Data Protection Monitoring and Compliance Analyst

Requirements of the role

Data is the lynchpin that supports the energy industry and Ofgem has responsibility for protecting sensitive information. We are strengthening our defences to ensure the integrity and confidentiality of the data that powers our critical decisions and are looking for a Data Protection Monitoring & Compliance Analyst to join us and play a vital role in safeguarding our systems, operations, and people.

Ofgem is Great Britain’s independent energy regulator. We’re at the forefront of change across the energy sector, driving toward Net Zero whilst protecting energy consumers – especially vulnerable people.

We’re offering a permanent opportunity within our Cyber Security directorate, a role that places you right at the heart of our mission to protect not only our data, but the UK’s energy infrastructure. You’ll help shape our approach to monitoring and compliance, driving improvements that reduce risk and enhance resilience. This is a high-profile post for someone who wants to make a real and lasting impact.

You’ll have the chance to work in a forward-thinking, nationally significant organisation where your analytical insight and data protection expertise will help prevent data loss and maintain trust in our operations. You’ll collaborate with experts across Corporate Services and Security, gaining exposure to a wide range of privacy, information assurance and strategic compliance activity.

We’re looking for someone with a strong grasp of information risk and governance, a talent for translating findings into clear actions, and a confident, collaborative approach to working with stakeholders. You’ll have a keen eye for identifying and addressing vulnerabilities and the communication skills to turn insight into influence.

You’ll benefit from an excellent rewards package, including flexible working options, and will be enabled to develop your professional portfolio with an array of engaging and critical activities. This is a rare opportunity to step into a role with strategic importance and real scope for personal growth, working with an inclusive and supportive team that values innovation and integrity.

We have a critical purpose to prevent the loss or misuse of sensitive information, combating data risk and enhancing our defences across the board. If you’re passionate about protecting data and enabling change, we’d love to hear from you.
Job description
The Data Protection Monitoring & Compliance Analyst’s (DPMCA) key responsibility is to identify and conduct an ongoing programme of monitoring and compliance relating to the specified, and observed, systems of controls in place to prevent, detect, and mitigate loss of confidentiality or other exposure of Ofgem data.

The DPMCA will work with Subject Matter Experts across Ofgem, typically within Corporate Services, to:

Determine and address both actual and potential instances of data loss, through:

Identifying instances of unsanctioned or uncontrolled data egress;
Working with Corporate Services to:
address specific issues arising;
determine and address root cause, vulnerabilities, and exposure;
Support resulting activities including investigations instigated and/or required by corporate and line manager functions.
Determine and undertake regular Dashboard reporting at both macro and micro levels, to feed into Risk Management and Governance reporting regimes.

Feeding into Risk and Vulnerability Registers;
Feeding into weekly and monthly reporting cycles;
Reporting ad-hoc in relation to investigatory work, as required by local and corporate management.
Construct and undertake a programme of monitoring and compliance that will span:

Manual and automated interventions and techniques;
Exploitation of existing capabilities;
Identification of new and improved tooling and techniques;
Embedding – where possible – continuous Audit capabilities across multiple channels, but initially focusing attention on data egress via Email and removable media.
The DPMCA will formally report to the Ofgem Data Protection Officer (DPO) and support both the DPO and Departmental Records officer (DRO) as required.

View on member website