UPDATED CLOSING DATE: Data Protection Unit – Breach Technical Lead Grade VIII

Flexible location, requiring regular travel to Tusla Corporate Office, Brunel Building, Heuston South Quarter, Dublin 8.
 Salary:  See Description for Details
Other   Permanent
Closing Date: 18/06/2021 Closing Time: 12:00
Recruitment start: 05/05/2021


Job Summary

Details of Service

The Child and Family Agency was established on 1st January 2014 and is responsible for improving wellbeing and outcomes for children. It represents the most comprehensive reform of services for the development, welfare and protection of children and the support of families ever undertaken in Ireland. It is an ambitious move which brings together some 4,000 staff who were previously employed within Children and Family Services of the Health Service Executive, the National Educational Welfare Board and the Family Support Agency.


The Child and Family Agency has responsibility for the following range of services:

•             Child Protection and Welfare

•             Family Support

•             Alternative Care

•             Adoption

•             Tusla Education Support Services (TESS)

•             Domestic Sexual and General Based Violence (DSGBV)

•             Children’s Service Regulation

•             Counselling and Therapeutic Supports


Further information is available on www.tusla.ie


Purpose of Role:

The purpose of the role is to govern and manage the personal data breach-handling function within Tusla, provide strategic oversight and operational management, develop and maintain standard operating procedures, design and produce metrics and reports for senior management with a focus on improving data governance, and engage with and work in partnership across the Data Protection Unit (DPU).

Job Objectives

Main Duties and Responsibilities


Data Protection Operations

  • Manage the process of receipt, recording, analysis, investigation, regulatory compliance, and remedial actions for reported incidents/breaches.
  • Maintain accurate, real-time, metrics and reports of new, open, and closed incidents/breaches on a 72 hour/weekly/monthly/annual basis.
  • Manage the relationship with the Data Protection Commission (DPC) as it relates to incidents/breaches.
  • Conduct effective oversight and reporting of key data protection metrics, including incident/breach statistics and case volumes.
  • Manage the process of mitigation against potential or emerging incidents/breaches.
  • Manage and mentor Data Protection Specialist Administrators assigned to incident/breach management including in respect of caseload prioritisation, output, outcomes, problem solving capacity, and personal development.
  • Manage the incident/breach case management system (currently OneTrust)
  • Provide strategic oversight of and operational management for the incident/breach-handling function.


Team Effectiveness

  • Manage resources assigned to the incident/breach function including work prioritisation and output, personal development, and performance.
  • Maintain and update Standard Operating Procedures for the breach-handling function.
  • Train and upskill Breach support staff and other relevant stakeholder groupings.
  • Establish best practices for incident/breach processing in Tusla.


Stakeholder Engagement

  • Consult and build a strong relationship with the DPC; act as a point of contact for the DPC on breach management issues.
  • Ensure the development of effective relationships and communications with internal and external stakeholders in relation to breach management, including service users, staff members, and third parties.
  • Liaise with the DPU Helpdesk Technical Lead in order to mitigate against potential or emerging incidents/breaches.
  • Liaise with the Privacy Network Manager in relation the role of the Privacy Officers in reporting incidents and Breaches and following up locally in relation to mitigating actions
  • Participate in communication strategies designed to promote awareness of data protection obligations with internal and external stakeholders.


GDPR Compliance

  • Attend monthly risk committee meetings.
  • Co-ordinate and compile KRIs and KPIs for GDPR compliance in relation to incidents/breaches
  • Ensure that all GDPR reporting requirements in relation to breaches are maintained at a high level.
  • Keep up to date with data protection legislative requirements.
  • Maintain standards of practice and levels of professional knowledge in the area of data protection.
  • Support improvements to Tusla’s compliance with applicable data protection legislation.


Health & Safety

  • Comply with and contribute to the development of policies, procedures, guidelines and safe professional practice and adhere to relevant legislation, regulations and standards.
  • Have a working knowledge of the Health Information and Quality Authority (HIQA) Standards as they apply to the service for example National Standards for Child Protection and Care and comply with associated Tusla – Child and Family Agency protocols for implementing and maintaining these standards as appropriate to the role.
  • To support, promote and actively participate in sustainable energy, water and waste initiatives to create a more sustainable, low carbon and efficient health service.


The above Job Description is not intended to be a comprehensive list of all duties involved and consequently, the post holder may be required to perform other duties as appropriate to the post which may be assigned to him/her from time to time and to contribute to the development of the post while in office. 


Please refer to the Candidate Information pack attached to this campaign for full and further detail

Skills Required

Applicants must by the closing date of application have the following:


  • Have a minimum Level 8 qualification on the National Framework of Qualifications in Ireland (or equivalent in another jurisdiction) in a relevant discipline, and / or have a formal Data Protection certification / qualification


  • Have at least 3 years’ experience – managing resources, projects, organisational change initiatives; and general administration



  • Significant experience of one or more of the following:
    • Knowledge of the law and practice of the General Data Protection Regulation and the Irish Data Protection Act 2018
    • Knowledge of compliance reporting processes and communications to supervisory authorities and governance bodies, preferably in the area of data protection.
    • Experience of the development and communication of policies, procedures and guidelines and the development and implementation of privacy controls.
    • Experience of risk based compliance frameworks, control design and implementation, preferably in the area of data protection.


  • Experience of managing and working collaboratively cross functionally with multiple internal and external stakeholders, as relevant to this role


  • Have the requisite knowledge and ability (including a high standard of suitability and management ability) for the proper discharge of the duties of the office



A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.



Each candidate for and any person holding the office must be of good character

  Already Registered? Log in here
 Join our Talent Pool + submit your application

Please enter a valid email address

This email already has a universal profile registered. Log in instead to access it

This email address is already registered with this talent pool. Please login to access your profile. Forgot your password? Simply click the link to reset

Accept and agree all privacy Policy Terms and Conditions