Search

Information Governance Specialist & Compliance Officer

companyThe Christie NHS FT
locationManchester, UK
PublishedPublished: Published 2 weeks ago
Business Compliance
Job summary

As an IG Specialist you will have a proved track record in providing advice and guidance on use and security of processing personal data as part of projects and systems. If you have an eye for details and ability to work well with a range of stake holders, with a desire to make processes smoother for patients whilst ensure their data rights are upheld, reach out and get in touch.

A range of compliance duties are required to maintain standards of data protection and Caldicott principles across the trust, from staff understanding to correct access to audit of personal data held in systems. Investigating incidents and horizon scanning for upcoming standards and case reviews.

Main duties of the job

The role of Information Governance Specialist and Compliance Officer is to provide essential support to the Trust on the range of Data Protection and Confidentiality work required to promote privacy of patients (and other data subjects for whom the Trust is accountable), providing leadership, expertise and assistance. This is a senior IG role and you will have a chance to input and influence the strategic direction of our Trust's Data Protection thinking and policy

This is a varied and challenging administrative support role which spans the entire organisation. Additionally, skills and experience in managing and testing compliance against set standards would be drawn upon to help Digital Services Leads and Information Asset Owners demonstrate assurance and improvement against the standards they are responsible for.

You will be expected to work independently, to review Data Protection Impact Assessments and wider Data Protection compliance standards.

Carry out audits, challenge local processes and produce reports with recommendations and track action plans to control risks.

Support the Data Protection Officer and Caldicott Guardian.

Provide Line Management support for the Freedom of Information staff and provide advice around application of exemptions.

Be experienced in leading Caldicott and Data Protection meetings, with production of papers and facilitating the meetings

About us

Have a look at this short video which outlines what it's like to work at The Christie

https://www.youtube.com/watch?v=xuTC_PsYI8g&ab_channel=TheChristieNHSFo…

If you have an interest in patient and public rights, this could be the job for you. We are looking for someone with enthusiasm, eye for details and excellent admin and time management skills.

You will be joining our small dynamic Governance Team, based in the Digital Services Department at an exciting and challenging time as Data Governance becomes more detailed and technical with the rise in Cyber and Fraud and evolving technologies such as AI. The Role will also play a part in supporting the Senior Information Risk Owner (SIRO), Caldicott Guardian (CG) and Data Protection Officer (DPO) in discharging their responsibilities relating to safeguarding personal data.

We aim to deliver a positive and collaborative working environment, working across the Trust, to review data risks for new and existing projects. The offers hybrid working with a mix of on site and home working arrangements.

Job description

Job responsibilities

DUTIES AND RESPONSIBILITIES

Support specialist confidentiality and privacy by design advice on the implementation of the IG legal framework, IG national policy requirements, new Statutory Guidance, organisational standards, policies and controls across internal and external facing operational services.

Draft and publish IG advice in response to IG queries received, emerging trends and new national guidelines from across the organisation.

Support strategic advice to the Freedom of Information (FOI) lead and key stakeholders on complex requests, internal reviews and ICO investigations.

Provide line management responsibilities for the Freedom of Information lead ensuring that all aspects of performance, attendance, training and appraisal are addressed in accordance with Trust Policy.

Expected to Deputise for the IG Lead as necessary, on matters within scope of expertise.

Plan and progress work to ensure that IG policies and procedures are embedded in the programmes, divisions across the organisation. Reporting assurances/gaps on outcomes of best practice and standards set out in policy and procedures to Divisional leads and Caldicott panel.

Plan and deliver training to Trust staff at all levels, through a variety of formats designed to meet the specific needs of the organisation with reference to GDPR and FOI.

Provide leadership in managing the statutory information requests function of the IG Team, including FOI, information rights requests.

Provide assurance on Information Governance and Statutory Guidance compliance through a schedule of assurance reviews and activity, including in respect of high-risk processing, internal data protection audits, and audits of data use and sharing, both internal and external to the Trust.

Assist assurance for Digital Services Leads and Information Asset Owners in their compliance against standards, through peer reviews, engagement with audits, advice and guidance of compliance management.

Drive compliance with the Confidentiality elements of the Data Security & Protection Toolkit (DSPT or equivalent) requirements and support work to co-ordinate and assure the Trust annual DSPT or equivalent submission. Work Collaboratively with Divisions to evidence their compliance with principles of the DSPT and the Digital teams on wider components

Lead on maintenance of the Trust Register of Processing Activities (RoPa) including reviews of Data Flows, within Divisions, from Systems and provision of data sets supporting audit/research/analysis. Being the lead for establishing correct legal basis for any processing of data, inclusive of use of consent and national data opt out.

Collaborate with key Stake Holders (internal and external to the Trust) on Supply Chain Risks. Considering current supplier due diligence requirements, on boarding the Information Asset Owners (IAOs) with key programmes of assurance and maintaining accuracy of the Information Asset Register.

Job description
Job responsibilities

DUTIES AND RESPONSIBILITIES

Support specialist confidentiality and privacy by design advice on the implementation of the IG legal framework, IG national policy requirements, new Statutory Guidance, organisational standards, policies and controls across internal and external facing operational services.

Draft and publish IG advice in response to IG queries received, emerging trends and new national guidelines from across the organisation.

Support strategic advice to the Freedom of Information (FOI) lead and key stakeholders on complex requests, internal reviews and ICO investigations.

Provide line management responsibilities for the Freedom of Information lead ensuring that all aspects of performance, attendance, training and appraisal are addressed in accordance with Trust Policy.

Expected to Deputise for the IG Lead as necessary, on matters within scope of expertise.

Plan and progress work to ensure that IG policies and procedures are embedded in the programmes, divisions across the organisation. Reporting assurances/gaps on outcomes of best practice and standards set out in policy and procedures to Divisional leads and Caldicott panel.

Plan and deliver training to Trust staff at all levels, through a variety of formats designed to meet the specific needs of the organisation with reference to GDPR and FOI.

Provide leadership in managing the statutory information requests function of the IG Team, including FOI, information rights requests.

Provide assurance on Information Governance and Statutory Guidance compliance through a schedule of assurance reviews and activity, including in respect of high-risk processing, internal data protection audits, and audits of data use and sharing, both internal and external to the Trust.

Assist assurance for Digital Services Leads and Information Asset Owners in their compliance against standards, through peer reviews, engagement with audits, advice and guidance of compliance management.

Drive compliance with the Confidentiality elements of the Data Security & Protection Toolkit (DSPT or equivalent) requirements and support work to co-ordinate and assure the Trust annual DSPT or equivalent submission. Work Collaboratively with Divisions to evidence their compliance with principles of the DSPT and the Digital teams on wider components

Lead on maintenance of the Trust Register of Processing Activities (RoPa) including reviews of Data Flows, within Divisions, from Systems and provision of data sets supporting audit/research/analysis. Being the lead for establishing correct legal basis for any processing of data, inclusive of use of consent and national data opt out.

Collaborate with key Stake Holders (internal and external to the Trust) on Supply Chain Risks. Considering current supplier due diligence requirements, on boarding the Information Asset Owners (IAOs) with key programmes of assurance and maintaining accuracy of the Information Asset Register.

Person Specification

Qualifications

Essential

  • IG accredited qualification: e.g. but not limited to BSC, ISEB, PDP, IAPP or demonstrable equivalent experience.
  • Masters Degree or equivalent experience
Desirable

  • FOI accredited qualification: Accredited Freedom of Information Specific qualification (eg (but not limited to) BSC, ISEB, PDP, IAPP
  • On-going professional development in areas of data protection, information governance, compliance, audit.
Experience

Essential

  • Working in a regulatory/compliance role in a fast-paced, high-performance environment.
  • Managing detailed compliance processes with provision of evidence against set standards, (such as DSPT).
  • Providing timely, clear, and practical IG/compliance advice and training in a range of formats including meetings, presentations, and written advice.
  • Able to demonstrate experience of leading measurable improvement initiatives that span departments.
  • Experience in effectively communicating complex IG/compliance issues with colleagues who are not specialists in IG.
  • Experience of incident and risk assessment management
Desirable

  • Working in an information governance / privacy / data protection role in a fast-paced, high-performance environment.
  • Excellent understanding and experience of privacy policies, standards and regulation.
  • Experience of producing, updating, appraising or assuring documentation such as privacy notices, data protection impact assessments, data sharing agreements, IG aspects of contracts.
  • Business analysis experience
  • Audit methodology, application and assurance reporting
  • Experience of representing local organisation at regional or national events.
Skills

Essential

  • Excellent written and verbal communication skills with attention to detail to a range of stake holders.
  • Proven ability to undertake communication campaigns
  • Report writing and pitching complex data at a variety of audiences. Ability to provide appropriate insights and recommendations.
  • Strong IT literacy
  • Excellent problem solving and analysis skills
  • Ability to adapt and respond to changing situations quickly
  • Able to prioritise work under pressure using own initiative, with effective use of time and resources to meet challenging deadlines
  • To independently exercise discretion in field of expertise when delivering advice and guidance.
  • Ability to tackle difficult and sensitive issues, with diplomacy
Desirable

  • Able to develop user training material and train staff in aspects relating to role
  • Business Analyst process mapping
  • Ability to interpret the working practices of others and manage the introduction of new ways of working to improve service delivery creating documentation and policies as required
Knowledge

Essential

  • Up-to date and relevant knowledge of Information Governance gained through work-shops, seminars and training events
  • The role requires knowledge to master degree level of the following laws and legal frameworks: Data protection law: Understanding key principles and concepts of data protection law set out in the UK GDPR, DPA 2018, Human Rights Act 1998. Common law duty of confidentiality:
  • Understanding the common law duty of confidentiality, how it applies to Trust's use of patient data, including the gateways for sharing confidential data with third parties.
Desirable

  • Knowledge of the Information Commissioner's guidance and codes of practice.
  • Principles of Project Management
Values

Essential

  • Able to maintain the highest exemplar of confidentiality at all times.
Desirable

  • Evidence of good attendance and timekeeping
  • Build positive working relationships, respecting and valuing the contributions made by others and acting in a considerate, helpful and inclusive manner at all times
Other

Essential

  • Hybrid office/home based role with the need for travel to Christie managed sites as necessary
  • Travel to external events and meetings relevant to the role.
Desirable

  • Ability to work flexibly, by exception, to assist with time limited issues.
Person Specification
Qualifications

Essential

  • IG accredited qualification: e.g. but not limited to BSC, ISEB, PDP, IAPP or demonstrable equivalent experience.
  • Masters Degree or equivalent experience
Desirable

  • FOI accredited qualification: Accredited Freedom of Information Specific qualification (eg (but not limited to) BSC, ISEB, PDP, IAPP
  • On-going professional development in areas of data protection, information governance, compliance, audit.
Experience

Essential

  • Working in a regulatory/compliance role in a fast-paced, high-performance environment.
  • Managing detailed compliance processes with provision of evidence against set standards, (such as DSPT).
  • Providing timely, clear, and practical IG/compliance advice and training in a range of formats including meetings, presentations, and written advice.
  • Able to demonstrate experience of leading measurable improvement initiatives that span departments.
  • Experience in effectively communicating complex IG/compliance issues with colleagues who are not specialists in IG.
  • Experience of incident and risk assessment management
Desirable

  • Working in an information governance / privacy / data protection role in a fast-paced, high-performance environment.
  • Excellent understanding and experience of privacy policies, standards and regulation.
  • Experience of producing, updating, appraising or assuring documentation such as privacy notices, data protection impact assessments, data sharing agreements, IG aspects of contracts.
  • Business analysis experience
  • Audit methodology, application and assurance reporting
  • Experience of representing local organisation at regional or national events.
Skills

Essential

  • Excellent written and verbal communication skills with attention to detail to a range of stake holders.
  • Proven ability to undertake communication campaigns
  • Report writing and pitching complex data at a variety of audiences. Ability to provide appropriate insights and recommendations.
  • Strong IT literacy
  • Excellent problem solving and analysis skills
  • Ability to adapt and respond to changing situations quickly
  • Able to prioritise work under pressure using own initiative, with effective use of time and resources to meet challenging deadlines
  • To independently exercise discretion in field of expertise when delivering advice and guidance.
  • Ability to tackle difficult and sensitive issues, with diplomacy
Desirable

  • Able to develop user training material and train staff in aspects relating to role
  • Business Analyst process mapping
  • Ability to interpret the working practices of others and manage the introduction of new ways of working to improve service delivery creating documentation and policies as required
Knowledge

Essential

  • Up-to date and relevant knowledge of Information Governance gained through work-shops, seminars and training events
  • The role requires knowledge to master degree level of the following laws and legal frameworks: Data protection law: Understanding key principles and concepts of data protection law set out in the UK GDPR, DPA 2018, Human Rights Act 1998. Common law duty of confidentiality:
  • Understanding the common law duty of confidentiality, how it applies to Trust's use of patient data, including the gateways for sharing confidential data with third parties.
Desirable

  • Knowledge of the Information Commissioner's guidance and codes of practice.
  • Principles of Project Management
Values

Essential

  • Able to maintain the highest exemplar of confidentiality at all times.
Desirable

  • Evidence of good attendance and timekeeping
  • Build positive working relationships, respecting and valuing the contributions made by others and acting in a considerate, helpful and inclusive manner at all times
Other

Essential

  • Hybrid office/home based role with the need for travel to Christie managed sites as necessary
  • Travel to external events and meetings relevant to the role.
Desirable

  • Ability to work flexibly, by exception, to assist with time limited issues.
Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. .

Additional information
Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. .

Employer details

Employer name

The Christie NHS FT
Address

IT Digital Services Assurance - E00385

Manchester

M20 4BX

Employer's website