Directors, Assistant Directors & Advisers - Data Breach, Compliance, Enforcement, Investigations, Policy and Privacy (multiple opportunities)

Download the candidate information pack

Job Reference

2022-OAIC-002

Type of vacancy and duration

Ongoing, Non-ongoing (Temporary), Full-time, Part-time

Classifications

EL2, EL1, APS 6 and APS 5

Salary

  • EL2 positions: $127,597 – $145,619, plus 15.4% employer   superannuation contribution
  • EL1 positions: $109,852 - $117,509 plus 15.4% employer   superannuation contribution
  • APS 6 positions: $87,166 - $95,986 plus 15.4% employer   superannuation contribution
  • APS 5 positions: $79,048 - $83,569 plus 15.4% employer   superannuation contribution

Location

Sydney (interstate candidates will be considered)

Contact officer for information

Stuart Cater – OAIC Recruitment Specialist - (02) 9942 4156

Email applications to

jobs@oaic.gov.au

Closing date for applications

Wednesday, 30 November 2022 at 11:59pm AEDT

The Opportunities

Multiple opportunities are currently available working at Australia’s federal privacy regulator.

We are seeking highly motivated individuals to work across our key areas covering Notifiable Data Breaches, Dispute Resolution, Major Investigations, Privacy Complaints and Regulation and Strategy at the Director (EL2), Assistant Director (EL1), and Adviser (APS 6/APS 5) classifications. We are seeking talented candidates with background, qualifications (where relevant) and skills covering law, policy, compliance, investigations and enforcement. A background and experience interpreting and applying relevant legislation, policies and understanding of regulatory priorities is key.

Further, we expect to use this process to fill a number of forecast vacancies that may arise using a merit pool formed from the outcomes of this process.

About the OAIC

Working with the Office of the Australian Information Commissioner (OAIC) will put you at the forefront of data protection and access to information regulation. As an independent statutory agency, the OAIC’s work is of national significance and plays an important role in shaping Australia’s information handling landscape across the economy - from government, digital platforms and the online environment, to health, finance and telecommunications. We are an agency within the Attorney-General Department’s portfolio with responsibility for:

  • privacy functions under the Privacy Act 1988 and other legislation
  • freedom of information, in particular review of decisions made by agencies and ministers under the Freedom of Information Act 1982.

Opportunities: Notifiable Data Breaches

The Notifiable Data Breaches team plays an integral role in promoting and upholding privacy rights for the Australian community, and in guiding the OAIC’s regulatory direction. This specialised team is responsible for administration of the statutory Notifiable Data Breaches scheme. Team members have an understanding of Australia’s cyber threat landscape. The team is also responsible for identifying a wide range of significant privacy issues or trends suitable for investigation from a range of sources such as tip-offs, referrals and intelligence.

The work undertaken by the Notifiable Data Breaches team includes conducting preliminary inquiries and gathering information, liaising with informants and respondents, identifying and preparing matters for further investigation and/or regulatory action in relation to compliance with the Notifiable Data Breaches scheme and the Australian Privacy Principles, and monitoring and identifying new and emerging trends to facilitate a risk-based approach to the OAIC’s regulatory activity.

Statement of Duties (Notifiable Data Breaches)

  • Managing an active case load
  • Identifying, monitoring, and referring for investigation any significant matters or trends under the Notifiable Data Breaches scheme and Australian Privacy Principles, in accordance with the OAIC’s strategic priorities and posture
  • Preparing correspondence, making administrative decisions, and drafting briefs
  • Engaging with informants, regulated entities, and third parties
  • Preparing a six-monthly Notifiable Data Breaches Report, to provide entities and the public with valuable insights on data breach trends
  • Representing the OAIC at external meetings and engage with relevant stakeholders as required
  • Contributing to team performance objectives
  • Supervising a small team of investigations officers (Assistant Director level).

Selection criteria (Notifiable Data Breaches)

In consideration for these roles, you will be required to articulate in your application how your relevant skills, experience and interests in the roles would benefit the OAIC, along with addressing the following criteria:

  1. Ability to identify significant matters and trends, make recommendations, and shape strategic thinking
  2. Ability to interpret and apply relevant legislation, policies, regulatory priorities, and procedures to a range of data breach, privacy, and cyber security issues
  3. Achieves results, including managing an active case load
  4. Cultivates productive working relationships with internal and external stakeholders
  5. Excellent written and verbal communication skills with the ability to communicate with influence
  6. Assesses risk effectively and exemplifies personal drive and integrity.

Qualifications / experience in law, investigations, compliance, cyber security or intelligence will be considered highly regarded but not mandatory.

Opportunities: Major Investigations

The Notifiable Data Breaches and Major Investigations teams play an integral role in promoting and upholding privacy rights for the Australian community. The Major Investigations team is responsible for undertaking significant and complex investigations into data breaches and privacy issues, including preparing matters for potential civil litigation.

Team members have an understanding of Australia’s cyber threat landscape. The work undertaken by the Major Investigations team includes gathering information & evidence, use of statutory powers, analysis and the ability to interpret information and the applicable law.

Statement of Duties (Major Investigations Roles)

  • Managing an active case load
  • Planning and conducting investigations including conducting inquiries, interviewing witnesses, preparing of statutory notices, analysis of information, liaising with and preparing briefs of evidence for civil litigation
  • Supervising a small team of investigations officers
  • Preparing correspondence, making administrative decisions, and drafting briefs
  • Engaging with informants, regulated entities, and third parties
  • Representing the OAIC at external meetings and engage with relevant stakeholders as required
  • Contributing to team performance objectives.

Selection criteria (Major Investigations Roles)

In consideration for these roles, you will be required to articulate in your application how your relevant skills, experience and interests in the roles would benefit the OAIC, along with addressing the following criteria:

  1. Demonstrated ability to research, investigate and analyse privacy issues
  2. High level oral and written communication skills
  3. Ability to interpret and apply legislation, policies and procedures (as applicable to the OAIC)
  4. Ability to plan, organise and prioritise workloads
  5. Ability to engage, support and work collaboratively with others

Qualifications in law, investigations, compliance, cyber security, intelligence or governance will be considered highly regarded but not mandatory.

Opportunities: Consumer Data Right

The Consumer Data Right (CDR) is a secure online system that enables consumers to get value from data that is collected about them through the provision of specific goods and services by consenting to that data being shared with trusted accredited third parties.  The OAIC co-regulates the CDR scheme together with the Australian Competition and Consumer Commission (ACCC). The OAIC enforces the privacy safeguards (and related rules) and advises Treasury, the ACCC and Data Standards Body on the privacy implications of the CDR legislation, rules, data standards and broader policy development.

  • In areas of CDR policy, team members support the Information Commissioner providing strategic policy and legislative advice to the Minister and the Treasury and prepare public submissions and other reports. The teams provide advice on the privacy impacts of CDR expansion and the CDR regulatory framework, and the development of guidance for participants.
  • In areas of CDR compliance and enforcement, team members undertake monitoring and strategic enforcement in relation to the protection of privacy and confidentiality, as well as investigating individual and small business consumer complaints regarding the handling of their CDR data.

Statement of Duties – Consumer Data Right Roles

CDR Policy:

  • Providing advice on the development and amendment of the CDR regulatory framework
  • Undertaking complex policy analysis and research, preparing submissions and conducting public consultations
  • Developing detailed guidance for participants on the CDR to help them understand their compliance obligations and for consumers so that they understand how to exercise their rights under the scheme
  • Providing strategic guidance to regulated entities about the CDR framework
  • Preparing Executive briefings in preparation for parliamentary proceedings and stakeholder engagements
  • Working collaboratively with government agencies, international counterparts, business and the community to improve privacy outcomes for Australians.

CDR Policy Compliance & Enforcement roles:

  • Managing a program of matters and active cases
  • Supervising a small team
  • Identifying, monitoring, and referring matters or trends of risk, or that may warrant regulatory action in accordance with the OAIC’s strategic priorities and posture
  • Identifying CDR scheme and Australian Privacy Principle compliance issues and referring matters for further regulatory action for example Commissioner initiated investigations
  • Preparing correspondence, making administrative decisions, and drafting briefs
  • Engaging with informants, regulated entities, and third parties
  • Representing the OAIC at external meetings and engage with relevant stakeholders as required including staff at the co-regulator the ACCC
  • Contributing to team performance objectives.

Selection Criteria - Consumer Data Right (policy or compliance and enforcement)

  1. Excellent written and verbal communication skills with the ability to communicate with influence
  2. Demonstrated stakeholder management skills with the ability to cultivate and maintain productive working relationships
  3. Demonstrated project management skills and experience, including the ability to manage shifting priorities
  4. Demonstrated research and legal analysis skills with the ability to provide strategic advice
  5. Demonstrated experience managing staff, such as direct reports (APS6-EL2 roles)

Qualifications in law, will be considered highly regarded but not mandatory.

Opportunities: Privacy Complaints Early Resolution/Investigations

Assistant Director (EL1) opportunities are available across both the Early Resolution (ER), and Privacy Complaints Investigations (PCI) teams.

The PCI and ER teams manage the OAIC’s high volume case load for privacy complaints that cover the full spectrum of the Australian Privacy Principles (APPs) and the work of these teams are critical to the OAIC’s ability to deliver its core regulatory functions.

Members of the ER and PCI teams undertake a range of activities, including conducting preliminary inquiries, assessing complaints, liaising with complainants and respondents, and making decisions as a delegate of the Information Commissioner.

ER team members also use alternative dispute resolution techniques to resolve complaints.

The PCI team manages privacy complaints, including matters that present complex compliance issues, that cannot be resolved through the OAIC’s ER and Conciliation processes including initiating formal investigations.

Statement of Duties – Early Resolution and Privacy Complaints Investigations

  • managing the intake queue for the team, including assessment of incoming privacy complaints
  • supervising a small team of case officers including file reviews and case allocation
  • reviewing outgoing correspondence and decisions
  • maintaining individual case management responsibilities, including for more complex matters
  • engaging with complainants and respondents in relation to individual cases
  • contributing to strategic planning and process improvement within the team.

Selection Criteria – Both Privacy Complaints Early Resolution/Investigation

  • Excellent written and verbal communication skills, including an ability to draft views and administrative decisions exercising the delegated functions of the Privacy Commissioner on complex compliance issues
  • Strong organisational skills and capacity to manage a high volume, high tempo regulatory case load
  • Excellent stakeholder relationship management skills, including a demonstrated ability to exercise tact and discretion in engagement with complainants and respondents
  • Experience managing and mentoring staff, including direct reports
  • Strong research and legal analysis skills and strong ability to interpret and apply legislation
  • For PCI team: Experience in investigations in either a regulatory or law enforcement environment

Legal qualifications or qualifications in investigations are desirable but not essential as are experience/qualifications in mediation.

Location of Roles

The OAIC operates a hybrid work model with a combination of remote working and office attendance.  Whilst the OAIC office is located in the Sydney CBD, we will consider candidate applications from other locations within Australia.

Remuneration & Benefits

  • EL2 positions: $127,597 – $145,619, plus 15.4% employer superannuation contribution
  • EL1 positions: $109,852 - $117,509 plus 15.4% employer superannuation contribution
  • APS 6 positions: $87,166 - $95,986 plus 15.4% employer superannuation contribution
  • APS 5 positions: $79,048 - $83,569 plus 15.4% employer superannuation contribution

Note: An employee will generally commence on the base increment point of their relevant classification salary range, unless otherwise agreed by a delegate in consideration of salary matching (existing APS staff) or in recognition of exceptional skills, experience, qualifications or expertise.

Terms and conditions of employment are set out in OAIC’s Enterprise Agreement 2016 to 2019. Whilst remuneration is detailed in the Commissioner’s 2022 OAIC Remuneration Determination with salary progression based on annual assessments of performance and contribution.

The OAIC is committed to enabling its people to perform at their best and offers the following benefits:

  • Opportunity to work at the cutting edge of privacy and data protection, paving the way for future career opportunities.
  • Access to ongoing professional development, with a capability framework to guide skill enhancement.
  • Genuine flexibility to help achieve a balance between work and home life.
  • Additional paid leave over the Christmas to New Year period as well as access to other leave (e.g. for study or moving).
  • Contribution to your wellbeing through subsidies for eye health, flu vaccinations and a wellbeing allowance.

Eligibility

  • Section 22 of the Public Service Act 1999 requires that APS employees must be Australian citizens at the time of application.
  • There are restrictions on employment of people who have, within the previous 12 months, accepted a redundancy benefit from an APS agency or a non-APS Commonwealth employer.
  • For the duration of your employment with the OAIC you will be required to obtain and maintain an Australian Government security clearance (minimum Baseline).

How to Apply

  1. Please complete the application sheet found at the end of this job pack as part of your submission, including nominating the roles and relevant classifications you wish to be considered for.
  2. You are asked to provide a single page covering letter (one-page-pitch) addressing your interest, motivation and fit for the role. Your pitch should include claims against the relevant criteria for the role(s) you have nominated consideration for, along with outlining the skills and experience you will bring to the OAIC.
  3. Your application form, CV and covering letter (pitch) should be sent as a single document in one email to: jobs@oaic.gov.au.  Please ensure you include your full name in the subject field, along with the reference number 2022-OAIC-002.

IMPORTANT: What if I am applying for more than one role or classification?

  • If you are applying for more than one role, you will not be required to submit multiple application responses, however please ensure you select the correct role(s) and classification(s) on the application form. The Panel are only able to assess you for roles/classifications you nominate.
  • For candidates who are applying for multiple classifications, please ensure you pitch yourself at the highest classification for which you wish to be considered. To assist you in pitching your response and capabilities at the appropriate classification, you are encouraged to review the APS Work Level Standards which are available on the Australian Public Service Commission website – click here.

Further Assessment

If you are shortlisted, you will be contacted to arrange an interview in early December 2022 and will need to be available to attend in person or virtually (online via Microsoft Teams).

If you are not shortlisted, you will be informed by email. Please note that we are not usually able to provide feedback to candidates that are not shortlisted due to the volume of applications.

Questions?

For more information: visit https://www.oaic.gov.au/about-us/join-our-team/.

You may also wish to contact the nominated contact officer listed at the top of this document.

Refer to the next page for commencement of the application form and role/classification nomination.