Summary
The Head of Information Governance leads the development, implementation, establishment and ownership of the areas of Information Governance (IG) as a corporate resource, so that it strategically and operationally supports the clinical and business objectives of the organisation. The areas of IG include systems, policies and processes for:
DSPT
Data Protection
UK GDPR
Common Law Duty of Confidentiality
Records Management
Freedom of Information
Data Security
Information sharing
To implement relevant legislation, regulations and guidance, ensuring compliance with the organisation's legal obligations by implementing appropriate measures.
To provide professional support and advice to the organisation's Caldicott Guardian and Senior Information Risk Owner (SIRO) and support to the Data Protection Officer.
The postholder will manage a budget.
Background
| Description | Background |
|---|---|
| Has expert knowledge of wide areas of information governance legal and regulatory frameworks, practice and applications. Possesses a wide practical knowledge of IG principles, the ability to interpret complex legislation and frameworks and a comprehensive understanding of the application. Is effective and persuasive in both written and oral communication. Demonstrates senior leadership qualities and is capable of managing a department of people. | Prior Knowledge and Skills |
Work Activity Components
| Title | Details |
|---|---|
| Individual rights requests (PEDP)(IG)(Level 6) | Monitors the organisation's compliance with individual rights requests. |
| Caldicott Guardian/SIRO and DPO advice and support (IRMG)(Level 6) | Provides highly complex and strategic advice and support to the Caldicott Guardian and Senior Information Risk Owners. Provides support to the DPO. |
| IG Cyber Threat Understanding (IG)(Level 6) | Provides an IG perspective on cyber threats. |
| Information asset management (IRMG)(IG)(Level 6) | Maintains an overview of the organisation's information assets and supports information asset owners in managing their assets to support organisational priorities and in line with appropriate regulation, good practice and organisational policies. |
| Regulatory compliance (Level 7) (IG) | Responsible for business strategy compliance with information governance policies. Takes steps to ensure the organisation complies with all relevant data security regulations including UK GDPR and confidentiality. Identifies the impact of any relevant statutory, internal or external regulations on the organisation's use of personal information and develops approaches for compliance. Leads and plans activities to communicate and implement information management and privacy strategies. Oversees privacy notices, ROPAs and supports the DPO with the applicability of DPIAs as appropriate. |
| Information governance culture (IG) (Level 7) | Obtains organisational commitment to information governance at the highest level. Establishes a culture where information governance is the responsibility of every employee. |
| Data security and protection toolkit (Level 6) | Is accountable for ensuring that the Data Security & Protection Toolkit (DSPT) is completed and used effectively within the organisation to protect the security of information assets and ensure personal information is handled correctly. |
| Training needs analysis (ETDL) (Level 5) | Oversees and supports analysis of information governance training needed by the various staff groups in the organisation to develop the training needs analysis. |
| Advice and guidance (IG) (Level 7) | Leads and guides provision of information governance requirements across all the organisation's information and information systems. |
| Stakeholder engagement (Level 5) | Identifies the communications and relationship needs of stakeholder groups. Translates communications/stakeholder engagement strategies into specific activities and deliverables. |
| Budget management (Level 6) | Sets, negotiates, agrees and manages all financial budgets and targets, ensuring there is adequate funding for all targets and plans, especially to meet development and capacity needs. Monitors and communicates the budget versus actual history. |
| Risk assessment (IG)(Level 5) | Maintains oversight of complex data protection and confidentiality risk assessments and develops mitigating strategies for highly complex or strategic scenarios. Oversees application of the principles of risk assessment, risk management processes and decision making as they relate to information governance. |
| Strategy (IG)(Level 7) | Takes overall responsibility for establishing and managing information governance strategy and policies in accordance with external and internal legislation and guidance relevant to the organisation. |
| Implementation and processes (IG)(Level 7) | Ensures that the organisation implements processes to take forward the information governance strategy and policies and complies with DSPT. |
| Business plans (IG)(Level 7) | Has significant input to development of business plans, ensuring that information governance is integrated into business strategy and policies. |
| Influencing partners (IG)(Level 7) | Influences key partner organisations to maintain information governance policies and practices in line with those of own organisation. |
| Guidance, performance and feedback (Level 4) | Provides direction, support and guidance as necessary, in line with individual's skills and abilities setting appropriate and effective boundaries. Sets achievable goals, monitoring and acknowledging performance and supporting individual and team development. Collects data on individual and team performance. Gives regular feedback to team members and leads them to achieve their full potential. |
| Empowerment and role model (PEMT) (Level 4) | Facilitates effective working relationships between team members. Motivates team members to maintain a high level of performance. Engages with, and empowers team members. Acts as a role model for individuals and team members, setting a standard, acting professionally at all times and working to a professional code of conduct and ethics. |
| Threats and breaches (IG) (Level 6) | Ensures the identification and monitoring of data security and data protection trends and proactively assesses impact on business strategies, benefits and risks. Manages assessment of threats to confidentiality, integrity, availability and relevant compliance. Contributes to data security control reviews, business risk assessments and reviews that follow significant breaches of data security controls. |
| Policies, procedures and governance (PEDP) (Level 6) | Consults, collaborates and offers expert advice on developing organisational policies, procedures, best practice, privacy policies, standards and guidelines ensuring recognised data protection definitions and practices are applied throughout the organisation. Has due regard to the risk associated with processing operations, taking into account the nature, context and purpose of processing. |
| Incident Response (Level 6)(IG) | Cooperates with the supervisory authority. Acts as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36. Consults, where appropriate, with regard to any other matter. Advises the organisation on risk mitigations and required actions. |
| Review findings (AUDIT)(Level 7) | Assess collated audit review findings. Identifies and proposes significant control improvement programmes. |
Behavioural Skills
| Title | Details |
|---|---|
| Decision Making | Making decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints, known risks, and the availability of necessary information and resources. |
| Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
| Flexibility | Taking account of new information or changed circumstances and/or business requirements and modifying response to a problem or situation accordingly. |
| Commercial Orientation | Understanding commercial considerations and ensuring alignment with them when making decisions or recommending actions. |
| Strategic Perspective | Keeping organisational objectives and strategies in mind, and ensuring courses of action are aligned with the strategic context. |
| Organisational Awareness | Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers. |
| Influence, Persuasion and Personal Impact | Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority. |
| Leadership | Clearly articulating goals and objectives, and motivating and leading others towards their achievement. |
| Providing Direction | Directing others to undertake specified tasks within a defined timescale. |
| Critical Thinking | The ability to think clearly and rationally; review and evaluation of processes and outputs; the ability to engage in reflective and independent thinking; reasoned thinking involving critique. |
Technical Skills
| Title | Details | Depth |
|---|---|---|
| Information Architecture | Methods, techniques and technologies for ingesting, securing, processing and using data and information within and beyond an organisation. | Familiar with |
| Information Governance Audit | Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit. | Proficient in |
| Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Expert in |
Other Skills
| Title | Details | Depth |
|---|---|---|
| Legislation | Relevant national and international legislation. | Proficient in |
| Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Proficient in |
| Appraisal Techniques | Methods and techniques for appraising an individual's performance and potential. | Proficient in |
| Budgets | Principles, methods, techniques and tools for the preparation and monitoring of budgets to manage costs and ensure cost-effectiveness and value for money. | Expert in |
| Business Proposals | Methods and techniques for preparing and presenting business cases, requests for proposal (RFP) invitations to tender (ITT) and statements of requirements/work both verbally and in writing. | Familiar with |
| Risk Management | Methods and techniques for the assessment and management of business risk. | Proficient in |
| Techniques for Effective Meetings | Methods and techniques for running effective meetings and for understanding and influencing the roles played by participants. | Proficient in |
| Report Writing Techniques | Methods and techniques for writing clear, accessible and persuasive reports. | Expert in |
| Coaching Techniques | Methods and techniques for coaching individuals or groups by a balanced combination of support and direction, which could include use of virtual learning environments plus add-ons to augment feedback specific to work items, workflow or career plans. | Proficient in |
| Standards Writing Techniques | Principles, methods and techniques for establishing, documenting, and maintaining standards. | Expert in |
| Financial Analysis | The analysis and reporting of financial costs and forecasts against budgets. | Expert in |
| Stakeholder Engagement | Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. | Expert in |
| Performance Monitoring | Identifying, agreeing and monitoring (usually by face-to-face interviews) objectives and deliverables with individuals. Identifying under-performance issues against agreed quality standards and performance criteria. Identifying gaps in capability and causes, disciplinary or ability-related (needing assistance, training or other support). | Proficient in |
| Disciplinary Issues and Procedures | Managing episodes of unsatisfactory behaviour or performance in accordance with appropriate policies and legislative conformance. Includes changes to circumstances, such as sickness, disability and other personal issues. | Familiar with |
Training
| Title | Details |
|---|---|
| Latest Cyber Security Threats for Senior Execs | Short, high-level, up-to-date and to-the-point briefing on the latest threats and vulnerabilities in cyber security. |
| Privacy Management | Techniques to investigate, analyse, plan and document structures, people, processes, information and technology for managing privacy within the organisation. |
Professional Development Activity (PDA)
| Title | Details | PDA Group |
|---|---|---|
| Mentoring | Acting as a mentor, advising those for whom there is no direct responsibility, on matters to do with their job role, career and professional development. | Broadening Activities |
| Gaining Strategic Knowledge of Employing Organisation | Developing a comprehensive understanding of the business environment in which the employing organisation operates and its position, policies and direction in relation to health and care, country and global issues. | Increasing Knowledge |
| Participation in Professional Body Affairs | Taking an active part in professional body affairs at branch, specialist group, committee or board level. | Participation in Professional Activities |
| General Management | Continuing learning and development in general management skills, such as effective communication, leadership styles and skills, team building and team roles, motivation and delegation, planning and resource scheduling, influencing, persuasion and negotiation, so as to be in a position to accept greater responsibility at senior management or director (including non-exec) level. | Developing Professional Skills |
Qualification Components
| Title | Awarding Bodies |
|---|---|
| GDPR Practitioner Certificate | Act Now Training |
| Practitioner Certificate in Data Protection (PC.dp.) | PDP Training |
| Certified Data Protection Officer Training (CDPO) | The Training Centre |
| BCS Practitioner Certificate in Data Protection | BCS The Chartered Institute for IT |
Supporting Information
Legislation: Relevant national and international legislation. Including, but not limited to, the Data Protection Act, UK GDPR, Freedom of Information Act, National Health Service Act, Human Rights Act, Environmental Information Regulations, Equalities Act, Common Law Duty of Confidentiality and relevant regulations (e.g. COPI). Further information on qualifications can be found here: https://job-profiles.fedip.org/information-governance-qualifications/
The Professional Body Responsible for this job family is IHRIM. This job role profile was created in collaboration with BCS, using Role Model Plus.