Data Protection Commission

Background The Data Protection Act 2018, which became law on 25 May 2018 established a new Data Protection Commission (DPC). The new Commission is the national independent supervisory authority in Ireland with responsibility for upholding the fundamental right of the individual to have their personal data protected. The DPC's statutory powers, functions and duties derive from the Data Protection Act 2018, General Data Protection Regulation, Law Enforcement Directive, as well as from the Data Protection Acts 1988 to 2003 which, inter alia, gives effect to Council of Europe Convention 108. Using its statutory powers, the Data Protection Commission: examines complaints from individuals in relation to potential infringements of data protection law; conducts inquiries regarding infringements of data protection legislation and takes enforcement action where necessary; promotes awareness amongst members of the public of their rights to have their personal information protected under data protection law; drives improved awareness and compliance with data protection legislation by data controllers and processors legislation through the publication of high-quality guidance, proactive engagement with public and private sector organisations; through consultations with organisations, assists in identifying risks to personal data protection and offers guidance of best practice methods to mitigate against those risks; and cooperates with (which includes sharing information with) other data protection authorities, and acts as Lead Supervisory Authority at EU level for organisations that have their main EU establishment in Ireland. Our Mission Upholding the consistent application of data protection law through engagement, supervision and enforcement, and driving compliance with data protection legislation. The Data Protection Commission safeguards the data protection rights of individuals and provides clarity for the organisations it regulates by: educating stakeholders on their rights and responsibilities; taking a fair and balanced approach to complaint handling; communicating extensively and transparently with stakeholders; participating actively at European Data Protection Board level to achieve consistency; cultivating technological foresight, in anticipation of future regulatory developments; sanctioning proportionately and judiciously; and retaining and amalgamating the expert capacities of its staff to ensure operational effectiveness. Our Vision The Data Protection Commission is committed to being an independent, internationally influential and publicly dependable regulator of EU data protection law; regulating with clear purpose, trusted by the public, respected by our peers and effective in our regulation. The DPC will play a leadership role in bringing legal clarity to the early years of the General Data Protection Regulation. The DPC will apply a risk-based regulatory approach to its work, so that its resources are always prioritised on the basis of delivering the greatest benefit to the maximum number of people. The DPC will also be a rewarding and challenging place to work, with a focus on retaining, attracting and allocating the most appropriate people to deliver on its mandate, recognising the value and capacities of its staff as its most critical asset. Our Values The Data Protection Commission is an autonomous regulator, with responsibility for regulating both private and public sector organisations, as well as safeguarding the data protection rights of individuals. In the conduct of these duties, the DPC is committed to act always in a way that is: Fair Transparent Engaged Expert Accountable Independent Consistent Forward looking Results-driven Mandate The Data Protection Commission is afforded a broad-ranging mandate for the purpose of monitoring and enforcing the General Data Protection Regulation, which provides individuals with enhanced rights to data protection and increased obligations for organisations who process personal data. The GDPR also greatly strengthens the powers of Data Protection Authorities, and the DPC's given powers and assigned tasks allow it to handle complaints from individuals, in addition to conducting its own investigations into more systemic areas of risk. The DPC regulates in accordance with the General Data Protection Regulation, the Data Protection Act 2018, the E-Privacy Directive and the Law Enforcement Directive. Government continues to invest in Information and Communications Technologies in order to better deliver services to citizens and implement policy. The forms of implementation and quantities of data collection, however, can have significant impacts for the data privacy of citizens and require careful regulatory consideration and oversight. In the context of the dynamic and rapidly evolving technological environment, as well as the DPC's significantly enhanced functions and increasingly prominent international role under GDPR, this is an opportunity for progression within the DPC, to a fast-paced, collaborative, innovative and rewarding role. The Positions There are two immediate vacancies for Senior ICT Technologists within the DPC. These are: Senior ICT Regulatory Technologist Senior ICT Cybersecurity Technologist These two exciting roles at Assistant Principal Level are within the Technology & Operational Performance section to fulfil key roles across the scope of activities within the regulator. Reporting to senior management at the DPC, these roles will play a lead role in a cross-agency team of technologists, investigators and policy makers. The successful candidates will have a proven and demonstrable track record in several technology areas including but not limited to cyber security, technology leadership, and other related data protection and fundamental rights supporting technologies. The responsibilities associated with these demanding roles are wide and varied but will primarily involve key authority on cyber security and security technology within the DPC, ensuring effective regulatory duties are carried out while meeting strategic objectives. The successful candidates will provide expert guidance on data protection and cyber security matters, including breach response, network security, security governance, and best practices. They will oversee advanced technology inquiries, investigations, policymaking, and work with both internal and external teams, as well as peer supervisory authorities, on a range of security issues. The roles will also include leading the development and delivery of cyber security research, guidance, communications, and training materials, playing a critical role in ensuring that the DPC stays at the forefront of regulatory and corporate-level technology matters. The role of Assistant Principal Officer is a senior managerial grade within the DPC which reports to Principal Officer/Deputy Commissioner level and is a critical management role in implementing the DPC Regulatory Strategy to 2027. DPC will be conducting interviews to assess applicants for both positions. Within the application form, candidates are able to specify their preference. This preference will have no impact on the majority of the recruitment process - except where the highest scoring candidate notes a preference, they may be offered this position. The DPC may establish a panel from which other ICT Technologist roles may be filled, should they arise. Principal Duties The successful candidates' primary duties will involve: Senior ICT Cybersecurity Technologist Provide leadership and technical authority on cyber security and security technology matters to infrastructure, security, technology and compliance personnel at DPC. Manage the work load and performance of the role ensuring that all projects, maintenance and documentation is completed on time and to the highest standards. Provide proactive cyber and security technology solutions for questions arising within the DPC, including at operational and regulatory levels. Lead and be responsible for cyber security, security technology and strategic initatives in team and project meetings, reporting on particular issues, projects or participate on strategic initiatives with the section head and DPC senior management team as required. Support the delivery of our technical road map, planning for future upgrades, new systems and solutions, leading on security in vendor or consultant management activities to ensure excellent quality of service is being delivered in a cost effective manner. Evaluate current processes, frameworks and documentation; make recommendations for improvements; and implement approved changes. Working in close cooperation with other DPC teams in order to deliver secure quality services to our users. Develop any structures and processes to ensure efficient and smooth operation of the participation and role of the Cyber Security and Security Technology lead at DPC. Continuous self-education in matters relating to the position including maintaining an awareness of ICT innovations and trends and advising the ICT manager of their applicability to DPC, and legal compliance with GDPR, ePrivacy, Network Information Security and other cyber security and security technology related legislation in the EU and Ireland. Work with other heads of unit on a range of matters where cyber security and security technology play a key role, including assisting with conduct of inquiries and investigations, within the context of data protection legislation. Develop public communications and guidance in relation to cyber security; Work closely with DPC senior management to refine and develop cyber security policy on an ongoing basis; Co-ordinate national, EU and international engagement related to cyber security and security technology. Manage individual and team performance and development in the business area Carry out other functions that may be required to achieve the objectives of DPC. Senior ICT Regulatory Technologist Develop the Unit's function in line with best practices, standards and the DPC's Regulatory Strategy, to ensure that the work of the Unit is of sufficient quality to assist the DPC in the fulfilment of its Regulatory function, particularly where matters of technology arise. Regularly engage and collaborate with technologists across the organisation to cooperate and ensure consistency on technology-related matters Regularly engage and collaborate with legal experts within the DPC to ensure that technical and legal knowledge is communicated appropriately across the organisation. Provide a knowledge centre for the DPC on regulatory matters relating to technology, including by producing content and informal training sessions to relevant units within the organisation Brief Commissioners in their preparation for speaking publicly, or with European colleagues, where matters pertaining to novel technological concepts may be prominent Ensure that all work performed by the unit is documented according to policies and procedures established in the organisation Managing the workload and development of their staff within the Unit. Act as a technology authority to provide consistent, legally consistent and correct advice on technology matters to business units within the DPC to assist them ineffectively and confidently performing their regulatory function or engaging directly with regulated entities on their behalf in the capacity of a regulatory technology expert Attend and actively research and contribute to topical matters at an EU level through European Data Protection (EDPB) board expert group(s) Undertaking a process of continuous learning while maintaining up-to-date and particular knowledge on relevant activities related to national and multinational technology organisations, public service technology-based services, and any current and upcoming regulatory and technology developments, trends or innovation affecting organisations in Ireland and the EU Performing desktop and on-site research, audits and inspections, adhering to strict regulatory duties and managing collected evidence appropriately. Report effectively and promptly both verbally and in written reports to the head of unit or other units with whom the unit is working. Please note that the above lists of responsibilities are not exhaustive. This job description is intended as a basic guide to the scope and responsibilities of the position. It is subject to ongoing review and will evolve in line with the constantly evolving practices and functions of DPC's work. Please Note: Successful candidates may be based in the DPC's offices in Dublin City Centre or in Portarlington Co. Laois, depending on business needs Eligibility Essential Requirements An ICT related degree (including in science, engineering or technology) or equivalent qualifications at NFQ Level 7 or above and; Minimum 3 years' experience working in a similar ICT role or roles to include technology advisory, cyber security, or as deemed relevant by the panel. OR Minimum 5 years ICT experience operating in a similar ICT role or roles to include technology advisory, cyber security, or as deemed relevant by the panel providing team leadership and authority in supporting complex security infrastructure dispersed over multiple sites. Desirable Requirements Experience of successfully working in a regulatory environment. Have significant management experience at an appropriate level, including leading teams and managing stakeholders. Have significant experience of some or all of the following: Data protection analysis and guidance, regulatory/investigatory work, data protection legal and policy areas, people management, project management, managing budgets, delivery of programmes, strategic and change management Experience with successfully communicating complex technological matters effectively with stakeholders with lesser technology experience and expertise Additional Eligibility Requirements Core Competencies: The candidate must be able to demonstrate the core competencies of an Assistant Principal Officer namely (Appendix 1) Leadership Analysis and Decision Making Management and Delivery of Results Interpersonal and Communication Skills Specialist Knowledge, Expertise and Self Development Drive and Commitment to Public Service Values How to Apply By clicking Apply you will will see instructions on how to submit your complete application as below. Please take care when completing your application, ensuring you include all relevant details. Your application will form part of the assessment process where shortlisting is applied and also where candidates are called for interview. The Application Form allows applicants to detail their qualifications, skills and experience and how they meet the essential requirements and personal attributes of the post. There is no requirement to provide any additional material such as a CV, etc. Closing date The closing date for receipt of applications is strictly 12pm (noon) on Wednesday 2 April 2025. All applications will be acknowledged. Late applications will not be considered. To be considered for this role you will be redirected to and must complete the application process on our careers page. To start the process, click the Apply button below to Login/Register.