Technical Skills Flashcards
Category 2:
Regulatory Risk Assessments (for example, online safety risk assessments or compliance risk assessments)
DSA Risk Assessment Reports
Strategy/Situation
— Home Office required detailed risk reports to assess the impacts of policy development on data products and services. New immigration policies introducing new data points into its casework systems – e.g., new immigration/settlement routes, new information about processing of asylum seekers. Data products/services at risk of producing inaccurate reporting, omitting to ingest new data that contributed to overall risk picture of the immigration population. Important for H.O to deliver accurate reporting to customers across Government and wider public services.
Task
— I led a team of three business analysts to develop a systematic risk reporting process, assessing the impacts of policy changes on the data products/services and producing recommended technical mitigations.
Action
— Conducting Discovery exercises to map the ‘as-is’ state of the DSA function, including stakeholder engagement complemented with thorough documentation of products, teams, roles/responsibilities associated with these.
— Engaging client stakeholders to build understanding of product teams, aims, objectives
— Producing Programme plans mapping the pipeline of proposed policy changes - enabling horizon-scanning and forecasting of upcoming challenges
— Created Impact Assessment Template reports, documenting likely impacts to products/services and producing recommended mitigations - commissioning data engineering work to ingest new sources of data
Result
— Enabled the DSA function to manage risks to its operations by providing them with a strategic assessment of upcoming policy changes
— Delivered 8x cycles of risk assessment reports and made data ingestion improvements to products/services, improving their accuracy
Relevance
— I will utilise a similar playbook to support Deloitte’s E&RC team: assessing current-state operating model, analysing risks, forecasting changes, producing reporting and recommendations for risk mitigations/controls, systematising a continuous improvement approach to risk management.
Category 2:
Regulatory Risk Assessments (for example, online safety risk assessments or compliance risk assessments)
- Implementing improved Governance of risk scenarios - Identifying accountable Directors, nominating them to hold responsibility for involvement in Incident Management processes; adding them to cascade lists
- This was a process of learning from a live-scenario: identified risks in current approach, implemented controls, drove a culture change in incident management approaches and assured the controls using added test exercises/educational methods
- Structured implementation of improved systems/processes to manage risk
Riots Operational Risk Assessment
Strategy/Situation
— The OS Programme faced an unprecedented challenge when new/emerging risks arose as a result of the 2024 Summer riots. The Programme lacked risk controls for managing these high-priority incidents.
Task
— Following my coordination of OSG’s response to the riots, I was selected to lead an operational response evaluation to identify improvements required to Ofcom’s incident response processes.
Action
— I led an interdisciplinary team to review Ofcom’s approach to the Southport riots. I used virtual collaboration tools to plan the review over a 4-week period, identifying risks across our policy, supervision, and operational response processes requiring improvement in future circumstances.
— I produced a detailed narrative of Ofcom’s response to the riots, interviewing colleagues and referring to written documentation to produce an accurate account of our activities.
— I worked through the narrative to identify several risks in Ofcom’s response, including: inadequate communications flows, lack of checklists/agendas for systematic risk reduction (e.g., assessing safeguarding risks, risks to physical wellbeing, risks of ineffective supervisory engagement, risks of lack of visibility of content, clarifying handovers from Supervision to Enforcement etc.)
— Coordinating my team’s assessments, I drew up a new process using Visio to document an improved incident management process.
— I also created templates for Post-Incident Reporting, which focused on identifying opportunities for improving operational responses.
Result
— My improved process was approved for implementation by the Board and Group Director
— I delivered test exercises to support change management
— I have ensured Ofcom is ‘risk-ready’ to respond to new and emerging issues
Relevance
— I will utilise a similar playbook to support Deloitte’s E&RC team: assessing current-state operating model, analysing risks, forecasting changes, producing reporting and recommendations for risk mitigations/controls, systematising a continuous improvement approach to risk management.
Category 2:
Performing current state assessments, gap analysis and recommendation for improvement for a range of organisations
- Serious operational risks around management of sensitive information
- Conducted risk analysis to identify why the previous operating model was ineffective
- Designed ‘to be’ operating model with enhanced policies, processes and controls
- Persuaded organisational change and secured additional resources
- Drive project through to implementation
- Led change management initiatives to upskill wider Programme
P&IT Operating Model
Strategy/Situation
— The organisation required more robust, scalable and controlled approaches to management of sensitive operational intelligence from select partners. I led a project to assess the current approach and produce recommendations for improving our intelligence operating model.
Task
— I led a team of 8 colleagues to deliver this operating model transformation project between December and March.
Action
— I led our team’s analysis and documentation of the ‘current state’ processes for intelligence management. This identified several risks requiring remediation, namely: absence of a coordinated approach, lack of audit trails, processes not scalable, dependencies on single points of failure, decentralised and insecure management of information. There was an absence of processes that needed to be resolved.
— I led a series of interactive workshops with team members to discern our requirements for intelligence collection, development and dissemination. This revealed several areas needing significant improvement.
— I mapped processes to standardise these three aspects of our intelligence management processes.
— I overlaid the people and technology requirements needed to deliver the processes, including: security clearances, clear tracker documentation, standard forms, insight reporting templates, shared mailbox, secure SharePoint site
— I identified a resourcing requirement to deliver these processes as part of our BAU operations.
— I delivered a briefing to senior Directors across the programme, alongside and accompanying Governance paper seeking approval to my recommendation to resource the intelligence function appropriately.
Result
— My recommendations were approved for implementation. We recruited 1 x Manager and 1x Analyst
— I have now delivered the interim operating model for OS Intelligence, with plans to continue iterating development of the function with new capabilities (e.g., OSINT, analytics)
Relevance
— I can lead teams to deliver methodical business change projects, reviewing as-is capabilities and producing clear transformation requirements. Using business analysis techniques and clear documentation to drive evidence-based organisational change.
Category 2:
Performing current state assessments, gap analysis and recommendation for improvement for a range of organisations
LECP HPIM Risk Controls
Strategy/Situation
— On the LECP project, there was a lack of risk controls for management of high-priority incidents. This meant the organisation’s response to issues was uncoordinated, inefficient and costly. Issues were resolved using a tactical and ineffectual response.
Task
— In my role as a Service Manager for a team of Data Engineers on the Platform Support and SRE teams, I led a project to create a robust set of risk controls during high-priority platform incidents, enabling a more systematic approach to risk mitigation and service disruption.
Action
— I mapped the team’s existing approach to incident management - in absence of clear processes, I noted the team’s performance in response to several repeat incidents. These were applied inconsistently – for example, colleagues would convene a ‘bridging call’ with inconsistent attendee lists. Colleagues did not reliably open incident logs or notify other developers across the wider platform. — — There was limited documentation around incident responses, missing an opportunity to gather information about repeat incidents which revealed underlying strategic problems regarding the composition of the client’s digital infrastructure assets.
— Based on my understanding of the risks, I then drafted a more thorough proposed HPIM process for the platform. I worked with the platform’s Lead Architect and Lead Developers to validate my proposed approach.
— I proposed several controls: (i) having consistent bridging call protocols, ensuring representation from the right teams in a timely manner; (ii) improved Service Now reporting, collating information on the issues we were seeking to resolve; (iii) notification processes for advising developers to not use damaged infrastructure; (iv) clarifying target response and resolution times based upon a P1-P4 categorisation system; (v) implementing post-incident reporting processes, enabling continuous improvement and learning from our approaches
— I pitched my proposed processes to senior contacts across the programme, including the Product Manager, Lead Architects, Programme Director and Security Leads. Through repeat cycles of engagement, I secured their approval to implement these new processes.
Result
— I delivered sustained improvement to our incident response and resolution times
— I implemented effective risk controls which enabled our mitigation of serious platform incidents.
— I identified persistent platform architecture issues as a result of thoroughly documenting repeat incidents, which created an evidence base for architecture improvements - e.g., improving capacity of infrastructure components.
— Fixing Splunk platform architecture through upsizing Splunk HF and UF capacity; fixing Artifactory problems by ensuring timely clearance of utilised disk space and introducing regular checkpoints for clearance of space with tenants.
Relevance
— I can lead teams to deliver methodical business change projects, reviewing as-is capabilities and producing clear transformation requirements. Using business analysis techniques and clear documentation to drive evidence-based organisational change
Category 2:
Soft skills – Adaptability/dynamism
Flexibility to work across different sectors and types of projects, from advisory to assurance
Confidence in navigating complexity and ambiguity
LECP Resource Management - Tickets Exceeding Threshold
Backup example: managing PoC Statement disclosure and engagement with statutory consultee (ICO) alongside several competing delivery demands/priorities.
Situation
— I was tasked with meeting competing priority demands in my role as a Service manager for the LECP project. I had two strategic objectives: (i) deliver an operational monitoring capability to enable the service to meet conditions required for exiting ELS; (ii) manage priority user requests for platform support, including resolving business disruptions to users
Task
— I was faced with a challenge when one of my teams came under exceptional stress and demand. My Support Team was experiencing sustained high volumes of requests from platform users due to malfunctioning infrastructure. I had to support them, while also avoiding disrupting my SRE Engineers
Action
— I considered my strategic objectives and competing demands on both of my teams.
— I assessed the risks to my Platform Support Team - they were becoming overloaded, and unable to meet service level agreements for responding to and resolving tickets.
— I assessed the risks to my SRE Team - they required sufficient capacity to deliver a non-negotiable OpsMon MVP component within tight timelines; they couldn’t afford a disruption.
— I identified an SRE Team activity which could be deprioritised to enable surge resource support for the Platform Support Team. This ‘cost optimisation’ solution was strategically important, but a non-urgent priority. I negotiated with this colleague to work with my Support Engineers to bring the tickets under an acceptable threshold (70 open tickets), and he could continue with his work subject to this priority being addressed.
— In parallel, I produced reporting information on the sustained risk of under-resourcing the Platform Support Team. I produced information on ticket volumes and their increase over time, derived from my regular governance reporting
Result
— I was able to bring the excess tickets under the threshold level, preventing the platform from being overrun by unmanageable levels of risk
— I secured additional Engineer resource and completed a recruitment effort to bring 1x Support colleague onboard
— I met my SRE team’s obligation to deliver and OpsMon MVP solution under significant resource constraints
Relevance
— I am flexible, adaptable, professional under pressure. I am able to manage competing demands and make lucid management decisions, maintaining obligations to a wide range of stakeholders.
Category 2:
Soft skills – Innovative in working style and nature
Partner analytics
Sup KM add on - prompt engineering
Make it really clear: what were the three use cases you captured across PD, Supervision and Enforcement?
- PD - emerging risks/trends relating to priority illegal harms (including offender methodologies)
- Supervision - Analysis of news feeds to understand sentiment relating to online safety issues
- Enforcement - Prevalence of different illegal harms per service
Get the phraseology right: capturing teams’ priority use cases for data/analytics reporting
Partner Data Analytics Project
Strategy/Situation
— Through OS Programme Governance, I identified a strategic risk that ICT/DIT teams were developing products that did not connect with the user-needs of operational OSG teams. As a result, significant cost was being incurred to develop tools which had a very limited value proposition. It was a poor return on investment.
Task
— I led a targeted piece of work to articulate the user needs of OSG teams for data/analytics products.
Action
— I created a project proposal document, outlining my objective and target key results: to articulate the user needs of OSG teams for data/analytics products and insights, and to enable handover of these concepts for further refinement by Product Management colleagues
— I developed a RACI matrix, which enabled me to manage stakeholder interactions with colleagues from DIT/ICT - getting them onboard early, as allies to the project rather than enemies
— I produced knowledge resources documenting the various types of information/data available to the OS Programme.
— I commissioned teams to produce data/analytics use cases based on the data available to them. This highlighted the needs of different teams to gather insights on different themes including: prevalence of illegal harms split out by harm type, emerging risks relating to different harms, and identification of compliance issues
Result
— My data/analytics use cases have been incorporated into the OS product development pipeline, which will be delivered over the upcoming year to deliver improved insights for OSG teams. I will play a continuing role in articulating business user needs/requirements to drive the development of data/analytics solutions tailored to these needs.
— The proposal is to deliver an OS Insights Engine, which produces information tailored to the specific needs of OSG teams
Relevance
— I am inquisitive, open-minded, exploratory, technology-driven – all qualities of an innovative working style. I can devise new solutions for clients by listening attentively and understanding their problems.
