Senior Data Governance Lead

TO APPLY DIRECT FOR THIS ROLE PLEASE VISIT CIVIL SERVICE JOBS

At HM Revenue and Customs (HMRC) we make sure money is available to fund the UK's vital public services and assist people with targeted financial support.

Data Analytics Team (DAT) forms part of the Analysis function within HMRC's Risk and Intelligence Service (RIS) Directorate. DAT provides analytical expertise to policy and compliance partners across multiple business areas. We interrogate complex data to first understand it, and then to provide insight on compliance risks and shape new compliance capability.

DAT uses data analytics for a variety of tasks:

• Identifying and predicting patterns of customer behaviour.
  
  
• Identifying and prioritising risks to the tax system to inform strategic and tactical decision making.
  
  
• Providing analysis and insight to help decision makers understand emerging trends and changes to customer bases.
  
  The Portfolio Management Office (PMO) sits within the Data Analytics Team (DAT). PMO are responsible for data governance and data security assurance across DAT, including for cross government data exchanges. Prior to data being exchanged HMRC must ensure the relevant and correct legal gateways are in place and the data shares are compliant with UK GDPR. Reporting to the G7 Head of PMO, the job holder will oversee the movement of bulk data, assuring relevant data transfer documentation, such as MoUs, DPIAs and CoRAs, and engaging with all relevant stakeholders. The jobholder will also be responsible for data security across the entire DAT portfolio, managing data retention and storage as well as being responsible for the DAT Risk Management framework.
  
  Job description
  
  
• Assuring the drafting and development of data exchange documentation - ie: MoUs, DPIAs and CoRAs. This will include engagement with cross-government stakeholders, Security & Information Business Partners, data analysts and HMRC Central Policy when required, to prepare documentation, checking for accuracy prior to data transfer.
  
  
• Ensuring all projects are UK General Data Protection Regulation (UK GDPR) compliant.
  
  
• Collaborating with GovDET and internal and external stakeholders to resolve data exchange issues.
  
  
• Ensuring GovDET is complying with Data Security and External Data Exchange Team (EDE) policies by working with Security & Information Business Partners and external stakeholders to complete assurance checks on data exchanges and data handling, capturing and escalating any issues as required.
  
  
• Lead the development of capability through sharing knowledge and best practice with DAT colleagues relative to data security principles.
  
  
• Maintaining management information on data exchanges, recharge of Analysts time and responding to demand-led MIS requests as required.
  
  
• Oversee assurance activity of DAT portfolio (on average 130 projects) relative to data security and data governance.
  
  
• Embed a risk management culture within DAT, overseeing the implementation of a Tier 5 risk management framework.
  
  Person specification
  
  
• A strong understanding of data security and GDPR, as well as how data is used to support compliance activity, including bulk data movements internally and across government.
  
  
• Comfortable in supporting and undertaking collaborative working across government at senior grades to produce quality outputs, for example, in response to Freedom of Information requests, Ministerial briefings or cross government policy requests.
  
  
• Experience identifying capability gaps and developing long term capability plans relative to data security and governance.
  
  
• An understanding of risk management including recording, mitigating, and escalating risks.
  
  Essential Criteria
  
  
• Experience of practically applying GDPR principles relating to data security.
  
  
• Experience of leading assurance or compliance activity relative to data security.
  
  
• Experience of developing data exchange documentation including: Process Memorandum of Understanding (PMOU), Data Protection Impact Assessments (DPIA) and Certificate of Review and Assurance (CoRA).
  
  
• Experience of engaging with both internal and external stakeholders on data sharing initiatives.
  
  
• You will need to already have or obtain security clearance at SC level when appointed.
  
  This role is not eligible for sponsorship. You will need to meet the minimum UK residency period as determined by the level of security vetting being undertaken, which for SC is 5 years UK residency prior to your vetting application. If you do not have a minimum of 5 years consecutive residency in the UK, then your application will be rejected