JOB DESCRIPTION
Post: Data Protection and Information Security Officer
Responsible to: Head of Finance / Head of Technology Solutions
Fixed Term Post : 6 months in the first instance
Job Purpose
The focus of this role will be on Data Protection and ensuring compliance with the General Data Protection Regulation from May 2018. The role will also be a lead on Information Security across Sport Wales and drive user education and awareness in these key areas. To champion Information Security and Data Protection within Sport Wales, increase understanding within the organisation, drive best practice and ensure compliance.
To lead on developing processes, policies and procedures in each of the three key areas of Data Protection, Information Security and Freedom of Information.
To provide expert advice and guidance in line with Data Protection Act (and GDPR), Information Security and Freedom of Information regulations and keep up to date with new developments including legal requirements
To respond to and process Data Subject Access and Freedom of Information requests.
Main Duties
Data Protection
· Ensure organisational compliance with current Data Protection Act and forthcoming General Data Protection Regulation.
· Lead on Data Protection (DP) compliance across Sport Wales.
· Develop and maintain DP policies and procedures.
· Promote awareness amongst Sport Wales staff by developing training and education programmes to cover DP, Information Security and Freedom of Information.
· Develop processes and procedures for handling Data Subject Access requests
· Develop processes and procedures for handling Data Breach incidents
· Carry out Data Protection Impact Assessments and complete PCI accreditation for relevant data/systems
· Respond to and manage Data Subject Access requests in line with procedures
Information Security
· Ensuring organisational compliance with current Information Security (InfoSec) requirements
· Point of contact for Welsh Government on matters relating to Information Security
· Promote awareness amongst all Sport Wales staff by developing training and education programmes to Information Security
· Lead on Information Security (InfoSec) and Data Protection (DP) compliance across Sport Wales.
· Maintain a register of data owners for information assets and educate the data owners on their responsibilities
· To investigate suspected and actual information security incidents in accordance with the policies in place. Produce reports with recommendations and ensure any remedial action is taken
· To develop and maintain the information security policy and accompanying standards, procedures and guidance in conjunction with the Head of Technology Solutions
Freedom of Information
· Ensuring organisational compliance with current Freedom of Information (FOI) Act and Information Commissioners Office (ICO)
· Provide expert advice and guidance in line with FOI and its associated code of conducts
· Provide information and guidance on the processing of all personal data
· Process, co-ordinate and respond to all requests for information under FOI legislation
· Develop, Implement and enforce a suitable FOI Policy and procedures, in accordance with FOI Act and ICO recommendations
· Raise awareness of FOI throughout Sport Wales in conjunction with Data Protection and Information Security
General
· Provide regular reports to the Sport Wales Senior Management Team and Audit & Risk Committee on compliance with the Data Protection Act/GDPR and associated risks.
· Provide necessary training and guidance to staff, in particular to those who may take on the role in the longer term
· Provide input to the wider development of the information governance strategy and business planning process
· Develop and publish a document classification policy that meets Information Security and Data Protection requirements including retention in conjunction with the Head of Technology Solutions.
This list is not to be regarded as exclusive or exhaustive as there may be other duties and responsibilities which Sports Wales may require the post-holder to perform from time to time in the implementation of its policies.
PERSON SPECIFICATIONSkills, Aptitudes and Abilities / Essential / Desirable
Key decision Maker - Takes responsibility for making decisions based on thorough insight, evidence and risk. Seizes opportunities to move things forward. Thinks through the impact of the decision.
Risk & Compliance -Identify key risks to the organisation related to each key area of operation. Monitors risk and compliance and regulatory requirements.
Strategy – Ability to identify and critically assess strategic opportunities and threats to the organisation. Develop strategies in context of our policies and business objectives.
Clarity and Direction – Ability to translate and effectively communicate the vision and aspirations into corporate strategy. Provides organisational direction, to enable the setting and delivery of business objectives and effectively monitors and evaluates progress.
Leadership - Leads and inspires others - earns respect from colleagues and partners; builds strong relationships across key partnerships to influence continuous improvement and drives change (in corporate structures and processes) Creates an environment for staff to maximise their potential.
Performance Management – Proven track record of successfully managing teams, achieving high performance by setting and measuring realistic objectives and the ability to develop and manage poor/weak performance.
Working with and developing others – Promotes knowledge sharing within and beyond their own team. Devotes time to others, Listens to their views.
Sport Wales encourages ALL employees to work with and support the Sport Wales Strategic Equality Plan to deliver equality and diversity throughout Sport Wales to comply with current legislation.
Expert Knowledge – Is recognised as an expert within their sphere of work; is able to develop policy and influence key decision makers both in Wales and beyond
Analysing and Interpreting information- Ensures delivery against plans and forecasts accurately. Ensures deadlines are met, prioritizing effectively when issues or timescales change.
Taking personal responsibility – Holds self and others accountable for standards of performance to successfully deal with a range of often complex situations. Where appropriate seek the support and guidance from others in the organisation.
Communicating with others- Achieves full understanding of others, their needs, roles, responsibility. Listens, clarifies to check understanding and uses the most appropriate method, language, medium and style of communication for the situation and people involved.
Computer Literate - Confident, proactive and possesses intermediate or advanced skills and knowledge of Microsoft Word, Outlook, Excel and PowerPoint.
Excellent written and communication skills -The ability to communicate persuasively at a senior level in a written format including business proposals, board papers and formal report writing.
Highly effective presentation skills – Ability to present to all levels.
Innovative – Actively looks for new ways of improving service and outcomes for the end user.
Planning –Setting goals, defining roles and producing schedules and tasks. /
/
Experience and knowledge
Experience of operating in a strategic role.
Logical and organized thinker.
Can communicate in the Welsh language or be prepared to learn.
Experience of providing strategic support and guidance to Boards, Chairs, CEOs.
Demonstrate commitment to own learning and continuous improvement through training and development.
Extensive corporate governance experience if relevant. /
/
Sport Wales’ Behavioural framework
Teamwork...the power of working together
· Being a positive impact on others, encouraging and supporting them when required.
· Celebrating and recognising our successes together
· Respecting others and earning respect
· Investing time to actively listen and to get to know the person not just the face
Delivery...making a difference
· Focussing on what will make the greatest difference - no matter how big or small.
· Taking responsibility for our own delivery and development.
· Trusting and utilising the skills and experience of others to get the job done.
Ambition...the pursuit of success
· Setting our standards high and challenging constructively.
· Seeking and being open to new ideas and expertise from around the world.
· Enjoying and taking pride in the work we do.
· Being courageous to do things differently. /