Summary
The Information Governance Officer operationally supports the Head of Information Governance and the Information Governance Manager to maintain and deliver the information governance work programme including but not limited to:
DSPT
Data Protection
UK GDPR
Common Law Duty of Confidentiality
Records Management
Freedom of Information
Data Security
Information sharing
The post holder will support the Information Governance Team to deliver its core work activities including meeting compliance deadlines for Subject Access Requests and Freedom of Information requests.
Background
| Description | Background |
|---|---|
| Is experienced in information governance, risk management, quality assurance or security standards, techniques and activities. Has experience participating in governance activities in a supporting role. Has administrative, customer service and people skills. | Prior Knowledge and Skills |
Work Activity Components
| Title | Details |
|---|---|
| Individual rights requests (PEDP)(IG)(Level 5) | Processes straight forward subject access requests in accordance with GDPR requirements as applicable. Maintains compliance with appropriate timeframes, any allowed charges or refusals. |
| Caldicott Guardian/SIRO and DPO advice and support (IRMG)(Level 4) | Provides straightforward advice and support to the Caldicott Guardian and Senior Information Risk Owners. Provides support to the DPO as required. |
| Data security and protection toolkit (IG)(Level 4) | Uses the Data Security & Protection Toolkit (DSPT) to provide assurance that information assets are secure and handling personal information correctly. |
| Advice and guidance (Level 3)(IG) | Provides straight forward information governance advice and guidance to colleagues and suppliers to ensure they effectively manage information. |
| Policies (IG)(Level 3) | Follows standard approaches for the assessment of information artefacts and data flows against information governance policies and business objectives. |
| Learning delivery (Level 2) | Assists in teaching, instruction and /or training of students/learners in order to develop knowledge, techniques and skills using appropriate methods, tools, online environments, equipment and materials. |
| Risk assessment (IG)(Level 2) | Supports risk assessment following standard procedures. Maintains and monitors risk assessment documentation. |
| Regulatory compliance (Level 5) | Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements. |
| Develops and builds effective relationships (Level 5) | Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans. |
| Review findings (Level 3) | Collates evidence and examines for compliance with standards, statutory controls, or management directives. Identifies, escalates and documents issues of non-compliance. |
| Communications. (ADMN) (Level 2) | Communicates effectively by competent use of email, telephone, written and face-to-face communication according to guidelines and customer care standards. Acts as a touchpoint for internal and external contacts. |
| Threats and breaches (IG) (Level 3) | Responds to data security breaches in line with security and information governance policies. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation's security policy, which may include escalation and reporting the incident to the Information Commissioner's Office, and records the incident and action taken. |
Behavioural Skills
| Title | Details |
|---|---|
| Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
| Information Acquisition | Identifying gaps in the available information required to understand a problem or situation and devising a means of resolving them. |
| Written Expression | Communicating effectively in writing, such as reports and via emails. |
| Attention to Detail | Applying specific quality standards to all tasks undertaken to ensure that deliverables are accurate and complete. |
| Teamwork | Working collaboratively with others to achieve a common goal. |
Technical Skills
| Title | Details | Depth |
|---|---|---|
| Information Governance Audit | Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit. | Familiar with |
| Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Familiar with |
Other Skills
| Title | Details | Depth |
|---|---|---|
| Document Management Techniques | Methods and techniques for the organisation, storage and version control of information in both paper and electronic formats. | Aware of |
| Legislation | Relevant national and international legislation. | Aware of |
| Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Aware of |
| Risk Management | Methods and techniques for the assessment and management of business risk. | Aware of |
| Training Techniques | Methods and techniques for creating and delivering effective and accessible learning and development. | Aware of |
| Stakeholder Engagement | Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. | Aware of |
Training
| Title | Details |
|---|---|
| Report Writing | Methods, techniques and standards for writing concise, accurate and effective reports. |
| Security Awareness | Tools and techniques to help users and employees understand the role they play in helping to combat information security breaches and for IT and security professionals to prevent and mitigate risk. |
| Information Assurance | Information assurance methods, tools and techniques used to protect the integrity, availability, authenticity, non-repudiation and confidentiality of user data and manage the risks related to the use, processing, storage, and transmission of information. |
Professional Development Activity (PDA)
| Title | Details | PDA Group |
|---|---|---|
| Participation in Group Activities | Participating in group activities inside or outside of the working environment that can assist with the development of interpersonal skills. | Broadening Activities |
| Deputising | Standing in for supervisor or manager on a temporary basis during periods of absence. | Broadening Activities |
| Job Shadowing and Special Assignments | Undertaking temporary periods or secondments in other roles, particularly those that offer a new perspective on own function or exposure to other environments and cultures. | Broadening Activities |
| Gaining Knowledge of Employing Organisation | Gaining basic knowledge of the employing organisation, its business, structure, culture, policies, products/services, operations and terminology. | Increasing Knowledge |
| Involvement in Professional Body Activities | Attending meetings, seminars and workshops organised by professional body and reading published material, such as journals and web content. | Participation in Professional Activities |
| Team Working | Undertaking learning and practice in the techniques of team and collaborative working. Gaining an understanding of the underlying concepts. | Developing Professional Skills |
| Communications | Undertaking learning and practice in oral and written communications, including report writing and presentation. | Developing Professional Skills |
Supporting Information
Further information on qualifications can be found here: https://job-profiles.fedip.org/information-governance-qualifications/
The Professional Body Responsible for this job family is IHRIM. This job role profile was created in collaboration with BCS, using Role Model Plus.