Security Development and Compliance Lead

Titchfield, England, United Kingdom

7/16/2025

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham) and Manchester.

All colleagues on office-based contracts should be working primarily in their contractually allocated site for at least 40% of their working time. The exception to this is for colleagues based at the Manchester office. Due to current capacity constraints, colleagues based there will only be required to attend the office for 20% of their work time. It is expected Manchester will move to 40% in 2025-2026.

The induction process for the role will be conducted in person.

Job Summary

The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering a range of key economic, social and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution, and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime, and migration.

The role is within the Security Development Compliance and Audit (SDCA) team which forms part of the Security and Information Management (SaIM) directorate. The SDCA team provides an advice service to stakeholders for the complete lifecycle, security and governance of sensitive information stored within data access environments. The SDCA team also acts as an interface between stakeholders to deliver data protection assurance, monitor compliance with security policies and principles as well as provide evidence to stakeholders in support of these functions.

The primary focus of the role will be leading the Security Development and Compliance team in the development and implementation of data protection assurance and audit capabilities, in line with clearly defined security strategy and data protection standards. This also includes advising internal users, stakeholders and Information Asset Owners on compliance and risk associated with use of data. The role includes line management responsibilities for Security Development and Compliance Policy Associates HEO & EO Level.

Job Description

The Role

The role supports ONS core security capability, covering service management, assurance and incident response, and provides many opportunities for cross-skilling and development.

The focus, outcomes and responsibilities are primarily aligned to the Government Security Profession Cyber Security Monitoring Lead role, with elements from Corporate Enablers Security Adviser and Process Lead roles.

Responsibilities:

• Developing, owning and implementing effective data protection assurance processes and compliance documentation (e.g. DPIAs, SyOPs, etc.) to meet regulatory and legal requirements.
• Developing and implementing effective security auditing, monitoring and assessment capability for data systems and data use incorporating advice from security and industry best practice.
• Establishing detailed understanding of the nature, scope, context, purposes and risk of data processing by different business areas to provide comprehensive guidance and effective oversight of compliance.
• Developing and promoting effective training, engagement and awareness-raising activities to promote data protection and compliance best practice.
• Investigating non-compliance incidents and breaches in conjunction with Cyber Security and directing mitigating actions.
• Supporting the shaping of the security audit and monitoring strategy, ensuring requirements, policies and standards to govern all activities and outputs are met.
• Supporting Cyber Security in the management of monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents and reviewing analysis of security event data to manage security incident response, reporting, or escalation where appropriate.
  
  

The Role

The role supports ONS core security capability, covering service management, assurance and incident response, and provides many opportunities for cross-skilling and development.

The focus, outcomes and responsibilities are primarily aligned to the Government Security Profession Cyber Security Monitoring Lead role, with elements from Corporate Enablers Security Adviser and Process Lead roles.

Responsibilities:

• Developing, owning and implementing effective data protection assurance processes and compliance documentation (e.g. DPIAs, SyOPs, etc.) to meet regulatory and legal requirements.
• Developing and implementing effective security auditing, monitoring and assessment capability for data systems and data use incorporating advice from security and industry best practice.
• Establishing detailed understanding of the nature, scope, context, purposes and risk of data processing by different business areas to provide comprehensive guidance and effective oversight of compliance.
• Developing and promoting effective training, engagement and awareness-raising activities to promote data protection and compliance best practice.
• Investigating non-compliance incidents and breaches in conjunction with Cyber Security and directing mitigating actions.
• Supporting the shaping of the security audit and monitoring strategy, ensuring requirements, policies and standards to govern all activities and outputs are met.
• Supporting Cyber Security in the management of monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents and reviewing analysis of security event data to manage security incident response, reporting, or escalation where appropriate.
  
  

Person specification

Essential Criteria:

• Detailed knowledge of data protection legislation and regulations, including understanding of their implementation in different contexts across Government.
• Ability to assess risk of diverse data use cases across multiple business areas advise on mitigations.
• Ability to understand and evaluate threat based on quantitative and qualitative data and recommend protective security measures.
• Ability to effectively manage a team of specialists based across different sites within a dynamic working environment.
• Understanding of UK Government Security Policy Framework and relevant Information Assurance Standards, e.g. ISO 27001, Data Protection Act.
• Ability to work as part of a team in a multi-discipline environment.
• HMG Vetting at Security Clearance (SC) level will be required prior to starting in role.
  
  

Desirable Criteria:

• Holding or willing to work towards professional development qualifications within specialist Security discipline g.ISO 27001 Security Auditor etc.
  
  

Behaviours

We'll assess you against these behaviours during the selection process:

• Communicating and Influencing
• Managing a Quality Service
• Leadership
• Working Together
  
  

Technical skills

We'll assess you against these technical skills during the selection process:

• Applied Security Capability - Practitioner
• Information Risk Assessment and Risk Management - Practitioner
• Protective Security - Working
• Threat Understanding - Working
  
  

Alongside your salary of £43,013, Office for National Statistics contributes £12,460 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our 5400 valued colleagues across the business.

Whether you are hearing about us for the first time or already know a bit about our organisation, we hope that the benefits pack attached (bottom of page) will give you a great insight into the benefits and facilities available to our colleagues and our fantastic working culture.

This Role Is Part Of The Cross-government Government Digital And Data (formerly DDaT) Profession Framework. As a Role Within Government Digital And Data (formerly DDaT) At The ONS, We Also Offer Benefits Such As:

• Protected Learning Time to spend on your personal development and side-projects.
• A supportive and active Community of Practice which you will be expected to contribute to, helping ensure you and your colleagues get the training, development and opportunities you need to progress your careers.
  
  

We are committed to supporting our people’s wellbeing by offering flexible ways of working that support a healthy work life balance. We are happy to explore opportunities with you about working flexibly in line with our hybrid working policies.

Inclusion & Accessibility

At ONS we are always looking to attract the very best people from the widest possible talent pool, and we are proud to be an inclusive, equal opportunities employer. As a Disability Confident Leader we’re committed to ensuring that all candidates are treated fairly throughout the recruitment process.

As part of our application process, you will be prompted to provide details of any reasonable adjustments to our recruitment process that you need. If you would like to discuss any reasonable adjustments before applying, please contact the recruitment team in the first instance.

If you would like an accessible version of any of the attachments or recruitment documents below or linked to in this advert, please contact the recruitment team who will be happy to assist.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security Clearance

For ONS the requirement for SC clearance is to have been present in the UK for 3 consecutive years immediately prior to applying and the department will consider eligibility by exception on a case-by-case basis. You will be asked to provide information regarding your UK residency during your application, and failure to provide this will result in your application being rejected.

If you are unsure that you meet the eligibility above, please read the information available on Gov.uk on this link, or contact the recruitment email on the advert before applying to discuss, as failure to meet the residency requirements will result in your security clearance application being rejected and any offer of employment being withdrawn.

At the point of SC application, you will need to provide or give access to the following evidence:

• Departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• Your credit and financial history with a credit reference agency
• Security Services records
  
  

All applicants will have access to AI resources, it is therefore important to remember these tools, although helpful in streamlining the writing process, cannot fully understand the organisational context, or requirements for the role you are applying for.

To maintain authenticity and credibility of the application process, should you choose to use generative AI tools, you need to ensure the information you provide in your supporting evidence accurately reflects your skills, knowledge, and experience.

ONS does not advocate relying solely on generative AI to write your application. Doing so may negatively impact your chances of success during the selection process.

If you are invited to interview, please be aware the use of AI tools is prohibited, and any suspected use may result in the termination of your interview and subsequent withdrawal from the campaign.

Please note that all campaigns may be subject to withdrawal at any stage if the internal resource position changes.

Application Process

Number of Stages: 2 stage process

Stage 1: Application

Stage 2: Interview

Stage 1 – Application

The assessment process at the application stage will be based on your work history, skills, experience, CV, and personal statement. It is important that your application is tailored to highlight the skills, knowledge, and experience relevant to the role.

If a personal statement is required at application stage, it will state the maximum wordcount allowed, which should not be exceeded. Where it is a requirement to make a personal statement, you should provide evidence for each essential skill criterion listed in the person specification. As these criteria are scored, it is advisable to give clear examples for each one, including the impact of your actions, ideally utilising the STAR technique (Situation, Task, Action, Result).

Please note that Success Profiles Behaviour examples are not required at this stage of the application process.

In instances where a high number of applications are received, the sift pass mark may be adjusted, and candidates will be invited to interview based on merit order, i.e., those with the highest scores.

Stage 2 – Interview

If invited to interview, you will be assessed using techniques aligned with the Civil Service Success Profiles framework, covering all behaviours listed in the job advert and any required technical skills.

A presentation may be required at interview.

Interviews may be in person or via Microsoft Teams.

A reserve list may be held for a period up to 12 months from which further appointments may be made.

GDD Pay

This role falls within the remit of the GDD Pay Framework that was introduced at the Office for National Statistics from May 2022. This means that in the event that you are successful at interview, your starting salary will be calculated based on the scores achieved during the Technical section of the interview. Full feedback will be provided to you at the point of offer.

The Sift will be conducted from 29/07/2025

Interviews will be conducted from 19/08/2025

For the full terms and conditions of the post, please see attachment.

Feedback will only be provided if you attend an interview or assessment.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
  
  

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : Jonathan Booth
• Email : [email protected]
  
  

Recruitment team

• Email : [email protected]
  
  

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact [email protected]. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission