Information Governance Officer

Job description

Job responsibilities

Our Patients

Put patients at the centre of all services.

Make a positive difference for our patients.

Respond to the needs of the local population.

Respect the value of public money.

Our Team

Respect each other.

Trust one another.

Value each others contribution.

Empower our people.

Our Company

Be a trusted company.

Be a caring company.

Be innovative, agile, and adaptive.

Always deliver.

Our Strategic Objectives

LLR Patient Care Locally (PCL) is a not-for-profit Community Interest Company (CIC) dedicated to enhancing healthcare delivery within Leicester, Leicestershire and Rutland. Operating in close collaboration with the NHS, PCL focuses on identifying and addressing patient care needs that can be managed within primary care and community settings, thereby alleviating pressure on hospital services and ensuring patients receive timely, appropriate care closer to home. By delivering care in local settings, PCL ensures that patients receive the right care at the right time and in the right place.

PCL is rapidly expanding beyond Leicester, Leicestershire and Rutland and are committed to maintaining the highest standards of quality in its service provision. As a CQC registered organisation, we uphold rigorous clinical and operational standards. By focusing on patient-centred care and continuous improvement, PCL strives to meet the evolving healthcare needs of local populations effectively.

Purpose & Overview of the Role

LLR Patient Care Locally (PCL) is a forward-thinking and progressive healthcare organisation dedicated to delivering high-quality, patient-centred care. As we continue to expand our digital capabilities and strengthen our governance, risk, and compliance (GRC) frameworks, we are seeking to recruit an Information Governance Officer to help embed best practice across the organisation and ensure that our information remains secure, compliant, and well managed.

This is an exciting opportunity to join a growing and ambitious Digital Team that provides expertise in Information Governance, Information Management & Technology (IM&T), Security, and Project Management. Working collaboratively across all departments, the Information Governance Officer will play a key role in maintaining and improving our organisational Accountability Framework as well as the overall Information Governance Framework, ensuring that information is handled lawfully, ethically, and safely.

The postholder will support the development, coordination, and implementation of policies, procedures, and training related to data protection, confidentiality, records management, and information sharing. They will work closely with colleagues in the Digital Team, as well as operational, clinical, and enabling services, to embed good IG practices throughout the organisation.

As part of PCLs wider GRC strategy, the role will also involve contributing to audits, risk assessments, and incident management processes, supporting our aim of continuous improvement and assurance. While this is not a technical security role, the successful candidate will collaborate in information security to ensure alignment between information governance and security principles, promoting a culture of digital safety and awareness.

This position is ideal for a proactive, detail-oriented individual with a strong understanding of information governance and data protection principles. The postholder should be passionate about supporting the safe and effective use of information, capable of providing clear and practical advice to a range of stakeholders and committed to driving improvement in how we manage and protect patient and organisational data.

Key Areas of Responsibility

Strategy

• Support the delivery and ongoing improvement of PCLs Digital and GRC strategies, ensuring that information governance principles are embedded across all business areas.
• Act as a Digital and IG champion within the organisation, promoting best practice in data protection, confidentiality, and information handling.
• Encourage and support compliance with all relevant legislation and guidance including UK GDPR, the Data Protection Act 2018, Freedom of Information Act, and NHS Confidentiality Code of Practice.
• Support awareness and understanding of information security by collaborating with technical colleagues to align IG and security practices and to embed data protection by design.
• Develop organisational initiatives aimed at improving data governance maturity, supporting the safe and ethical use of new technologies in line with legal and professional standards.
• Lead on maintaining the Information Governance Framework and Accountability Framework, ensuring these reflect current legislation, NHS England requirements, and best practice.
• Lead, support, and coordinate the organisations Information Risk Management Programme, working in partnership with the SIRO and Information Asset Owners to ensure information risks are systematically identified, assessed, recorded on the risk register, monitored, and effectively mitigated, with clear ownership and action plans in place.
• Develop and deliver staff awareness, communications, and training on Data Protection, Information Governance, records management, and information security, ensuring teams understand their responsibilities and good practice is embedded across the organisation.

Organisational Initiatives & Engagement

• Manage the creation, review, and communication of Standard Operating Procedures (SOPs) for IG and data handling.
• Work with the Digital Team and wider business to embed IG and data protection considerations into new systems, processes, and projects from the outset.
• Develop and deliver training and awareness materials (e.g. IG induction modules, refresher sessions, campaigns, or guidance notes) to promote a positive culture of data protection and accountability.
• Contribute to the organisations communication and engagement plans around IG and digital transformation, ensuring that staff understand their responsibilities and feel confident in handling information appropriately.
• Participate in IG-related initiatives that enhance staff engagement and support PCLs ambition to be a digitally confident, data-secure organisation.

Technical & Compliance Responsibilities

• Development, review and implementation of information governance policies, procedures, and guidance, ensuring they remain accurate, relevant, and accessible.
• Coordinate the completion and annual submission of the Data Security and Protection Toolkit (DSPT), ensuring compliance evidence is collected and verified across all PCL entities.
• Oversight, coordination, and logging of Data Protection Impact Assessments (DPIAs), Information Sharing Agreements, and Data Processing Agreements across the organisation, ensuring that relevant stakeholders complete them with appropriate guidance, support, and due diligence to mitigate risk.
• Lead on data protection incident and breach management, including investigation, documentation, learning, and reporting to regulators or partners as required.
• Manage audits, compliance reviews, and assurance reporting, helping to track actions and improvements.
• Support records owners by maintaining oversight of records management practices, retention schedules, and secure disposal, including carrying out audits to check compliance with the NHS Records Management Code of Practice.
• Contribute to risk management activities, supporting IG risk identification, assessment and reporting within the organisations risk register.
• Collaborate with IT and security colleagues to ensure that technical measures (access control, encryption, data loss prevention) align with IG and data protection requirements.
• Keep abreast of updates to data protection legislation, national NHS guidance, and best practice, sharing learning with colleagues to promote continuous improvement.

Team Support

• Work collaboratively across PCL and our partner organisations, strategic relationships, and new company entities to ensure consistent IG standards and shared learning.
• Provide timely and professional support to colleagues across departments, assisting with queries and helping to find practical solutions to IG challenges.
• Attend internal and external meetings (both in-person and virtual) to represent IG interests, contribute to discussions, and share updates on progress or issues.
• Build and maintain effective working relationships with other teams, including Digital, Operational, Finance, People Practice, Business Intelligence, and Clinical Services, to ensure integrated governance and compliance support.
• Communicate complex information in a clear and accessible way, adapting style for technical and non-technical audiences.
• Liaison with the Data Protection Officer where high-level escalation of issues is required.
• Providing expert support to the Caldicott Guardian (CG) and Senior Information Risk Owner (SIRO) in promoting a strong information governance culture.

Development

• Demonstrate a commitment to personal and professional development, keeping knowledge up to date with evolving IG and data protection standards.
• Participate in relevant training, webinars, and conferences to enhance skills and horizon-scan emerging trends in IG, information security, and digital health.
• Support organisational development by sharing learning and good practice within the Digital and Governance teams.
• Contribute to internal staff engagement and development sessions, championing continuous learning and improvement.
• Deputise for senior colleagues when appropriate, within scope of competence and responsibility (e.g. at Governance Committee).

Person Specification

Personal Skills

Essential

• *Strong analytical skills ability to risk assess and recommend effective solutions.
• *Clear communicator able to translate complex concepts and language into business-friendly terminology.
• *Proactive and forward-thinking mindset keeping up with digital trends and new technology.
• *Organised and detail-orientated able to manage multiple priorities effectively.
• *Team player works collaboratively within the teams across the organisation.
• *Ability to drive change and influence others with passion and integrity in your work.
• *Excellent leadership skills with the ability to inspire and develop others.
• *Strong problem-solving abilities and a solution focused approach.
• *Have great interpersonal and organisational skills.
• *Excellent stakeholder engagement and relationship management skills.
• *Willingness to learn new stills and follow process.
• *Ability to work independently, prioritising own workload and escalating when needed.
• *Being perceptive and able to work on intuition.

Commitment to Values & Behaviours

Essential

• Must be able to demonstrate behaviours consistent with PCLs Values and Behaviours.

Qualifications

Essential

• *Educated to degree level or equivalent relevant experience.
• *Recognised qualification in Information Governance, Data
• Protection, or related discipline (e.g. BCS Foundation Certificate in
• Data Protection, BCS Information Governance Practitioner, CIPM, CIPT, CIPP).

Desirable

• *Qualification or training in information security (e.g. ISO 27001 / Cyber
• Essentials awareness)
• *Membership of a relevant professional body (e.g. BSC, IAPP)

Experience

Essential

• *Demonstrable experience in an information governance, data protection, or compliance-related role.
• *Proven experience of managing IG activities (e.g. SARs, DPIAs, IG audits, RoPA, training, policy development).
• *Experience of supporting organisational compliance with the Data Protection Act, GDPR and related legislation.
• *Experience in IG within NHS, health, or social care organisations.

Desirable

• *Experience of supporting or delivering IG elements of GRC frameworks.
• *Experience of risk register management and audit follow-up.
• *Records Manager experience.
• *Previous involvement/completion of NHS DSPT.

Knowledge

Essential

• *Strong working knowledge of UK GDPR, Data Protection Act 2018, FOIA and NHS Confidentiality Code of Practice.
• *Understanding of IG Framework and ICO Accountability Framework principles.
• *Awareness of NHS England standards and the Data Security and Protection Toolkit (DSPT).
• *Familiarity with NHS Records Management Code of Practice and retention schedules.

Desirable

• *Understanding of emerging technologies such as AI, automation, and telehealth.
• *Understanding of digital health technologies, patient-facing systems, and NHS digital initiatives.

Equality & Diversity

Essential

• Able to demonstrate a commitment and understanding of the importance of treating all individuals with dignity and respect appropriate to their individual needs.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

LLR Patient Care Locally Community Interest Company

Address

Office 2 and 3, Coalville Business Centre

Goliath Way

Coalville

Leicestershire

LE67 3FT

Employer's website

https://llrpcl.co.uk (Opens in a new tab)