• To champion and implement good operational information rights and data protection practice across PHSO and our data processors (suppliers).
  • To ensure that your team handles information requests in accordance with all statutory obligations, codes of practice and guidance thereby minimising the reputational risk of non-compliance.
  • To manage and maintain guidance and policies to ensure that how we work keeps pace with technological, legislative and best practice developments.
  • To horizon scan and maintain your knowledge of data protection, technologies, ICO action and decisions, cyber security and information rights.
  • Maintain a robust knowledge of all relevant legislation, regulations/codes of practice and tribunal/court decisions in order to be able to take decisions relating to the interpretation, scope and outcomes of information requests, including the application of exemptions and be able to translate those into guidance and policy for non-specialist audiences.
  • Be a credible champion for information rights, working with stakeholders to help PHSO deliver our strategic objectives whilst complying with the law.
  • To lead the data protection impact assessment process to ensure a consistent and compliant approach to high-risk data processing.
  • To lead the information assurance networks within PHSO, supporting staff and managers to understand their responsibilities.
  • To manage demand and expectations both internal and external, and to take direct ownership of complex or high-profile incidents or cases as directed by the SIRO and/or DPO.
  • Produce consistent and measured arguments in response to complaints made to the regulator about PHSO’s handling of information.
  • Implement and then maintain PHSO’s publication scheme, proactively identifying areas when publication is in the public interest, aligned with the ICO’s transparency strategy.
  • Own the business planning process for the Information Assurance team, profiling resources, demand and other constraints or opportunities to ensure that the service is maintained at target level.
  • To sign off, when delegated by the DPO, technical, logical and/or information design and data protection risk assessments.
  • Act as lead Duty Incident Manager on a shared rota basis to manage information security and personal data breaches in accordance with defined incident management processes, ensuring impacts and risks are appropriately identified, assessed and mitigated;

Generic Duties

  • To manage the team’s delivery against agreed targets and quality standards.
  • To lead and manage change in own area and within the wider PHSO management community.
  • To manage, support, develop and coach the team enabling high performance.
  • To participate in learning & development activity and professional development as required in relation to the role.
  • To contribute to an environment of continuous improvement and excellence.
  • To provide excellent customer service to all internal and external stakeholders.
  • To take decisions in accordance with the role’s delegated authority under the casework and/or non-casework delegation schemes.
  • To ensure all legislative, regulatory, policy, process, procedures and guidance requirements of PHSO are adhered to and appropriately evidenced to the role’s line manager.
  • To promote and support the PHSO’s vision and values.
  • To complete any other duties commensurate with the role.

The Successful Applicant


  • Knowledge and experience of data protection and information rights legislation.
  • Knowledge, experience and expertise in assessing new technologies, concepts, ideas and/or suppliers to ensure security and legislative compliance.
  • Knowledge and experience of risk and opportunity management with information and technology risk management desirable.
  • Experience of delivering continuous and demonstrable improvements and of using data manipulation, analysis and performance/management information techniques to track that improvement.
  • Sound knowledge of people management skills and processes.
  • Understanding how new and emergent technologies impact data protection and information security.
  • Technical knowledge of current data protection legislation and the role of the data protection officer under GDPR.
  • Ability to understand technological and informatic concepts (examples include cloud, AI, big data, machine learning, internet of things, data centres and protocols) to be able to identify risks and opportunities for data protection and information rights.
  • Experience in leading and completing data protection impact assessments


  • Industry recognised qualifications in DPA and FOI legislation
  • Degree in a numerate or analytical discipline.
  • An understanding of the services of PHSO and the Ombudsman’s role (desirable, not essential).
  • An awareness of public administration (central government in particular) or the NHS and the context in which it operates – desirable, but not essential.

What’s on Offer

  • Package up to £61,
  • Civil Service Pension scheme (min 26.6% employer contribution)
  • 30-day holiday entitlement, + 2.5 extra statutory holidays on top
  • Flexitime: Core hours between 10.00-12.00 & 14.00-16.00
  • Extra 2 days of Flexi-leave each month for additional hours that have been accrued
  • Access to a wide variety of internal & external wellbeing support, 24/7 assistance programmes and health advice

PHSO is committed to Equality, Diversity and Inclusion (EDI), and welcomes applications from individuals from diverse backgrounds. They are also a Disability Confident organisation. If you wish to access the DCS or require any reasonable adjustments through the process please contact the lead recruiter to discuss your needs before the advert closes.

To apply, please submit an up-to-date CV detailing your experience that best fits the essential criteria outlined above.

NOTE: We can only consider applications from candidates who have the right to work in the UK.