Go back
Ashford & St. Peter's Hospitals NHS Foundation Trust

Information Governance Manager

The closing date is 30 November 2025

Apply for this job

Job summary

The postholder will

Lead on all aspects of Information Governance

Assume the role of Data Protection Officer and Privacy Officer for the Trust (DPO / PO)

Be responsible for the Freedom of Information function (FOI)

Be Responsible for co-ordinating the submission of the Data Security and Protection Toolkit (DSPT)

Main duties of the job

To have made an effective contribution to achieving the Trust's vision, strategic objectives and key work programmes by:

Leading on developing strategy, policy, and guidance to promote and develop 'best practice' as defined by the Data Security and Protection Toolkit and to comply with all relevant legislation.

Leading on service improvements to the Information Governance service provided to the Trust, including but not limited to, manager training, documentation development and process improvement

Acting as source of expertise on Information Governance issues, legislation and local policies and procedures

Taking responsibility for the management of Freedom of Information requests

Producing and co-ordinating regular reports for the Information Governance Steering Group, appropriateinternal Digital Services meetings s and the Executive/Trust Boards

Acting as the Privacy Officer, receiving and investigating SCR notifications

Acting as the Data Protection Officer, providing support, advice and assurance of compliance across the Trust. At a high level, the key result area is to ensure that the organisation can demonstrate compliance with all the requirements of the DPA 2018, the GDPR and the FOIA 2000 through the annual submissions of the Data Security and Protection Toolkit

About us

Ashford and St. Peters Hospitals NHS Foundation Trust serves a population of more than 410,000 people living in North-West Surrey, parts of Hounslow and beyond.

Over 3,700 highly trained doctors, nurses, midwives, therapists, healthcare scientists and other support staff make up our workforce, providing a wide range of services across our two hospital sites, Ashford, Surrey and St Peter's, Chertsey, Surrey.

We also run many specialist clinics in the community and local community hospitals and other healthcare facilities.

Our vision is to be one of the best healthcare Trusts in the country. There has never been a better time to join us in the NHS at ASPH. We are committed to providing continuous professional development and flexibility to shape our workforce around our patient care.

We are expanding our theatres at Ashford Hospital and moving towards this becoming our dedicated elective centre. We want to create a state-of-the-art centre for excellence for planned surgical procedures.

We can offer you the full range of NHS benefits/discounts and in addition:

  • Excellent pension scheme and annual leave entitlement
  • On-site Nurseries
  • On-site staff cafes
  • On-site parking
  • Support in career development
  • Salary Sacrifice schemes including wage stream, lease cars, Cycle to Work schemes and home electronics

Adverts may close early, so applicants are encouraged to submit an application as soon as possible.

For more information about a career at ASPH please visit:www.asph-careers.org

Details

Date posted

14 November 2025

Pay scheme

Agenda for change

Band

Band 7

Salary

Depending on experience WCP Request

Contract

Permanent

Working pattern

Full-time

Reference number

323-AC8972-SK

Job locations

St Peter's Hospital

Chertsey

KT16 0PZ


Job description

Job responsibilities

Expertise and Advice

To act as a source of expertise on Information Governance issues to all relevant areas of the Trust including but not limited to: Executive Board, Business Centres and the Information Services Team

Advise on Information Governance issues, and in particular Information Security, Data Protection and Freedom of Information, that arise with transformation or systems development to ensure best practice is adhered to

To provide advice and support in the investigation and management of Information Governance incidents including national reporting and incident-management for more serious cases as appropriate

To work with and support the Trust leads for other aspects of Information Governance ensuring the Trust works towards the highest possible attainment level for data security and protection governance standards as evidenced by the Data Security and Protection Toolkit

Work proactively with operational managers and other stakeholders to ensure that the Trusts information governance processes meet the business requirements of the organisation

Responsibility for developing Trust procedures and processes relating to all areas of Information Governance, in particular those covering record keeping, records transfer, information security and information sharing

In collaboration with the Head of Digital Infrastructure and Cyber security colleagues , to examine and advise on all aspects of computer security policies including logon procedures, password setting and ageing and all other relevant matters covered in Best Practice Guides

To maintain an up to date knowledge of new developments in Data Protection legislation and related provisions

Continue to maintain specialist knowledge in the field of Information Governance, keeping up to date with any changes and recommended good practice and to be responsible for keeping abreast of new government initiatives and requirements relating to IG

To provide advice and guidance on rights for data subjects and ensure that the Trusts privacy notice is regularly reviewed and updated

To manage Data Subject Access Requests for information outside the medical record eg. Police, Department of Health & Social Care, Coroners, Surrey County Council, Social Services, Safeguarding, staff members / ex-staff members, patient complaints, ICO complaints, solicitors etc

Leadership and Managerial

To assume the role of the Data Protection Officer (DPO), reporting directly to the Trust Board in matters relating to data protection assurance and compliance. The DPO acts under contract to the Trust and must not receive specific direction from any other staff member. Their responsibilities are:

o To provide support, advice, and assurance of compliance across the Trust

o To maintain expert knowledge of data protection law and practices and how they apply to the business of the Trust

o To be the first point of contact within the Trust for all data protection matters

o To support programmes and initiatives that involve the development of new or innovative information processes on the need for data protection impact assessments (DPIAs), data sharing agreements (DSAs), and data processing agreements (DPAs)

o To support and advise programmes and initiatives in conducting data protection impact assessments, and to assure the proposed mitigations

o To consult with the Information Commissioners Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations

o To ensure that the IG team operates effectively in supporting these functions

o To take account of the risks associated with processing in the performance of his or her tasks

o Provision of specialist advice to the organisation on compliance obligations

o Provision of advice to projects and business change initiatives on when data protection impact assessment is required

o Development of materials to support staff in conducting data protection impact assessment, and system implementations

o To be the first point of contact for the ICO

o To cooperate with the ICO in any matters relating to data protection compliance including provision of evidence of compliance, and in relation to breach management

To be the Privacy Officer (PO) receiving and investigating SCR notifications

To be the Trusts lead for Data Protection, working closely with the Trusts Caldicott Guardian

Lead on the Trusts Caldicott Assurance Plan

To ensure that Information Governance responsibilities and accountabilities are defined, communicated and acted upon

Lead on the Information Security Assurance Plan

Develop and maintain currency of the Trusts Freedom of Information (FOI) publication scheme

Manage the FOI administrator ensuring they are appraised on a regular basis, including weekly 1-2-1 meetings.

To be responsible for all FOI requests received by the Trust, signing off before responses are sent out and advising on use of legal exemptions

Manage appeals and internal reviews against decisions to refuse FOI requests

Reporting

Responsible for managing the Data Security and Protection Toolkit within the Trust, controlling user access, reminding contributors of deadlines, providing relevant training, advising on suitability of evidence and signing off evidence before submission, working with the auditor to ensure compliance with a subset of DSPT requirements. Report risks, issues and incidents to the Information Governance Steering Group

Attend meetings of the Trust Information Governance Steering Group and deliver progress reports on improvement to the Information Governance service

To co-ordinate all statutory and external audits of Information Governance

To act as Privacy Officer for the Trust conducting proactive and reactive audits for user access to Evolve, Cerner EPR, BadgerNet, TVS Surrey Care Record (SyCR), National Care Records Service (NCRS)etc.

To carry out quarterly unannounced spot checks in order to measure the Trusts compliance with national and local Information Governance standards.

In conjunction with IT colleagues to investigate, manage and report cyber incidents

Responsibility for maintaining the Trusts notification registration with the Information Commissioner and inform all relevant locations of the details of registration and what the responsibilities are within it

Liaise directly with the Information Commissioners Office as required

Produce an annual report and action plan on Information Governance in the Trust for the Trusts Audit Committee

Service Improvement and Training

To be responsible for delivery of the Information Governance Improvement/Action Plan and co-ordinate the annual audit to confirm and score compliance

To co-ordinate and ensure delivery of an improvement plan to ensure compliance with data security and protection standards and relevant legislation

Lead the development and roll out of training programmes to managers and staff to support Information Governance, ensuring all members of the organisation are aware of and appreciate the importance of information governance and accept their responsibility for its delivery

Lead on the development of Information Governance documentation, including templates, document formats used, e.g. word documents versus Webforms

Lead on the continuous improvement of Information Governance processes and SOPs, to deliver earlier thought of IG within change initiatives and procurements and faster turnaround of high quality documents from clinical and operational colleagues.

Communications and Engagement

To work closely with colleagues in similar posts in partner organisations across the Local Health economy to ensure the delivery of Information Governance across all organisations

Maintain the Trust Information Governance section of the intranet and internet

To manage the Information Governance mailbox, the Caldicott mailbox and the Police Liaison mailbox

General responsibilities

To support the department and organisation by carrying out any other duties that reasonably fit within the broad scope of a job of this grade and type of work

Job description

Job responsibilities

Expertise and Advice

To act as a source of expertise on Information Governance issues to all relevant areas of the Trust including but not limited to: Executive Board, Business Centres and the Information Services Team

Advise on Information Governance issues, and in particular Information Security, Data Protection and Freedom of Information, that arise with transformation or systems development to ensure best practice is adhered to

To provide advice and support in the investigation and management of Information Governance incidents including national reporting and incident-management for more serious cases as appropriate

To work with and support the Trust leads for other aspects of Information Governance ensuring the Trust works towards the highest possible attainment level for data security and protection governance standards as evidenced by the Data Security and Protection Toolkit

Work proactively with operational managers and other stakeholders to ensure that the Trusts information governance processes meet the business requirements of the organisation

Responsibility for developing Trust procedures and processes relating to all areas of Information Governance, in particular those covering record keeping, records transfer, information security and information sharing

In collaboration with the Head of Digital Infrastructure and Cyber security colleagues , to examine and advise on all aspects of computer security policies including logon procedures, password setting and ageing and all other relevant matters covered in Best Practice Guides

To maintain an up to date knowledge of new developments in Data Protection legislation and related provisions

Continue to maintain specialist knowledge in the field of Information Governance, keeping up to date with any changes and recommended good practice and to be responsible for keeping abreast of new government initiatives and requirements relating to IG

To provide advice and guidance on rights for data subjects and ensure that the Trusts privacy notice is regularly reviewed and updated

To manage Data Subject Access Requests for information outside the medical record eg. Police, Department of Health & Social Care, Coroners, Surrey County Council, Social Services, Safeguarding, staff members / ex-staff members, patient complaints, ICO complaints, solicitors etc

Leadership and Managerial

To assume the role of the Data Protection Officer (DPO), reporting directly to the Trust Board in matters relating to data protection assurance and compliance. The DPO acts under contract to the Trust and must not receive specific direction from any other staff member. Their responsibilities are:

o To provide support, advice, and assurance of compliance across the Trust

o To maintain expert knowledge of data protection law and practices and how they apply to the business of the Trust

o To be the first point of contact within the Trust for all data protection matters

o To support programmes and initiatives that involve the development of new or innovative information processes on the need for data protection impact assessments (DPIAs), data sharing agreements (DSAs), and data processing agreements (DPAs)

o To support and advise programmes and initiatives in conducting data protection impact assessments, and to assure the proposed mitigations

o To consult with the Information Commissioners Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations

o To ensure that the IG team operates effectively in supporting these functions

o To take account of the risks associated with processing in the performance of his or her tasks

o Provision of specialist advice to the organisation on compliance obligations

o Provision of advice to projects and business change initiatives on when data protection impact assessment is required

o Development of materials to support staff in conducting data protection impact assessment, and system implementations

o To be the first point of contact for the ICO

o To cooperate with the ICO in any matters relating to data protection compliance including provision of evidence of compliance, and in relation to breach management

To be the Privacy Officer (PO) receiving and investigating SCR notifications

To be the Trusts lead for Data Protection, working closely with the Trusts Caldicott Guardian

Lead on the Trusts Caldicott Assurance Plan

To ensure that Information Governance responsibilities and accountabilities are defined, communicated and acted upon

Lead on the Information Security Assurance Plan

Develop and maintain currency of the Trusts Freedom of Information (FOI) publication scheme

Manage the FOI administrator ensuring they are appraised on a regular basis, including weekly 1-2-1 meetings.

To be responsible for all FOI requests received by the Trust, signing off before responses are sent out and advising on use of legal exemptions

Manage appeals and internal reviews against decisions to refuse FOI requests

Reporting

Responsible for managing the Data Security and Protection Toolkit within the Trust, controlling user access, reminding contributors of deadlines, providing relevant training, advising on suitability of evidence and signing off evidence before submission, working with the auditor to ensure compliance with a subset of DSPT requirements. Report risks, issues and incidents to the Information Governance Steering Group

Attend meetings of the Trust Information Governance Steering Group and deliver progress reports on improvement to the Information Governance service

To co-ordinate all statutory and external audits of Information Governance

To act as Privacy Officer for the Trust conducting proactive and reactive audits for user access to Evolve, Cerner EPR, BadgerNet, TVS Surrey Care Record (SyCR), National Care Records Service (NCRS)etc.

To carry out quarterly unannounced spot checks in order to measure the Trusts compliance with national and local Information Governance standards.

In conjunction with IT colleagues to investigate, manage and report cyber incidents

Responsibility for maintaining the Trusts notification registration with the Information Commissioner and inform all relevant locations of the details of registration and what the responsibilities are within it

Liaise directly with the Information Commissioners Office as required

Produce an annual report and action plan on Information Governance in the Trust for the Trusts Audit Committee

Service Improvement and Training

To be responsible for delivery of the Information Governance Improvement/Action Plan and co-ordinate the annual audit to confirm and score compliance

To co-ordinate and ensure delivery of an improvement plan to ensure compliance with data security and protection standards and relevant legislation

Lead the development and roll out of training programmes to managers and staff to support Information Governance, ensuring all members of the organisation are aware of and appreciate the importance of information governance and accept their responsibility for its delivery

Lead on the development of Information Governance documentation, including templates, document formats used, e.g. word documents versus Webforms

Lead on the continuous improvement of Information Governance processes and SOPs, to deliver earlier thought of IG within change initiatives and procurements and faster turnaround of high quality documents from clinical and operational colleagues.

Communications and Engagement

To work closely with colleagues in similar posts in partner organisations across the Local Health economy to ensure the delivery of Information Governance across all organisations

Maintain the Trust Information Governance section of the intranet and internet

To manage the Information Governance mailbox, the Caldicott mailbox and the Police Liaison mailbox

General responsibilities

To support the department and organisation by carrying out any other duties that reasonably fit within the broad scope of a job of this grade and type of work

Person Specification

Qualifications

Essential

  • oDegree in related information subject or evidence of professional training of an equivalent standard or equivalent experience in the field

Experience

Essential

  • oGood understanding of the NHS Information Governance agenda and toolkit

Desirable

  • oExperience of working within the NHS

Knowledge

Essential

  • oWorking knowledge of the Data Security and Protection Toolkit, Data Protection Act 2018, General Data Protection Regulation (GDPR) and Freedom of Information Act 2000
Person Specification

Qualifications

Essential

  • oDegree in related information subject or evidence of professional training of an equivalent standard or equivalent experience in the field

Experience

Essential

  • oGood understanding of the NHS Information Governance agenda and toolkit

Desirable

  • oExperience of working within the NHS

Knowledge

Essential

  • oWorking knowledge of the Data Security and Protection Toolkit, Data Protection Act 2018, General Data Protection Regulation (GDPR) and Freedom of Information Act 2000

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Ashford & St. Peter's Hospitals NHS Foundation Trust

Address

St Peter's Hospital

Chertsey

KT16 0PZ


Employer's website

https://www.ashfordstpeters.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Ashford & St. Peter's Hospitals NHS Foundation Trust

Address

St Peter's Hospital

Chertsey

KT16 0PZ


Employer's website

https://www.ashfordstpeters.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Associate Director Digital Services

Dan Race

dan.race@nhs.net

Details

Date posted

14 November 2025

Pay scheme

Agenda for change

Band

Band 7

Salary

Depending on experience WCP Request

Contract

Permanent

Working pattern

Full-time

Reference number

323-AC8972-SK

Job locations

St Peter's Hospital

Chertsey

KT16 0PZ


Supporting documents

Privacy notice

Ashford & St. Peter's Hospitals NHS Foundation Trust's privacy notice (opens in a new tab)