Job summary
The Information Governance Officer will be responsible for
the day to day management and operational delivery of information governance
(IG) across Sinclair-Strong Consultants Ltd.
Working under the direction of the fractional Data
Protection Officer (DPO), but directly reporting into the SIRO, the postholder
will ensure SSC maintains robust, auditable compliance with UK GDPR, the Data
Protection Act 2018, NHS Data Security and Protection Toolkit (DSPT) and
relevant CQC regulatory requirements.
The role acts as the organisations central IG function,
providing advice, assurance, monitoring, incident management support and
potentially the scope to deliver training to teams across the organisation.
This role will play a key part in the establishment and
development of a newly formed Information Governance (IG) Team. The post holder
will be required to work with a high degree of autonomy, taking responsibility
for shaping IG processes, procedures and ways of working from the ground up.
Working closely with the Data Protection Officer (DPO), Senior Information Risk
Owner (SIRO) and other key stakeholders, the IG Officer will actively
contribute to building a cohesive, effective team and embedding robust
information governance practices across the organisation.
Main duties of the job
- Act as a key point of contact for Information Governance across SSC
- Coordinate and manage Data Subject Rights requests, including SARs
- Act as first point of contact for data breaches and IG incidents
- Support and maintain SSCs NHS Data Security & Protection Toolkit (DSPT)submission
- Support completion of Data Protection Impact Assessments (DPIAs)
- Maintain IG policies, procedures, registers and audit trails
- Provide IG assurance input for CQC inspections, commissioner requests and audits
- Promote a strong culture of confidentiality, professionalism and data security
About us
Sinclair-Strong Consultants Ltd is a CQC registered provider of NHS commissioned mental health services, delivering autism, ADHD and specialist services across multiple ICBs. We are seeking an experienced Information Governance Officerto lead the day to day operational delivery of information governance across the organisation.
Why Join Us?
- Work for a values driven, clinically led NHS provider
- Flexible and hybrid working
- Opportunity to shape and embed a new IG function
- Strong organisational focus on quality, governance and patient safety
Job description
Job responsibilities
Information Governance & Data Protection
- Act as a key point of contact for information governance across SSC.
- Support the DPO in ensuring compliance with UK GDPR and the Data Protection Act 2018.
- Provide expert advice to staff and managers on IG, confidentiality and data protection matters.
- Ensure SSC IG policies, procedures and guidance remain up to date, implemented and accessible.
NHS DSPT & Assurance
- Support with the coordination, evidence gathering and maintenance of SSCs NHS Data Security and Protection Toolkit (DSPT) submission.
- Monitor compliance against DSPT standards, identifying gaps and supporting remedial action.
- Work with ICT, Operations and Clinical teams to ensure technical and organisational measures meet NHS requirements
Data Subject Rights & SARs
- Manage and coordinate Data Subject Rights requests, including Subject Access Requests (SARs).
- Ensure statutory timescales are met and responses are lawful, proportionate and appropriately redacted.
- Maintain accurate SAR logs and audit trails in line with ICO expectations.
Data Breaches & Incidents
- Act as the first point of contact for actual or suspected data breaches.
- Coordinate breach assessment, investigation and documentation.
- Support the DPO with decisionmaking on ICO notification and DSPT incident reporting.
- Ensure learning is captured and shared to prevent recurrence.
DPIAs & Project Support
- Support with the production of Data Protection Impact Assessments (DPIAs) for new systems, services and changes.
- Work with project leads, ICT and clinical teams to identify risks and define mitigations.
- Maintain a central DPIA register and assurance records.
Training & Awareness
- Monitor completion of mandatory IG and data protection training, ensuring SSC meets NHS minimum compliance thresholds
- Support delivery of bespoke IG training for specific roles or services.
- Promote a culture of confidentiality, professionalism and information security across the organisation.
Records Management & Retention
- Support compliance with the NHS Records Management Code of Practice.
- Provide guidance on retention, secure storage and lawful disposal of records.
- Work with teams to address data minimisation and quality issues.
Governance, Audit & Regulation
- Provide IG assurance input into CQC inspections, commissioner requests and internal audits.
- Maintain clear evidence trails demonstrating compliance with:
- CQC Regulation 12 Safe care and treatment
- Regulation 15 Premises and equipment
- Regulation 17 Good governance
- Regulation 18 Staffing
- Prepare reports and updates for senior leadership as required.
Job description
Job responsibilities
Information Governance & Data Protection
- Act as a key point of contact for information governance across SSC.
- Support the DPO in ensuring compliance with UK GDPR and the Data Protection Act 2018.
- Provide expert advice to staff and managers on IG, confidentiality and data protection matters.
- Ensure SSC IG policies, procedures and guidance remain up to date, implemented and accessible.
NHS DSPT & Assurance
- Support with the coordination, evidence gathering and maintenance of SSCs NHS Data Security and Protection Toolkit (DSPT) submission.
- Monitor compliance against DSPT standards, identifying gaps and supporting remedial action.
- Work with ICT, Operations and Clinical teams to ensure technical and organisational measures meet NHS requirements
Data Subject Rights & SARs
- Manage and coordinate Data Subject Rights requests, including Subject Access Requests (SARs).
- Ensure statutory timescales are met and responses are lawful, proportionate and appropriately redacted.
- Maintain accurate SAR logs and audit trails in line with ICO expectations.
Data Breaches & Incidents
- Act as the first point of contact for actual or suspected data breaches.
- Coordinate breach assessment, investigation and documentation.
- Support the DPO with decisionmaking on ICO notification and DSPT incident reporting.
- Ensure learning is captured and shared to prevent recurrence.
DPIAs & Project Support
- Support with the production of Data Protection Impact Assessments (DPIAs) for new systems, services and changes.
- Work with project leads, ICT and clinical teams to identify risks and define mitigations.
- Maintain a central DPIA register and assurance records.
Training & Awareness
- Monitor completion of mandatory IG and data protection training, ensuring SSC meets NHS minimum compliance thresholds
- Support delivery of bespoke IG training for specific roles or services.
- Promote a culture of confidentiality, professionalism and information security across the organisation.
Records Management & Retention
- Support compliance with the NHS Records Management Code of Practice.
- Provide guidance on retention, secure storage and lawful disposal of records.
- Work with teams to address data minimisation and quality issues.
Governance, Audit & Regulation
- Provide IG assurance input into CQC inspections, commissioner requests and internal audits.
- Maintain clear evidence trails demonstrating compliance with:
- CQC Regulation 12 Safe care and treatment
- Regulation 15 Premises and equipment
- Regulation 17 Good governance
- Regulation 18 Staffing
- Prepare reports and updates for senior leadership as required.
Person Specification
Experience
Essential
- Demonstrable experience in an Information Governance or Data Protection role, ideally in healthcare.
- Strong working knowledge of UK GDPR and the Data Protection Act 2018.
- Experience of handling SARs, breaches and IG queries.
- Understanding of NHS DSPT requirements.
- Excellent attention to detail and ability to manage complex, sensitive information.
- Strong written and verbal communication skills.
- Ability to work independently, prioritise workload and meet statutory deadlines.
Desirable
- Experience working within an NHS or CQC regulated environment.
- Experience completing or coordinating DSPT submissions.
- Knowledge of DPIAs and information risk management.
- Recognised industry qualification (e.g. GDPR Practitioner, CIPM, CIPP/EU etc).
Person Specification
Experience
Essential
- Demonstrable experience in an Information Governance or Data Protection role, ideally in healthcare.
- Strong working knowledge of UK GDPR and the Data Protection Act 2018.
- Experience of handling SARs, breaches and IG queries.
- Understanding of NHS DSPT requirements.
- Excellent attention to detail and ability to manage complex, sensitive information.
- Strong written and verbal communication skills.
- Ability to work independently, prioritise workload and meet statutory deadlines.
Desirable
- Experience working within an NHS or CQC regulated environment.
- Experience completing or coordinating DSPT submissions.
- Knowledge of DPIAs and information risk management.
- Recognised industry qualification (e.g. GDPR Practitioner, CIPM, CIPP/EU etc).
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
