Job summary
Play a key role in Information Governance within a
growing NHS-commissioned mental health provider - with the autonomy to
contribute and the support to succeed.
Are you an experienced Information Governance professional
looking for a role where you can make a meaningful contribution?
As we continue to grow, we are investing in a dedicated IG
professional to strengthen our compliance function. Working closely with our
CITO/SIRO and external DPO, you will take genuine responsibility for delivering
day-to-day IG activity - including DPIAs, NHS compliance requirements, and
direct engagement with NHS bodies, suppliers, and regulators.
This is an opportunity to take responsibility for your own
workstreams, contribute to organisational compliance, and develop your
expertise within a well-structured and evolving governance framework.
Main duties of the job
- Lead and deliver Data Protection Impact Assessments (DPIAs)
- Maintain and update the DPIA register, ensuring timely review and completion
- Provide specialist input into information rights requests, particularly complex or sensitive cases
- Draft and review IG policies, procedures, and documentation in line with current legislation, incl. maintaining the Record of Processing Activities (RoPA) and Information Asset Register (IAR)
- Lead and coordinate the DSP Toolkit submission cycle, maintaining evidence through the year rather than treating it as an annual exercise
- Monitor guidance from NHS Digital, ICO, and regulatory bodies, highlighting changes
- Support data breach and incident management, particularly higher-risk cases
- Provide IG support to research projects and data-related initiatives, including defining lawful bases, supporting DPIA completion, and advising on patient-facing documentation
- Proactively engage with NHS IG teams, ICO, system suppliers, and external partners to gather information, resolve compliance questions, and build the evidential picture needed to support organisational decisions - this is an expectation of the role, not an exception
- Act as a point of contact for staff IG queries and advice and play an active role in developing and refining our information governance approach as the organisation evolves.
For a full breakdown of roles and responsibilities, please refer to the supplementary Job Description document available with this advert.
About us
Mental Health and Wellbeing Services Ltd (MHWS) is a
growing, CQC-regulated provider of NHS-commissioned and private mental health
services, based in Shrewsbury, Shropshire. Led by Dr Wasi Mohamad (Consultant
Psychiatrist) and Sabeen Mohamad (Psychotherapist), our team of skilled and
caring practitioners delivers a holistic approach to mental health and
well-being across a range of specialisms, including neurodevelopmental
assessment and treatment pathways for ADHD and ASD.
We are friendly, committed, and hardworking and we believe
that looking after our staff is inseparable from delivering excellent patient
care. As we continue to grow and develop our services, we are investing in the
people and the governance infrastructure that underpin safe, high-quality care.
What We Offer
We believe that strong governance starts with supported,
empowered staff.
Flexible working - hybrid approach with some
remote working options
Part-time role - 22.5 hours per week (3 days)
Supportive leadership structure - direct access
to CITO (SIRO) and external DPO
Autonomy with support - lead your own
workstreams with expert oversight available
Professional development- opportunity to deepen
expertise across healthcare IG frameworks
Meaningful work- contribute directly to
safeguarding patient data across private and NHS-commissioned mental health
services
Private Healthcare -optional private healthcare on offer
Job description
Job responsibilities
This role sits within MHWS' Information Governance function, working directly alongside the CITO (who also holds the SIRO designation) and our external Data Protection Officer. The post-holder will take genuine ownership of day-to-day IG activity - proactively managing workstreams, driving DPIA completion, and directly engaging with NHS bodies, suppliers, and regulators to keep our compliance position accurate and current.
This is not an isolated role. The CITO/SIRO provides experienced oversight and is readily accessible for guidance and escalation, and the external DPO remains available for specialist input on higher-risk matters. The post-holder will not be expected to navigate complex or novel situations alone - but they will be expected to arrive at those conversations with a developed position, having already taken the initiative to progress the matter as far as possible.
The role is part-time (22.5 hours per week, 3 days) and is offered on a permanent basis, with some flexibility for hybrid working. For a full breakdown of responsibilities, please refer to the supplementary Job Description document.
Job description
Job responsibilities
This role sits within MHWS' Information Governance function, working directly alongside the CITO (who also holds the SIRO designation) and our external Data Protection Officer. The post-holder will take genuine ownership of day-to-day IG activity - proactively managing workstreams, driving DPIA completion, and directly engaging with NHS bodies, suppliers, and regulators to keep our compliance position accurate and current.
This is not an isolated role. The CITO/SIRO provides experienced oversight and is readily accessible for guidance and escalation, and the external DPO remains available for specialist input on higher-risk matters. The post-holder will not be expected to navigate complex or novel situations alone - but they will be expected to arrive at those conversations with a developed position, having already taken the initiative to progress the matter as far as possible.
The role is part-time (22.5 hours per week, 3 days) and is offered on a permanent basis, with some flexibility for hybrid working. For a full breakdown of responsibilities, please refer to the supplementary Job Description document.
Person Specification
Knowledge and Skills
Essential
- Strong working knowledge of: UK GDPR ,Data Protection Act 2018 and
- NHS data security standards
- Ability to work independently and drive IG workstreams
- Excellent written and verbal communication skills
- Strong organisational skills and ability to manage multiple priorities
- Confidence engaging with internal and external stakeholders
- Comfortable working with limited peer support in the immediate IG function, with clear escalation to CITO/SIRO and external DPO when needed
Desirable
- Knowledge of NHS digital systems and data flows
- Understanding of research governance frameworks
- Experience interpreting regulatory guidance and applying it operationally
Qualifications
Essential
- Relevant qualification or demonstrable experience in Information Governance and Data Protection
Desirable
- BCS Certificate in Data Protection, ISEB, or equivalent
- IG-specific or NHS governance training
Experience
Essential
- Experience working in an NHS or healthcare IG role
- Hands-on experience completing or supporting DPIAs
- Experience managing or contributing to data breach and information rights processes
- Experience engaging with NHS bodies, suppliers, or regulators
Desirable
- Experience with DSP Toolkit submissions or evidence collection
- Experience supporting research governance
- Experience with clinical systems (e.g. EMIS Web)
- Familiarity with NHS national programmes (NDOP, MHSDS, etc.)
Person Specification
Knowledge and Skills
Essential
- Strong working knowledge of: UK GDPR ,Data Protection Act 2018 and
- NHS data security standards
- Ability to work independently and drive IG workstreams
- Excellent written and verbal communication skills
- Strong organisational skills and ability to manage multiple priorities
- Confidence engaging with internal and external stakeholders
- Comfortable working with limited peer support in the immediate IG function, with clear escalation to CITO/SIRO and external DPO when needed
Desirable
- Knowledge of NHS digital systems and data flows
- Understanding of research governance frameworks
- Experience interpreting regulatory guidance and applying it operationally
Qualifications
Essential
- Relevant qualification or demonstrable experience in Information Governance and Data Protection
Desirable
- BCS Certificate in Data Protection, ISEB, or equivalent
- IG-specific or NHS governance training
Experience
Essential
- Experience working in an NHS or healthcare IG role
- Hands-on experience completing or supporting DPIAs
- Experience managing or contributing to data breach and information rights processes
- Experience engaging with NHS bodies, suppliers, or regulators
Desirable
- Experience with DSP Toolkit submissions or evidence collection
- Experience supporting research governance
- Experience with clinical systems (e.g. EMIS Web)
- Familiarity with NHS national programmes (NDOP, MHSDS, etc.)
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
