management.

Construct and undertake a programme of monitoring and compliance that will span:

• Manual and automated interventions and techniques;
• Exploitation of existing capabilities;
• Identification of new and improved tooling and techniques;
• Embedding - where possible – continuous Audit capabilities across multiple channels, but initially focusing attention on data egress via Email and removable media.

The DPMCA will formally report to the Ofgem Data Protection Officer (DPO) and support both the DPO and Departmental Records officer (DRO) as required.

Key Responsibilities

The DPMCA’s key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent loss of confidentiality or other exposure of Ofgem data.

In order to discharge this effectively they will need to:

• Understand reported Data Breaches, root causes, trends, patterns, and potential for recurrence, and apply this to a prioritised programme;

• Working closely with the Data Protection Officer (DPO, and providing support where required in relation to managing Data breaches, and – essentially – lessons learned.

• Understand risk and vulnerabilities spanning physical, personnel and technical controls, that might lead to potential non-compliance and loss of confidentiality of data, and apply this to a prioritised programme;

• Working with the Deputy Security Advisor (DSA);

• Understand the spectrum and sensitivity of Ofgem Data, associated risk and apply this to a prioritised programme;

• Working closely with the Departmental Records Officer (DRO), including providing support to cover absences and unavailability.

Accordingly, the DPMCA’s role will interact with key personnel within SPaR, but also wider personnel in Corporate Services, in relation to formulation and conduct of the overall programme.

There will also need to be interaction with Ofgem staff and line managers in relation to specific findings, which will (at times) be sensitive and require careful handling. Accordingly, the role will necessitate achieving SC clearance.

Key Outputs and Deliverables

• Construction and delivery of a continuous programme of monitoring and compliance relating to loss of confidentiality or other exposure of Ofgem data;
• Production of ad-hoc; weekly and monthly reports and dashboard reporting spanning:
• Other products as required as requested by the DPO and DRO, including providing cover through periods of unavailability., You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the essential skills and capabilities.

Please refer to Civil Service candidate advice on the acceptable use of Artificial intelligence within the recruitment and selection process - Artificial intelligence and recruitment , Civil Service Careers

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn]. Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter . People working with government assets must complete baseline personnel security standard (opens in new window) checks., * UK nationals

• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Do you have experience in Presentation skills?, * Experience of business operations within Ofgem, or a comparable environment.

• Good understanding of HMG Policies, The Data Protection Act 2018 and their application.
• Experience of analysing information, identifying risks arising, and priority actions needed, within the context of Information risk, and specifically loss of confidentiality, relating to instances of unsanctioned or uncontrolled data egress.
• A strong track record of engaging, advising and influencing across an organisation, whilst projecting credibility and self-assurance – ideally with some experience of Data Protection and Information and Records Management.
• Strong demonstration of drafting capability, both for individual reports, but also dashboard reporting spanning metrics and risk
• Able to achieve and maintain SC Clearance

Desirable:

• Experience of supporting an organisation’s Data Protection Officer (DPO); Departmental Records Officer (DRO); and wider Security team.
• Practical understanding and application of Data Loss Prevention (DLP) and wider monitoring techniques and applications., * Seeing the Big Picture
• Communicating and Influencing
• Managing a Quality Service, This vacancy is using Success Profiles , and will assess your Behaviours, Experience and Technical skills.

Alongside your salary of £34,123, OFGEM contributes £9,885 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. Ofgem can offer you a comprehensive and competitive benefits package which includes; up to 30 days annual leave. Excellent training and development opportunities. The opportunity to join the Civil Service pension arrangements which include a valuable range of benefits. Flexible working hours and family friendly policies. Restaurant and subsidise gym (London only). Interest free season ticket loan.

Ofgem is Great Britain’s independent energy regulator. We’re at the forefront of change across the energy sector, driving toward Net Zero whilst protecting energy consumers - especially vulnerable people. We’re offering a permanent opportunity within our Cyber Security directorate, a role that places you right at the heart of our mission to protect not only our data, but the UK’s energy infrastructure. You’ll help shape our approach to monitoring and compliance, driving improvements that reduce risk and enhance resilience. This is a high-profile post for someone who wants to make a real and lasting impact. You’ll have the chance to work in a forward-thinking, nationally significant organisation where your analytical insight and data protection expertise will help prevent data loss and maintain trust in our operations. You’ll collaborate with experts across Corporate Services and Security, gaining exposure to a wide range of privacy, information assurance and strategic compliance activity. We’re looking for someone with a strong grasp of information risk and governance, a talent for translating findings into clear actions, and a confident, collaborative approach to working with stakeholders. You’ll have a keen eye for identifying and addressing vulnerabilities and the communication skills to turn insight into influence. You’ll benefit from an excellent rewards package, including flexible working options, and will be enabled to develop your professional portfolio with an array of engaging and critical activities. This is a rare opportunity to step into a role with strategic importance and real scope for personal growth, working with an inclusive and supportive team that values innovation and integrity. We have a critical purpose to prevent the loss or misuse of sensitive information, combating data risk and enhancing our defences across the board. If you’re passionate about protecting data and enabling change, we’d love to hear from you.