Summary
The Senior Information Governance Officer operationally supports the Head of Information Governance and the Information Governance Manager to maintain and deliver the information governance work programme including but not limited to:
DSPT
Data Protection
UK GDPR
Common Law Duty of Confidentiality
Records Management
Freedom of Information
Data Security
Information sharing
The post holder will support the Information Governance Team to deliver its core work activities including coaching less experienced colleagues, meeting compliance deadlines for Subject Access Requests and Freedom of Information requests.
The post holder will undertake duties associated with the role including support with more complex IG queries, the information governance training programme and liaison with staff as necessary.
Background
Description | Background |
---|---|
Is experienced in information governance, risk management, quality assurance or security standards, techniques and activities. Has experience participating in governance activities in a supporting role. Has administrative, customer service and people skills. | Prior Knowledge and Skills |
Work Activity Components
Title | Details |
---|---|
Individual rights requests (PEDP)(IG)(Level 5) | Processes straight forward subject access requests in accordance with GDPR requirements as applicable. Maintains compliance with appropriate timeframes, any allowed charges or refusals. |
Caldicott Guardian/SIRO and DPO advice and support (IRMG)(Level 4) | Provides straightforward advice and support to the Caldicott Guardian and Senior Information Risk Owners. Provides support to the DPO as required. |
Data security and protection toolkit (IG)(Level 4) | Uses the Data Security & Protection Toolkit (DSPT) to provide assurance that information assets are secure and handling personal information correctly. |
Advice and guidance (IG) (Level 4) | Provides information governance advice and guidance, sometimes complex, to colleagues and suppliers to ensure they effectively, legally and safely manage and share records and information. Encourages and coaches less experienced information governance colleagues. |
Policies (IG)(Level 4) | Interprets and applies approaches for the assessment of complex information artefacts and data flows against information governance policies and business objectives. |
Learning delivery (Level 3) | Teaches, instructs, and/or trains students/learners in order to develop knowledge, techniques and skills using appropriate methods, tools, online environments, equipment and materials. The students may be of differing levels of ability and potentially have minimal experience of IT. |
Risk assessment (IG)(Level 4) | Carries out risk assessments as directed, using standard processes for identifying potential information governance risks. |
Implementation and processes (IG)(Level 6) | Supports the development, implementation and monitoring of organisational policies and processes relating to information governance. |
Regulatory compliance (Level 5) | Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements. |
Develops and builds effective relationships (RLMT) (Level 4) | Works with customers and stakeholders, seeking to develop and enhance relationships |
Threats and breaches (IG) (Level 5) | Responds to major data security breaches in line with security and information governance policies and recommends appropriate control improvements. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation's security policy, which may include escalation and reporting the incident to the Information Commissioner's Office, and records the incident and action taken. |
Review findings (AUDIT)(Level 4) | Collates and analyses evidence regarding the interpretation and implementation of control measures, and/or conformance to standards, and prepares and communicates the audit report. |
Behavioural Skills
Title | Details |
---|---|
Organisational Awareness | Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers. |
Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
Influence, Persuasion and Personal Impact | Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority. |
Written Expression | Communicating effectively in writing, such as reports and via emails. |
Attention to Detail | Applying specific quality standards to all tasks undertaken to ensure that deliverables are accurate and complete. |
Information Acquisition | Identifying gaps in the available information required to understand a problem or situation and devising a means of resolving them. |
Teamwork | Working collaboratively with others to achieve a common goal. |
Technical Skills
Title | Details | Depth |
---|---|---|
Information Governance Audit | Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit. | Proficient in |
Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Proficient in |
Other Skills
Title | Details | Depth |
---|---|---|
Document Management Techniques | Methods and techniques for the organisation, storage and version control of information in both paper and electronic formats. | Familiar with |
Legislation | Relevant national and international legislation. | Familiar with |
Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Familiar with |
Risk Management | Methods and techniques for the assessment and management of business risk. | Familiar with |
Report Writing Techniques | Methods and techniques for writing clear, accessible and persuasive reports. | Familiar with |
Training Techniques | Methods and techniques for creating and delivering effective and accessible learning and development. | Familiar with |
Coaching Techniques | Methods and techniques for coaching individuals or groups by a balanced combination of support and direction, which could include use of virtual learning environments plus add-ons to augment feedback specific to work items, workflow or career plans. | Aware of |
Standards Writing Techniques | Principles, methods and techniques for establishing, documenting, and maintaining standards. | Familiar with |
Stakeholder Engagement | Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. | Familiar with |
Training
Title | Details |
---|---|
Security Awareness | Tools and techniques to help users and employees understand the role they play in helping to combat information security breaches and for IT and security professionals to prevent and mitigate risk. |
Information Assurance | Information assurance methods, tools and techniques used to protect the integrity, availability, authenticity, non-repudiation and confidentiality of user data and manage the risks related to the use, processing, storage, and transmission of information. |
Professional Development Activity (PDA)
Title | Details | PDA Group |
---|---|---|
Deputising | Standing in for supervisor or manager on a temporary basis during periods of absence. | Broadening Activities |
Job Shadowing and Special Assignments | Undertaking temporary periods or secondments in other roles, particularly those that offer a new perspective on own function or exposure to other environments and cultures. | Broadening Activities |
Gaining Knowledge of Activities of Employing Organisation | Developing an understanding of the potentially diverse range of activities (service, governance, administrative, regulatory, commercial, charitable, industrial, etc.) undertaken by the employing organisation. | Increasing Knowledge |
Participation in Professional Body Affairs | Taking an active part in professional body affairs at branch, specialist group, committee or board level. | Participation in Professional Activities |
Negotiating and Influencing | Undertaking learning and practice of negotiating with and influencing others. | Developing Professional Skills |
Team Leadership | Undertaking learning and practice of the skills required to lead teams, including motivation, direction, coaching, delegation, appraisal, counselling and developing others. | Developing Professional Skills |
Supporting Information
In addition to the broader learning delivery, learning delivery in this role should teach and coach colleagues to promote and embed good practice in information governance using appropriate methods, tools, and materials.
The Professional Body Responsible for this job family is IHRIM. This job role profile was created in collaboration with BCS, using Role Model Plus.