The Child and Family Agency was established on 1st January 2014 and is responsible for a range of statutory functions including provision of child protection, alternative care, specified regulatory services and a range of family support services. The Agency has commenced a major improvement programme with significant focus on Practice, Culture and Structure.
The Agency currently has responsibility for a budget of circa €1.2billion and delivers its services through over 5,500 people in 259 locations across the Country.

The Child and Family Agency has responsibility for the following range of services:
• Child Protection and Welfare
• Parenting, Family Support and Early Help Services
• Alternative Care
• Birth Information & Tracing and Adoption
• Tusla Education Support Services (TESS)
• Children’s Service Regulation
• Counselling and Therapeutic Supports

Further information is available on www.tusla.ie

Data Protection Unit
Tusla processes a large volume of highly sensitive personal data on a daily basis in order to deliver the critical services it provides to Children and Families across the State. In doing this, Tusla must ensure that it has adequate organisational and technical measures in place; that the rights and freedoms of Tusla service users are respected and that privacy risks to those rights and freedoms are minimised; and that a fit for purpose operating model for Data Protection and FOI is implemented.

Data Protection Operations

Conduct effective oversight and reporting of key data protection metrics, including incident/breach statistics and case volumes.
• Maintain accurate, real-time, metrics and reports of new, open, and closed incidents/breaches on a 72 hour/weekly/monthly/annual basis.
• Manage the relationship with the Data Protection Commission (DPC) as it relates to incidents/breaches.
• Manage and mentor Data Protection Specialist Administrators assigned to incident/breach management including in respect of caseload prioritisation, output, outcomes, problem solving capacity, and personal development.
• Manage the incident/breach case management system.
• Manage the process of mitigation against potential or emerging incidents/breaches.
• Manage the process of receipt, recording, analysis, investigation, regulatory compliance, and remedial actions for reported incidents/breaches.
• Provide strategic oversight of and operational management for the incident/breach-handling function.

• Manage requirements for training and awareness initiatives to support consistent compliance in relation to incidents/breaches.                       

Team Effectiveness
• Design and maintain Standard Operating Procedures for the breach-handling function.
• Train and upskill Breach support staff and other relevant stakeholder groupings.
• Establish best practices for incident/breach processing in Tusla.
• Manage resources assigned to the incident/breach function including work prioritisation and output, personal development, and performance.
• Manage the procurement process for purchasing in relation to incidents/breaches.
• Produce metrics and reports with a focus on improving data governance.
Stakeholder Engagement
• Consult and build a strong relationship with the DPC; act as a point of contact for the DPC on breach management issues.
• Ensure the development of effective relationships and communications with internal and external stakeholders in relation to breach management, including service users, staff members, and third parties.
• Liaise, in particular, with the DPU Helpdesk Technical Lead in order to mitigate against potential or emerging incidents/breaches.
• Participate in communication strategies designed to promote awareness of data protection obligations with internal and external stakeholders.

GDPR Compliance

• Attend monthly risk committee meetings.
• Co-ordinate and compile KRIs and KPIs for GDPR compliance in relation to incidents/breaches
• Ensure that all GDPR reporting requirements in relation to breaches are maintained at a high level.
• Keep up to date with data protection legislative requirements.
• Maintain standards of practice and levels of professional knowledge in the area of data protection.
• Support improvements to Tusla’s compliance with applicable data protection legislation.

Health & Safety
• Comply with and contribute to the development of policies, procedures, guidelines and safe professional practice and adhere to relevant legislation, regulations and standards.
• Have a working knowledge of the Health Information and Quality Authority (HIQA) Standards as they apply to the service for example National Standards for Child Protection and Care and comply with associated Tusla – Child and Family Agency protocols for implementing and maintaining these standards as appropriate to the role.

• To support, promote and actively participate in sustainable energy, water and waste initiatives to create a more sustainable, low carbon and efficient health service.

The above Job Description is not intended to be a comprehensive list of all duties involved and consequently, the post holder may be required to perform other duties as appropriate to the post which may be assigned to him/her from time to time and to contribute to the development of the post while in office.

Applicants must by the closing date of application have the following:
• Have a minimum Level 8 qualification on the National Framework of Qualifications in Ireland (or equivalent in another jurisdiction) in a relevant discipline, and / or have a formal Data Protection certification / qualification

AND

• Have at least 3 years’ management experience – managing resources, projects, organisational change initiatives; and general administration

AND

• Significant experience of one or more of the following:

o Knowledge of the law and practice of the General Data Protection Regulation and the Irish Data Protection Act 2018.
o Knowledge of compliance reporting processes and communications to supervisory authorities and governance bodies, preferably in the area of data protection.
o Experience of the development and communication of policies, procedures and guidelines and the development and implementation of privacy controls.
o Experience of risk-based compliance frameworks, control design and implementation, preferably in the area of data protection.

And

• Experience of managing and working collaboratively cross functionally with multiple internal and external stakeholders, as relevant to this role

And

• Have the requisite knowledge and ability (including a high standard of suitability and management ability) for the proper discharge of the duties of the office

Health

A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.

Character
Each candidate for and any person holding the office must be of good character.