Security Development and Compliance Lead - ONS - SEO

Security Development and Compliance Lead - ONS - SEO

£43,013 - £46,654. Plus a skills allowance of up to £5,000 (non-pensionable and non-contractual) may be payable.

Published on: 3 July 2025 Deadline: 17 July 2025

Location

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham), and Manchester.

All colleagues on office-based contracts should work primarily in their contractually allocated site for at least 40% of their working time. The exception is for colleagues based at the Manchester office, who will only be required to attend the office for 20% of their work time due to current capacity constraints. It is expected that Manchester will move to 40% in .

The induction process for the role will be conducted in person.

About the job Job summary

The Office for National Statistics (ONS) is the UK's largest producer of official statistics, covering key economic, social, and demographic topics. These include measuring changes in the UK economy, estimating the size, geographic distribution, and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime, and migration.

The role is within the Security Development, Compliance, and Audit (SDCA) team, which is part of the Security and Information Management (SaIM) directorate. The SDCA team provides advice on the lifecycle, security, and governance of sensitive information stored within data access environments. They act as an interface between stakeholders to deliver data protection assurance, monitor compliance with security policies, and provide evidence to support these functions.

The primary focus of this role is leading the Security Development and Compliance team in developing and implementing data protection assurance and audit capabilities, aligned with security strategies and data protection standards. This includes advising internal users, stakeholders, and Information Asset Owners on compliance and risks related to data use. The role also includes line management responsibilities for Security Development and Compliance Policy Associates at HEO & EO levels.

The Role

This role supports the core security capability of the ONS, covering service management, assurance, and incident response. It offers opportunities for cross-skilling and development. The responsibilities align primarily with the Government Security Profession Cyber Security Monitoring Lead role, with elements from the Corporate Enablers Security Adviser and Process Lead roles.

Responsibilities:

• Develop and implement effective data protection assurance processes and compliance documentation (e.g., DPIAs, SyOPs) to meet regulatory and legal requirements.
• Develop and implement security auditing, monitoring, and assessment capabilities for data systems and data use, incorporating industry best practices.
• Understand the scope, context, purposes, and risks of data processing across business areas to provide guidance and oversight.
• Create and promote training, engagement, and awareness activities to foster data protection and compliance best practices.
• Investigate non-compliance incidents and breaches, working with Cyber Security to implement mitigating actions.
• Support the development of security audit and monitoring strategies, ensuring policies and standards are met.
• Assist Cyber Security in managing security alerts, incident investigations, and response activities.

Person specification

• In-depth knowledge of data protection legislation and regulations, including their implementation across government contexts.
• Ability to assess risks associated with diverse data use cases and advise on mitigations.
• Skill in evaluating threats using quantitative and qualitative data and recommending protective measures.
• Experience managing a team of specialists across different sites in a dynamic environment.
• Understanding of UK Government Security Policy Framework and standards like ISO 27001 and the Data Protection Act.
• Ability to work effectively within a team in a multi-disciplinary setting.
• HMG Vetting at Security Clearance (SC) level required prior to starting.
• Willingness to pursue professional development qualifications in security, such as ISO 27001 Security Auditor.

Behaviours

Assessment during the selection process will focus on:

• Communicating and Influencing
• Managing a Quality Service
• Leadership
• Working Together

Technical skills

Assessment will include:

• Applied Security Capability - Practitioner