Information Governance & Data Protection Caseworker Ref 3721

Job Description

Flexible working: As you’ll be working with highly sensitive information, home working is not possible in this role. However, we recognise the importance of a healthy work-life balance, which is why we offer flexible working options, including flexitime, part-time (a minimum of 30 hours per week) full-time, and compressed hours. Travel to London will also be required on an ad hoc basis, this may range from once a month to once every three months.

About us

GCHQ is an intelligence, cyber and security agency with a mission to keep the UK safe. We use cutting-edge technology, ingenuity, and partnerships to identify, analyse and disrupt threats. Working with our intelligence partners, MI5 and MI6, we protect the UK from terrorism, cyber-attacks, and espionage. At GCHQ, you’ll do varied and fascinating work in a supportive and inclusive environment that places emphasis on teamwork.

The role

As an Information Governance & Data Protection Caseworker, you’ll help ensure GCHQ’s handling of personal data is secure, lawful, and compliant with legislation. Working as part of a small, supportive team, your work involves completing data protection casework, responding to internal and external enquiries, carrying out sensitivity reviews, and developing compliance arrangements. In short, this role helps provide a trusted framework for the management and protection of GCHQ’s most sensitive information, supporting public trust and enabling GCHQ to operate effectively and responsibly.

Day to day, you’ll handle data protection enquires from colleagues throughout the organisation, advising on questions and concerns as they arise. Your work includes managing a caseload of data and information requests, reviewing sensitive material to determine what must be redacted, and keeping colleagues informed throughout the process. Some of the information analysed may relate to historical missions and intelligence matters. In these cases, you’ll help determine what can be released, with support from senior members of the team.

You’ll also investigate and provide responses to data breaches, and support teams across GCHQ to manage their data effectively through training and guidance. You’ll receive training on the legal exemptions used to protect sensitive, mission-critical information, enabling you to support responses to Freedom of Information Act (FOIA) requests from Whitehall when required. To support close collaboration with stakeholders and the delivery of training to colleagues across GCHQ, the role requires occasional travel to London.

About you

To apply, you’ll need to hold a minimum of a Level 3 qualification, such as an A-level or equivalent in Humanities, Social Sciences, STEM subjects or other disciplines where theoretical knowledge, critical thinking, and academic writing have been demonstrated. Applicants with a degree or another higher qualification are also encouraged to apply. Relevant experience working with GDPR and data protection, as well as the Freedom of Information Act (FOIA), or in information management or regulatory compliance, is required. You should be familiar with subject access requests, data breach management, and information disclosure processes. A proven ability to assess, redact, and protect highly sensitive material, as well as to advise others on effective and lawful management of personal data, is also expected.

As you’ll be reviewing, analysing, and making decisions about sensitive information, sound judgement, discretion, and integrity are essential. Attention to detail is key, particularly when assessing risk and making balanced decisions.

The role involves explaining complex data protection and information access requirements to a range of stakeholders, making effective communication skills essential. You’ll need an ability to work to deadlines, manage challenging enquiries and oversee a personal caseload of competing priorities.

Finally, you’ll have a genuine interest in data protection, information rights, or public service, together with curiosity about how an organisation such as ours protects sensitive information while meeting legal responsibilities. Openness to learning and development is important, as training will be provided on internal processes. We’re also interested in people who are eager to develop their understanding of national security within a public sector environment.

Training and development

The role offers structured on-the-job training, particularly during the initial period, with opportunities to shadow experienced colleagues and gradually take responsibility for casework. This includes learning through practical experience, supported by regular guidance, feedback, and mentoring within the team from your assigned buddy.

You’ll also have access to departmental training courses, including data protection, security, and organisational processes. There may be opportunities to attend external courses or workshops, where appropriate, to build specialist expertise and support professional development over time.

Rewards and benefits

You’ll receive a starting salary of £37,892, comprising a basic salary of £35,134 plus a concessionary payment of £2,758, along with other benefits including:

• 25 days’ annual leave, automatically rising to 30 days after 5 years' service, plus an additional 10.5 days of public and privilege holidays
• opportunities to be recognised through our employee performance scheme
• an interest-free season ticket loan
• an excellent pension scheme
• a cycle to work scheme
• facilities such as a gym, restaurant, and on-site coffee bars (at some locations)
• paid parental and adoption leave

Equal opportunities

At GCHQ, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word, those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking, and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including individuals from groups that are under-represented in our workforce, such as women, people from ethnic minority backgrounds, people with disabilities, and those from low socio-economic backgrounds.

Find out more about our culture, working environment and diversity on our website.

We’re Disability Confident

GCHQ is proud to have achieved Leader status within the Department for Work and Pensions’ Disability Confident scheme. This scheme aims to encourage employers to think differently about disability and to take action to improve how they recruit, retain, and develop disabled people. As a Disability Confident employer, we aim to offer an interview to a fair and proportionate number of disabled applicants who best meet the essential minimum criteria for the role, where it is practical for us to do so. This is known as our Offer of Interview (OOI). To secure an interview for this role, the minimum criteria, in order of application process are as follows:

• You’ll be required to reach the minimum pass mark for the Online Situational Judgement Test (SJT), which assesses your ability to problem-solve. If you meet this criterion, you’ll be directed to complete an application form
• You will be required to meet the minimum pass mark for the application sift which will assess your knowledge and experience of GDPR and data protection, as well as knowledge in at least one additional area such as FOIA, Information Management, or Regulatory Compliance.

There is a wide range of additional support available throughout the recruitment process to help you do your best. Please visit our How to Apply page for information about the reasonable adjustments we can offer.

What to expect

Our recruitment process is fair, transparent, and based on merit. Below is a brief overview of each stage, in order:

1. An initial online application form, including pre-screening questions, to ensure you meet our eligibility criteria
2. An online Situational Judgement Test (SJT), rating the appropriateness of your responses to a series of short scenarios. The SJT tests criteria important for all roles in our organisation
3. An application sift, assessing your motivation for the role as well as the competencies “Making Effective Decisions” and “Delivering Outcomes”
4. An in-person interview, which will include a five-minute scenario-based presentation
5. If successful, you’ll receive a conditional offer of employment, subject to vetting

Please note that you must successfully pass each stage of the process to progress to the next. Your application may take around 6 to 9 months to process, including vetting, so we advise that you continue any current employment until you have received your final job offer.

Before you apply

To work at GCHQ, you must be a British citizen, or hold dual British nationality. Read more about our eligibility criteria.

This role requires the highest level of security clearance, known as Developed Vetting (DV). This is a process undertaken by everyone in the UK Intelligence Community. Find out more about the vetting process.

Please note that we have a strict drugs policy. Once you start your application, you must not take any recreational drugs, and you’ll be required to declare any previous drug usage at the relevant stage.

Before applying, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remain separate. Try to avoid using identifying features in your email address, such as your first and/or surname or date of birth. This is good practice and will help you manage your application with us more securely.

This role is based in Cheltenham, so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application, as we do not offer relocation costs.

We offer reasonable reimbursement of travel costs for candidates attending in‑person interviews or assessments during the recruitment and vetting process. Full details will be provided with your interview or assessment invitation.

Reimbursement is discretionary and will only be made in line with the Candidate Expenses Policy, as amended from time to time. Candidates must book their own travel using the most economical option and provide original hardcopy receipts for reimbursement.

Please note that you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK before launching an application. Applying from outside the UK may affect our ability to progress your application. You should not discuss your application with anyone other than with your partner or a close family member.

Right to withdraw statement:

Please be aware that we reserve the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. We advise you to submit your application at your earliest convenience to avoid disappointment.