Search

Information Governance Specialist & Compliance Officer

companyThe Christie NHS Foundation Trust
locationManchester, UK
PublishedPublished: Published 2 weeks ago
Business Compliance
Detailed job description and main responsibilities

DUTIES AND RESPONSIBILITIES

Support specialist confidentiality and privacy by design advice on the implementation of the IG legal framework, IG national policy requirements, new Statutory Guidance, organisational standards, policies and controls across internal and external facing operational services.

Draft and publish IG advice in response to IG queries received, emerging trends and new national guidelines from across the organisation.

Support strategic advice to the Freedom of Information (FOI) lead and key stakeholders on complex requests, internal reviews and ICO investigations.

Provide line management responsibilities for the Freedom of Information lead ensuring that all aspects of performance, attendance, training and appraisal are addressed in accordance with Trust Policy.

Expected to Deputise for the IG Lead as necessary, on matters within scope of expertise.

Plan and progress work to ensure that IG policies and procedures are embedded in the programmes, divisions across the organisation. Reporting assurances/gaps on outcomes of best practice and standards set out in policy and procedures to Divisional leads and Caldicott panel.

Plan and deliver training to Trust staff at all levels, through a variety of formats designed to meet the specific needs of the organisation with reference to GDPR and FOI.

Provide leadership in managing the statutory information requests function of the IG Team, including FOI, information rights requests.

Provide assurance on Information Governance and Statutory Guidance compliance through a schedule of assurance reviews and activity, including in respect of high-risk processing, internal data protection audits, and audits of data use and sharing, both internal and external to the Trust.

Assist assurance for Digital Services Leads and Information Asset Owners in their compliance against standards, through peer reviews, engagement with audits, advice and guidance of compliance management.

Drive compliance with the Confidentiality elements of the Data Security & Protection Toolkit (DSPT or equivalent) requirements and support work to co-ordinate and assure the Trust annual DSPT or equivalent submission. Work Collaboratively with Divisions to evidence their compliance with principles of the DSPT and the Digital teams on wider components

Lead on maintenance of the Trust Register of Processing Activities (RoPa) including reviews of Data Flows, within Divisions, from Systems and provision of data sets supporting audit/research/analysis. Being the lead for establishing correct legal basis for any processing of data, inclusive of use of consent and national data opt out.

Collaborate with key Stake Holders (internal and external to the Trust) on Supply Chain Risks. Considering current supplier due diligence requirements, on boarding the Information Asset Owners (IAO's) with key programmes of assurance and maintaining accuracy of the Information Asset Register.

Person specification

Qualifications

Essential criteria
  • IG accredited qualification: e.g. but not limited to BSC, ISEB, PDP, IAPP or demonstrable equivalent experience.
  • Masters Degree or equivalent experience
Desirable criteria
  • FOI accredited qualification: Accredited Freedom of Information Specific qualification (eg (but not limited to) BSC, ISEB, PDP, IAPP
  • On-going professional development in areas of data protection, information governance, compliance, audit.
Experience

Essential criteria
  • Working in a regulatory/compliance role in a fast-paced, high-performance environment.
  • Managing detailed compliance processes with provision of evidence against set standards, (such as DSPT).
  • Providing timely, clear, and practical IG/compliance advice and training in a range of formats including meetings, presentations, and written advice.
  • Able to demonstrate experience of leading measurable improvement initiatives that span departments.
  • Experience in effectively communicating complex IG/compliance issues with colleagues who are not specialists in IG.
  • Experience of incident and risk assessment management
Desirable criteria
  • Working in an information governance / privacy / data protection role in a fast-paced, high-performance environment.
  • Excellent understanding and experience of privacy policies, standards and regulation.
  • Experience of producing, updating, appraising or assuring documentation such as privacy notices, data protection impact assessments, data sharing agreements, IG aspects of contracts.
  • Business analysis experience
  • Audit methodology, application and assurance reporting
  • Experience of representing local organisation at regional or national events.
Skills

Essential criteria
  • Excellent written and verbal communication skills with attention to detail to a range of stake holders.
  • Proven ability to undertake communication campaigns
  • Report writing and pitching complex data at a variety of audiences. Ability to provide appropriate insights and recommendations.
  • Strong IT literacy
  • Excellent problem solving and analysis skills
  • Ability to adapt and respond to changing situations quickly
  • Able to prioritise work under pressure using own initiative, with effective use of time and resources to meet challenging deadlines
  • To independently exercise discretion in field of expertise when delivering advice and guidance.
  • Ability to tackle difficult and sensitive issues, with diplomacy
Desirable criteria
  • Able to develop user training material and train staff in aspects relating to role
  • Business Analyst process mapping
  • Ability to interpret the working practices of others and manage the introduction of new ways of working to improve service delivery creating documentation and policies as required
Knowledge

Essential criteria
  • Up-to date and relevant knowledge of Information Governance gained through work-shops, seminars and training events
  • The role requires knowledge to master degree level of the following laws and legal frameworks: Data protection law: Understanding key principles and concepts of data protection law set out in the UK GDPR, DPA 2018, Human Rights Act 1998. Common law duty of confidentiality:
  • Understanding the common law duty of confidentiality, how it applies to Trust's use of patient data, including the gateways for sharing confidential data with third parties.
Desirable criteria
  • Knowledge of the Information Commissioner's guidance and codes of practice.
  • Principles of Project Management
Values

Essential criteria
  • Able to maintain the highest exemplar of confidentiality at all times.
Desirable criteria
  • Evidence of good attendance and timekeeping
  • Build positive working relationships, respecting and valuing the contributions made by others and acting in a considerate, helpful and inclusive manner at all times
Other

Essential criteria
  • Hybrid office/home based role with the need for travel to Christie managed sites as necessary
  • Travel to external events and meetings relevant to the role.
Desirable criteria
  • Ability to work flexibly, by exception, to assist with time limited issues.
The closing date for this post may be extended if there are insufficient applicants or brought forward if there is a high volume of applicants.

We want to ensure that everyone who works at the Christie or uses our services is welcomed, valued and treated with dignity and respect. The Christie values diversity and is committed to ensuring equal opportunities for all and fair representation across the organisation at all levels. In support of these commitments, we particularly welcome applications from Black, Asian and other ethnic minority people and people with disabilities for this post. Appointment will be only on merit.

We are committed to creating a balanced and diverse workforce. As such we welcome and encourage applications from people of all backgrounds. Together we will foster inclusion and tackle inequity and health inequalities in cancer care.

As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy

All positions within the Christie are subject to the receipt of satisfactory written references, medical clearance and evidence of your Right to Work in the UK. Some roles will require a Disclosure & Barring Service (DBS) check. Please note if you are successfully appointed to a post with this Trust, you will be required to pay for your own DBS Disclosure.

By applying for this post you are agreeing to The Christie NHS Foundation Trust transferring the information contained in this application to its preferred applicant management system. If you are offered a job information will also be transferred into the national NHS Electronic Staff Records system. Please note, all communication regarding your application will be made via email, please ensure you check your junk/spam folders as emails are sometimes filtered there.

If you have not heard from us within four weeks of the closing date, I regret that on this occasion your application will have been unsuccessful.

The Inter-Authority Transfer (IAT) process is a critical and beneficial component of ESR and will form part of the recruitment process. In the event that you are successful following interview your previous NHS employment data, if applicable will be transferred from your current / most recent employer.

Overseas candidates wishing to apply for this position and who would require immigration sponsorship, may wish to self-assess the likelihood of obtaining a Certificate of Sponsorship for the post on the UKVI website.

You should be aware the Trust operates a No Smoking Policy and therefore employees are not permitted to smoke at work.

Employer certification / accreditation badges

Applicant requirements

The postholder will have access to vulnerable people in the course of their normal duties and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.

Documents to download

  • Job Description and Person Specification (PDF, 221.8KB)
  • The Christie Values and Behaviours (PDF, 919.5KB)
  • Strategy Brochure (PDF, 1.0MB)
  • Trust Membership - Christie Talent (PDF, 23.0KB)
  • Travel to The Christie (PDF, 3.8MB)