Job responsibilities
Information Risk Management
Lead on the identification, assessment, and management of information risks across the Trust.
Lead on, oversee, maintain and regularly update the IG risk register, ensuring all risks are logged, assessed, mitigated, and escalated appropriately.
Develop and implement information risk management policies and procedures aligned with NHS and regulatory standards (e.g. UK GDPR, DSP Toolkit).
Develop risk mitigation strategies, collaborating with risk owners and ensuring that controls are established and robust.
Provide regular reports to the SIRO, the Information Governance Steering Group (IGSG), and relevant committees, including at Board level, on information risk exposure and mitigation activities.
Support the SIRO in providing assurances to the CEO.
Risk Assessment and Audits
Maintain oversight of complex data protection and confidentiality risk assessments and develop mitigating strategies for highly complex or strategic scenarios.
Oversee the application of the principles of risk assessment, risk management processes and decision-making as they relate to information governance.
Carry out expert reviews of Data Protection Impact Assessments (DPIAs) for new systems, processes, and projects.
Advise the DPO on the risks identified via DPIAs, and recommend DPIAs for further review by the DPO.
Lead and coordinate internal audits related to information risk and compliance with relevant standards, such as ISO 27001, DSP Toolkit, etc.
Identify and provide recommendations for improving information risk controls following internal and external audit findings.
Advisory and Guidance
Act as the point of contact for expert advice and guidance on information risk to all Trust staff, including senior management and clinicians.
Support the development of a risk-aware culture within the organisation through the development and delivery of training, workshops and awareness campaigns.
Provide advice on the information risk implications of system implementations, third-party data sharing, and information security initiatives.
Personal Data Breach Management
Ensure that there are clear procedures in place on how to report, investigate and manage personal data breaches.
Manage personal data breaches and information security incidents, ensuring that all incidents are thoroughly investigated and reported in line with statutory and regulatory requirements.
Identify and ensure lessons learned from incidents are used to enhance risk management practices and reduce the likelihood of reoccurrence.
Information Asset Management
Establish a robust information risk management structure.
Lead the process of information asset management.
Develop and provide training to IAOs and support them in identifying and managing information risks.
Ensure the effective management of information assets across the Trust, in collaboration with IAOs and IAAs.
Instruct and support IAOs and IAAs to understand their responsibilities for information security and risk.
Conduct regular information asset audits and risk reviews, ensuring that information is classified, handled, and protected appropriately.
Governance and Compliance
Support the Information Governance Manager in ensuring that the Trust complies with relevant legal, regulatory, and NHS requirements related to information governance and risk.
Ensure compliance with DSP Toolkit requirements around risk management.
Monitor changes in legislation and regulations that impact information risk, and ensure the Trusts risk management framework is updated accordingly.
Project Support
Provide information risk assessments and expert guidance for Trust projects, including new technology implementations, system upgrades, and third-party data sharing agreements.
Collaborate with project managers and technical teams to ensure that risks are identified, assessed, and mitigated during project planning and execution.
People Management and Performance
Lead, coach and manage the performance of the team in line with good people management practices, ensuring excellence is recognised and underperformance is addressed.
Participate in regular performance appraisal meetings and ensure that each member of the team has a clear set of objectives and development plans.
Ensure the team is compliant with all statutory, mandatory, and other professional training requirements.
Manage team absences, including sickness, in line with Trust policy, ensuring the appropriate return-to-work meetings occur, e-roster is updated, and productivity is maintained at the highest possible level.
Identify and fill any vacancies that arise within the team in line with the Trusts recruitment policy and process.
Identify talent and support the internal talent management process in order to attract and retain a succession plan for your people.
Review the teams skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up-to-date.
Ensure overall wellbeing of the team, continuously supporting in improving morale and encouraging a culture of zero-tolerance for bullying and harassment.
General
The post-holder has a general duty of care for their own health, safety and wellbeing and that of work colleagues, visitors and patients within the hospital, in addition to any specific risk management or clinical governance accountabilities associated with this post.
The post-holder must observe the rules, policies, procedures and standards of King's College Hospital NHS Foundation Trust, together with all relevant statutory and professional obligations.
We want to be an organisation where everyone shares a commitment to delivering the very best care and feels like their contribution is valuable and valued.
At Kings we are a kind, respectful team:
Kind. We show compassion and understanding and bring a positive attitude to our work
Respectful. We promote equality, are inclusive and honest, speaking up when needed
Team. We support each other, communicate openly, and are reassuringly professional
The post-holder should observe and maintain strict confidentiality of personal information relating to patients and staff.
The post-holder must be responsible, with management support, for their own personal development, and actively contribute to the development of colleagues.
This job description is intended as a guide to the general scope of duties and is not intended to be definitive or restrictive. It is expected that some of the duties will change over time and this description will be subject to review in consultation with the post-holder.
All employees must hold an 'nhs.net' email account, which is the Trust's formal route for email communication.
Safeguarding
The Trust takes the issues of Safeguarding Children, Adults and addressing Domestic Abuse very seriously. All employees have a responsibilityto support the organisation in our duties by:
Attending mandatory training on safeguarding children and adults
Familiarising themselves with the Trust's processes for reporting concerns
Reportingany safeguarding child or adult concerns appropriately
Infection Control Statement
The post-holder has an important responsibility for and contribution to infection control and must be familiar with the infection control and hygiene procedures and requirements when in clinical areas.
The post-holder has an important responsibility for and contribution to infection control and must be familiar with the infection control and hygiene requirements of this role.
These requirements are set out in the National Code of Practice on Infection Control and in local policies and procedures which will be made clear during your induction and subsequent refresher training. These standards must be strictly complied with at all times.
