Summary
The Information Governance Manager manages the operational delivery of the organisation's IG work programme. As a professional manager working at corporate level across the organisation with the ability to work autonomously and considerable freedom to act and interpret policy/procedures, the post holder will play a key role in supporting the Head of Information Governance. The postholder will have expert/specialist knowledge in managing all information governance arrangements to ensure managed and coordinated approach across the organisation and with partner organisations in line with statutory and local regulations.
The post holder will provide expert advice and guidance to the organisation's management and staff on information governance matters and will also liaise with other stakeholders and external bodies.
The post holder will be responsible for the development, maintenance and delivery of the information governance work programme including but not limited to:
DSPT
Data Protection
UK GDPR
Common Law Duty of Confidentiality
Records Management
Freedom of Information
Data Security
Information sharing
The postholder will manage a delegated budget.
Work Activity Components
| Title | Details |
|---|---|
| Caldicott Guardian/SIRO and DPO advice and support (IRMG)(Level 5) | Provides complex advice and support to the Caldicott Guardian and Senior Information Risk Owners. Provides support to the Head of Information Governance and the DPO. |
| IG Cyber Threat Understanding (IG)(Level 6) | Provides an IG perspective on cyber threats. |
| Information asset management (IRMG)(IG) | Manages the process of information asset management. Supports and trains information asset owners to create and maintain an inventory of data and information assets, which are subject to relevant legislation. |
| Regulatory compliance (Level 5) | Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements. |
| Information governance culture (IG) (Level 6) | Champions organisational commitment to positive information governance culture. Promotes and supports a culture where information governance is a responsibility of every employee. |
| Data security and protection toolkit (IG)(Level 4) | Uses the Data Security & Protection Toolkit (DSPT) to provide assurance that information assets are secure and handling personal information correctly. |
| Advice and guidance (Level 6) | Develops organisational policies, standards, and guidelines for methods and tools. Sets direction and leads in the introduction and use of techniques, methodologies and tools. |
| Stakeholder engagement (Level 5) | Identifies the communications and relationship needs of stakeholder groups. Translates communications/stakeholder engagement strategies into specific activities and deliverables. |
| Learning delivery (Level 2) | Assists in teaching, instruction and /or training of students/learners in order to develop knowledge, techniques and skills using appropriate methods, tools, online environments, equipment and materials. |
| Budget management (Level 5)(FEDIP) | Postholder manages a delegated budget. Works with capital budgets, operating budgets and cash budgets. Integrates budget data and processes from multiple and diverse areas and participates in establishing procedures for planning, implementing and monitoring budgets. |
| Risk assessment (IG)(Level 5) | Maintains oversight of complex data protection and confidentiality risk assessments and develops mitigating strategies for highly complex or strategic scenarios. Oversees application of the principles of risk assessment, risk management processes and decision making as they relate to information governance. |
| Best practice (INAS)(Level 6) | Assesses legal and best practice issues, and promotes awareness of national and international laws, including those relating to confidentiality, privacy and copyright. |
| Performance measures(IG)(Level 6) | Determines appropriate and practical performance measures to ensure that information governance priorities set by the business can be effectively monitored. |
| Implementation and processes (IG)(Level 6) | Supports the development, implementation and monitoring of organisational policies and processes relating to information governance. |
| Threats and breaches (IG) (Level 6) | Ensures the identification and monitoring of data security and data protection trends and proactively assesses impact on business strategies, benefits and risks. Manages assessment of threats to confidentiality, integrity, availability and relevant compliance. Contributes to data security control reviews, business risk assessments and reviews that follow significant breaches of data security controls. |
| Policies, procedures and governance (PEDP) (Level 6) | Consults, collaborates and offers expert advice on developing organisational policies, procedures, best practice, privacy policies, standards and guidelines ensuring recognised data protection definitions and practices are applied throughout the organisation. Has due regard to the risk associated with processing operations, taking into account the nature, context and purpose of processing. |
| Incident response (PEDP) (Level 6) (IG) | Assesses and manages the risk for any potential personal data breaches and cyber incidents. Sets in motion the agreed procedures to identify breach, including with third parties, works within statutory timeline, mitigates risk, and maintains communications with Data Protection Officer (DPO), or equivalent when not required, to comply with statutory notification to the regulatory authority (Commissioner) if breach confirmed. |
| Review findings (AUDIT)(IG)(Level 6) | Contributes to formal reports to management on the effectiveness and efficiency of control mechanisms and the extent of compliance of systems with standards, regulations and/or legislation. |
Behavioural Skills
| Title | Details |
|---|---|
| Flexibility | Taking account of new information or changed circumstances and/or business requirements and modifying response to a problem or situation accordingly. |
| Providing Direction | Directing others to undertake specified tasks within a defined timescale. |
| Strategic Perspective | Keeping organisational objectives and strategies in mind, and ensuring courses of action are aligned with the strategic context. |
| Organisational Awareness | Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers. |
| Influence, Persuasion and Personal Impact | Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority. |
| Decision Making | Making decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints, known risks, and the availability of necessary information and resources. |
| Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
| Follow-up and Monitoring | Checking progress against targets, taking action to resolve exceptions/ issues and reporting and escalating where necessary. |
Technical Skills
| Title | Details | Depth |
|---|---|---|
| Information Governance Audit | Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit. | Proficient in |
| Information Architecture | Methods, techniques and technologies for ingesting, securing, processing and using data and information within and beyond an organisation. | Aware of |
| Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Proficient in |
Other Skills
| Title | Details | Depth |
|---|---|---|
| Document Management Techniques | Methods and techniques for the organisation, storage and version control of information in both paper and electronic formats. | Proficient in |
| Legislation | Relevant national and international legislation. | Proficient in |
| Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Proficient in |
| Budgets | Principles, methods, techniques and tools for the preparation and monitoring of budgets to manage costs and ensure cost-effectiveness and value for money. | Proficient in |
| Risk Management | Methods and techniques for the assessment and management of business risk. | Proficient in |
| Techniques for Effective Meetings | Methods and techniques for running effective meetings and for understanding and influencing the roles played by participants. | Proficient in |
| Training Techniques | Methods and techniques for creating and delivering effective and accessible learning and development. | Proficient in |
| Report Writing Techniques | Methods and techniques for writing clear, accessible and persuasive reports. | Proficient in |
| Financial Analysis | The analysis and reporting of financial costs and forecasts against budgets. | Expert in |
| Standards Writing Techniques | Principles, methods and techniques for establishing, documenting, and maintaining standards. | Proficient in |
| Stakeholder Engagement | Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. | Proficient in |
| Coaching Techniques | Methods and techniques for coaching individuals or groups by a balanced combination of support and direction, which could include use of virtual learning environments plus add-ons to augment feedback specific to work items, workflow or career plans. | Familiar with |
Training
| Title | Details |
|---|---|
| Privacy Management | Techniques to investigate, analyse, plan and document structures, people, processes, information and technology for managing privacy within the organisation. |
| Security Awareness | Tools and techniques to help users and employees understand the role they play in helping to combat information security breaches and for IT and security professionals to prevent and mitigate risk. |
Professional Development Activity (PDA)
| Title | Details | PDA Group |
|---|---|---|
| Mentoring | Acting as a mentor, advising those for whom there is no direct responsibility, on matters to do with their job role, career and professional development. | Broadening Activities |
| Gaining Strategic Knowledge of Employing Organisation | Developing a comprehensive understanding of the business environment in which the employing organisation operates and its position, policies and direction in relation to health and care, country and global issues. | Increasing Knowledge |
| Management Development | Undertaking learning and best practice of the skills appropriate to managing all or part of an organisation, including business and financial management, benefits management, people management, management of change and strategic planning. This will require both on and off the job learning and may include participation in an appropriate development programme such as MBA or DMS (Diploma in Management Studies). | Developing Professional Skills |
| Participation in Professional Body Affairs | Taking an active part in professional body affairs at branch, specialist group, committee or board level. | Participation in Professional Activities |
| Job Shadowing and Special Assignments | Undertaking temporary periods or secondments in other roles, particularly those that offer a new perspective on own function or exposure to other environments and cultures. | Broadening Activities |
Qualification Components
| Title | Awarding Bodies |
|---|---|
| GDPR Practitioner Certificate | Act Now Training |
| Practitioner Certificate in Data Protection (PC.dp.) | PDP Training |
| BCS Practitioner Certificate in Data Protection | BCS The Chartered Institute for IT |
The Professional Body Responsible for this job family is IHRIM. This job role profile was created in collaboration with BCS, using Role Model Plus.