Go back
FCMS

Information Governance Lead

The closing date is 01 February 2026

Apply for this job

Job summary

Post: Information Governance Lead

Pay: £30426 - £34392 per annum depending on experience and qualifications

Hours: 37 hours per week, Monday-Friday 9am-5pm (with some evening and weekends required for training delivery across sites and services)

Accountable to: The Head of Quality and Risk

Base: Newfield House, Vicarage Lane, Blackpool, FY4 4EW and will include visits across all sites for training and delivery

Closing Date: 1st February 2026

Promote. Empower. Lead.

FCMS, a social enterprise for health and wellbeing services, is seeking a dedicated and forward-thinking Information Governance (IG) Lead to support FCMS in ensuring that information is handled securely, legally and effectively. This is a hands-on role focused on raising awareness, delivering staff training and embedding good IG practices throughout the organisation and reinforcing a positive IG culture across FCMS.

Main duties of the job

We are looking for somebody passionate and proactive to champion a positive and secure culture. The post requires the ability to link together a multitude of different compliance elements within a dynamic and fast paced environment; to deliver exceptional care to our patients, who are the central focus of all that we do.This role is a key part of our Quality & Risk Team and central to maintaining the integrity, safety, and resilience of our clinical and corporate systems. This is a pivotal role that blends leadership with hands on influence, empowering staff and managers to embed strong information governance culture while keeping our digital data landscape safe and resilient.

This is more than just your average IG role - this is about safeguarding the trust that underpins every patient interaction!

About us

The ethos of FCMS as a social enterprise, health and wellbeing services provider is to be passionate in its drive to ensure that patients and callers remain the central focus of all that it does. Coupled with excellent and well-established clinical governance systems and extremely effective operational expertise, it has meant that the company has the ability to strategically visualise, develop, and implement award winning services.

Over many years we have invested in our staff so that we have a core team of highly trained individuals who can manage the needs of our patients and callers. Our staff are able to significantly improve the service delivery and user experience due to their considerable experience and commitment to what they do.

Come and be a part of our amazing team!

We offer NHS Pension

Cycle to Work Scheme

Career Development Opportunities

Attendance Bonus

Staff Benefit Scheme

Free Tea & Coffee

Eye Care Contributions

Details

Date posted

12 January 2026

Pay scheme

Other

Salary

£30,426 to £34,392 a year Depending on experience

Contract

Permanent

Working pattern

Full-time

Reference number

U0051-26-0000

Job locations

Newfield House

Vicarage Lane

Blackpool

Lancashire

FY4 4EW


Job description

Job responsibilities

Day to Day Duties to include, but not exhausted:

As our IG Lead, youll be at the forefront of driving a privacy by design mindset across all teams. You will be responsible for: Awareness, Training & Engagement: designing and delivering engaging and practical staff training. To lead initiatives to raise awareness of IG, Data Protection, Confidentiality and Records Management, plus more. Provide accessible advice and support to staff at all levels. Champion a positive culture of compliance and good practice in a pragmatic way applicable to the environments in which we work. Youll be a coach instilling the best practices in a way that sticks, adapting styles as required for the audience, ensuring IG awareness becomes part of everyday working culture. You will need to be able to connect to audiences in different ways and be confident in presenting at meetings or to groups up to 30. Information Governance and data protection: design and chair IG and information asset owner working groups including agenda creation, minutes and action plans and reports. Implementing and overseeing policies and frameworks that ensure data is handled responsibly, legally and securely in line with NHS, ICO and regulatory standards and to coach and support IG champions. Provide assurance and compliance evidence to support NHS DSPT toolkit completion. Support FCMS work towards future accreditations of ISO:27001 and Cyber Essentials Plus. Monitoring, Audit & Continuous Improvement: Assist with IG audits and compliance checks, identify gaps, recommend improvements and support implementation. To manage the audit calander and implement actions from an IG strategic 12-month focus. To manage the compliance required such as DPIAs, data sharing agreements, information asset registers, day-to-day GDPR queries plus more! Data Subject Rights and Records Management: support processing of SARs, FOI requests and any complaints received in relation to data protection or information governance. Support with investigations as required. Assist with records management processes including retention, secure disposal and data quality audits. Incident Response & Resilience: review data/security breaches or incidents in a timely manner and support teams in any investigations required and produce reports as needed promoting learning outcomes. shape our response protocols and business continuity plans, testing these and supporting services with BCP and incident responses so we are always ready for the unexpected! Data Sharing and Contracts: Support review of DSAs/DPAs, DPIAs and information related contract clauses and liaise with internal and external parties on data handling and compliance. Cyber Security support: You will support the review of systems as part of DPIA reviews to include cyber security, using internal and external resources available to aid this. This is not a specialist or dedicated cyber security role but may include on occasion supporting risk assessments, audits and reviews alongside consultants to identify vulnerabilities and strengthen our defenses whether that is within digital systems, processes or people and environments. Internal ICT oversight: You will be the conduit between external ICT services and FCMS to escalate any issues that arise and seek key assurances and KPIs required for data protection or cyber assurances, using frameworks such as the NHSE DSPT. To support policy-based access controls working with external ICT services and internal departments. To assist FCMS to fully understand our complex ICT infrastructure so as to support our IG and GDPR requirements. Other duties are required: This Job Description will be periodically reviewed in the light of developing work requirements. This is an evolving role and therefore, these duties are not exhaustive. The role may change via discussion between the post-holder, line managers and relevant others. The individual in post will be expected to contribute towards that revision. The post holder will be expected to cover the reception desk and administration tasks of Newfield House during unplanned absences additionally and carry out any other duties as required and delegated by the Head of Quality and Risk. General: To have responsibility for all things under the umbrella of Quality and Risk, maintaining a level of understanding regarding working practices and to always comply with local Safety Policies and Procedures. To observe national and local policies and procedures in respect of: health and safety, Fire and electrical safety, data security and GDPR, counter fraud, Basic Life Support, safeguarding and Infection Control. The post will primarily be based at Newfield House, Blackpool and there is a requirement to travel to other sites and deliver training or help resolve issues within an out of hours setting (evenings and weekends), as required. All mandatory and additional training must be kept up to date as a requirement to this role. Additional training is further required to be undertaken for this post.

Our key expectations are:

Self-awareness Living authentically

Adaptability- Being ready to adjust depending on the situation

Openness What you see is what you get

Positivity with a real sense of being able to strive for the impossible

Generosity of spirit- Everyday should be an opportunity to act with kindness

Ability to have fun Taking the role seriously, whilst being yourself

Our Why: To nurture an environment of inspiration, innovation and disruption so this people in our world receive exceptional healthcare for this generation, and the next.

Values:Our organisational culture is very important to us, so it is vital that the successful candidate lives and breathes complimentary values and behaviours. Our behaviours should be in line with our values which form part of our Company DNA:

Fun: People rarely succeed unless they are having fun. Happiness is healthy!

Awesome: We arent here to be average, were here to be awesome!

Humble: Were here to make a difference to the lives of others, NOT to see how important we can become

Brave: We challenge the norm. We have the courage to get the difficult jobs done

Oompf: We have natural oompf! Its infectious!

Go-getting: We are intuitive to changing needs and respond quickly which we do with energy, ideas, and positivity

Come and be a part of our amazing team!

We offer NHS Pension

Cycle to Work Scheme

Career Development Opportunities

Attendance Bonus

Staff Benefit Scheme

Free Tea & Coffee

Eye Care Contributions

Disability Confident Employer

As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy

DBS - This post is subject to the Rehabilitation of Offenders Act (Exemption Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. This will require three forms of valid ID to be produced and verified. The onboarding process is also subject to an Occupational Health check, suitable professional references and eligibility to work in the UK (with the requirement to provide relevant documentation as evidence). For Driver positions you will also be required to undertake a Driver check.

Job description

Job responsibilities

Day to Day Duties to include, but not exhausted:

As our IG Lead, youll be at the forefront of driving a privacy by design mindset across all teams. You will be responsible for: Awareness, Training & Engagement: designing and delivering engaging and practical staff training. To lead initiatives to raise awareness of IG, Data Protection, Confidentiality and Records Management, plus more. Provide accessible advice and support to staff at all levels. Champion a positive culture of compliance and good practice in a pragmatic way applicable to the environments in which we work. Youll be a coach instilling the best practices in a way that sticks, adapting styles as required for the audience, ensuring IG awareness becomes part of everyday working culture. You will need to be able to connect to audiences in different ways and be confident in presenting at meetings or to groups up to 30. Information Governance and data protection: design and chair IG and information asset owner working groups including agenda creation, minutes and action plans and reports. Implementing and overseeing policies and frameworks that ensure data is handled responsibly, legally and securely in line with NHS, ICO and regulatory standards and to coach and support IG champions. Provide assurance and compliance evidence to support NHS DSPT toolkit completion. Support FCMS work towards future accreditations of ISO:27001 and Cyber Essentials Plus. Monitoring, Audit & Continuous Improvement: Assist with IG audits and compliance checks, identify gaps, recommend improvements and support implementation. To manage the audit calander and implement actions from an IG strategic 12-month focus. To manage the compliance required such as DPIAs, data sharing agreements, information asset registers, day-to-day GDPR queries plus more! Data Subject Rights and Records Management: support processing of SARs, FOI requests and any complaints received in relation to data protection or information governance. Support with investigations as required. Assist with records management processes including retention, secure disposal and data quality audits. Incident Response & Resilience: review data/security breaches or incidents in a timely manner and support teams in any investigations required and produce reports as needed promoting learning outcomes. shape our response protocols and business continuity plans, testing these and supporting services with BCP and incident responses so we are always ready for the unexpected! Data Sharing and Contracts: Support review of DSAs/DPAs, DPIAs and information related contract clauses and liaise with internal and external parties on data handling and compliance. Cyber Security support: You will support the review of systems as part of DPIA reviews to include cyber security, using internal and external resources available to aid this. This is not a specialist or dedicated cyber security role but may include on occasion supporting risk assessments, audits and reviews alongside consultants to identify vulnerabilities and strengthen our defenses whether that is within digital systems, processes or people and environments. Internal ICT oversight: You will be the conduit between external ICT services and FCMS to escalate any issues that arise and seek key assurances and KPIs required for data protection or cyber assurances, using frameworks such as the NHSE DSPT. To support policy-based access controls working with external ICT services and internal departments. To assist FCMS to fully understand our complex ICT infrastructure so as to support our IG and GDPR requirements. Other duties are required: This Job Description will be periodically reviewed in the light of developing work requirements. This is an evolving role and therefore, these duties are not exhaustive. The role may change via discussion between the post-holder, line managers and relevant others. The individual in post will be expected to contribute towards that revision. The post holder will be expected to cover the reception desk and administration tasks of Newfield House during unplanned absences additionally and carry out any other duties as required and delegated by the Head of Quality and Risk. General: To have responsibility for all things under the umbrella of Quality and Risk, maintaining a level of understanding regarding working practices and to always comply with local Safety Policies and Procedures. To observe national and local policies and procedures in respect of: health and safety, Fire and electrical safety, data security and GDPR, counter fraud, Basic Life Support, safeguarding and Infection Control. The post will primarily be based at Newfield House, Blackpool and there is a requirement to travel to other sites and deliver training or help resolve issues within an out of hours setting (evenings and weekends), as required. All mandatory and additional training must be kept up to date as a requirement to this role. Additional training is further required to be undertaken for this post.

Our key expectations are:

Self-awareness Living authentically

Adaptability- Being ready to adjust depending on the situation

Openness What you see is what you get

Positivity with a real sense of being able to strive for the impossible

Generosity of spirit- Everyday should be an opportunity to act with kindness

Ability to have fun Taking the role seriously, whilst being yourself

Our Why: To nurture an environment of inspiration, innovation and disruption so this people in our world receive exceptional healthcare for this generation, and the next.

Values:Our organisational culture is very important to us, so it is vital that the successful candidate lives and breathes complimentary values and behaviours. Our behaviours should be in line with our values which form part of our Company DNA:

Fun: People rarely succeed unless they are having fun. Happiness is healthy!

Awesome: We arent here to be average, were here to be awesome!

Humble: Were here to make a difference to the lives of others, NOT to see how important we can become

Brave: We challenge the norm. We have the courage to get the difficult jobs done

Oompf: We have natural oompf! Its infectious!

Go-getting: We are intuitive to changing needs and respond quickly which we do with energy, ideas, and positivity

Come and be a part of our amazing team!

We offer NHS Pension

Cycle to Work Scheme

Career Development Opportunities

Attendance Bonus

Staff Benefit Scheme

Free Tea & Coffee

Eye Care Contributions

Disability Confident Employer

As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy

DBS - This post is subject to the Rehabilitation of Offenders Act (Exemption Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. This will require three forms of valid ID to be produced and verified. The onboarding process is also subject to an Occupational Health check, suitable professional references and eligibility to work in the UK (with the requirement to provide relevant documentation as evidence). For Driver positions you will also be required to undertake a Driver check.

Person Specification

Qualifications

Essential

  • 5 GCSEs A* - C/4-9 including English Language or equivalent training of management or healthcare related qualification. (Experience or qualifications required)

Desirable

  • Project management
  • IG, GDPR/Data Protection or ISO related qualifications

Personal Qualities

Essential

  • Outgoing & enthusiastic attitude bringing passion to the subject of IG!
  • Positive attitude to change and process improvement.
  • Strong communication skills with ability to explain IG concepts clearly.
  • Confident delivering training to a range of audiences.
  • Ability to build relationships, influence behaviours, and support cultural change.
  • Strong organisational skills and attention to detail.
  • Proactive, hands-on approach.
  • Prepared to be willing to work towards frameworks and Qualifications
  • Prepared to undertake formal workshop training/qualifications
  • Manual handling tasks required for organising filing and archive record systems & disposing of old equipment/items
  • Full UK Drivers license required (subject to insurance requirements)

Experience

Essential

  • Experience of delivering training or delivering meetings to a range of audiences.
  • Good knowledge and experience of understanding of UK GDPR, Data Protection Act 2018, FOI, and records management and implementing this within a workplace
  • Ability to handle sensitive information appropriately.
  • Experience communicating with non-technical audiences with self-awareness and emotional intelligence, adapting styles as required
  • Experience of working with IT systems confidently
  • Demonstrated ability to operate in an environment of fast paced change.
  • Demonstrated ability to meet deadlines, schedules, set goals/objectives
  • Able to demonstrate effective partnership/team working but also experience of working well on your own initiative.
  • Problem solving

Desirable

  • Previous experience in an IG, data protection, or compliance role.
  • Experience conducting DPIAs or handling information rights requests.
  • Collaborative and approachable.
  • Strong problem-solving skills.
  • Experience working with Microsoft 365 products
  • Experience of working within a healthcare environment.
  • Experience of Cyber Essentials or ISO 27001 or have worked towards accreditation
  • Experience in writing policies and guidance
Person Specification

Qualifications

Essential

  • 5 GCSEs A* - C/4-9 including English Language or equivalent training of management or healthcare related qualification. (Experience or qualifications required)

Desirable

  • Project management
  • IG, GDPR/Data Protection or ISO related qualifications

Personal Qualities

Essential

  • Outgoing & enthusiastic attitude bringing passion to the subject of IG!
  • Positive attitude to change and process improvement.
  • Strong communication skills with ability to explain IG concepts clearly.
  • Confident delivering training to a range of audiences.
  • Ability to build relationships, influence behaviours, and support cultural change.
  • Strong organisational skills and attention to detail.
  • Proactive, hands-on approach.
  • Prepared to be willing to work towards frameworks and Qualifications
  • Prepared to undertake formal workshop training/qualifications
  • Manual handling tasks required for organising filing and archive record systems & disposing of old equipment/items
  • Full UK Drivers license required (subject to insurance requirements)

Experience

Essential

  • Experience of delivering training or delivering meetings to a range of audiences.
  • Good knowledge and experience of understanding of UK GDPR, Data Protection Act 2018, FOI, and records management and implementing this within a workplace
  • Ability to handle sensitive information appropriately.
  • Experience communicating with non-technical audiences with self-awareness and emotional intelligence, adapting styles as required
  • Experience of working with IT systems confidently
  • Demonstrated ability to operate in an environment of fast paced change.
  • Demonstrated ability to meet deadlines, schedules, set goals/objectives
  • Able to demonstrate effective partnership/team working but also experience of working well on your own initiative.
  • Problem solving

Desirable

  • Previous experience in an IG, data protection, or compliance role.
  • Experience conducting DPIAs or handling information rights requests.
  • Collaborative and approachable.
  • Strong problem-solving skills.
  • Experience working with Microsoft 365 products
  • Experience of working within a healthcare environment.
  • Experience of Cyber Essentials or ISO 27001 or have worked towards accreditation
  • Experience in writing policies and guidance

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

FCMS

Address

Newfield House

Vicarage Lane

Blackpool

Lancashire

FY4 4EW


Employer's website

http://www.fcms-nw.co.uk/ (Opens in a new tab)

Employer details

Employer name

FCMS

Address

Newfield House

Vicarage Lane

Blackpool

Lancashire

FY4 4EW


Employer's website

http://www.fcms-nw.co.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Sarah Evans

sarah.evans13@nhs.net

Details

Date posted

12 January 2026

Pay scheme

Other

Salary

£30,426 to £34,392 a year Depending on experience

Contract

Permanent

Working pattern

Full-time

Reference number

U0051-26-0000

Job locations

Newfield House

Vicarage Lane

Blackpool

Lancashire

FY4 4EW


Supporting documents

Privacy notice

FCMS's privacy notice (opens in a new tab)