Senior Information Governance Officer

Summary

The Senior Information Governance Officer operationally supports the Head of Information Governance and the Information Governance Manager to maintain and deliver the information governance work programme including but not limited to:

DSPT

Data Protection

UK GDPR

Common Law Duty of Confidentiality

Records Management

Freedom of Information

Data Security

Information sharing

The post holder will support the Information Governance Team to deliver its core work activities including coaching less experienced colleagues, meeting compliance deadlines for Subject Access Requests and Freedom of Information requests.

The post holder will undertake duties associated with the role including support with more complex IG queries, the information governance training programme and liaison with staff as necessary.

Background

Description Background
Is experienced in information governance, risk management, quality assurance or security standards, techniques and activities. Has experience participating in governance activities in a supporting role. Has administrative, customer service and people skills. Prior Knowledge and Skills

Work Activity Components

Title Details
Individual rights requests (PEDP)(IG)(Level 5) Processes straight forward subject access requests in accordance with GDPR requirements as applicable. Maintains compliance with appropriate timeframes, any allowed charges or refusals.
Caldicott Guardian/SIRO and DPO advice and support (IRMG)(Level 4) Provides straightforward advice and support to the Caldicott Guardian and Senior Information Risk Owners. Provides support to the DPO as required.
Data security and protection toolkit (IG)(Level 4) Uses the Data Security & Protection Toolkit (DSPT) to provide assurance that information assets are secure and handling personal information correctly.
Advice and guidance (IG) (Level 4) Provides information governance advice and guidance, sometimes complex, to colleagues and suppliers to ensure they effectively, legally and safely manage and share records and information. Encourages and coaches less experienced information governance colleagues.
Policies (IG)(Level 4) Interprets and applies approaches for the assessment of complex information artefacts and data flows against information governance policies and business objectives.
Learning delivery (Level 3) Teaches, instructs, and/or trains students/learners in order to develop knowledge, techniques and skills using appropriate methods, tools, online environments, equipment and materials. The students may be of differing levels of ability and potentially have minimal experience of IT.
Risk assessment (IG)(Level 4) Carries out risk assessments as directed, using standard processes for identifying potential information governance risks.
Implementation and processes (IG)(Level 6) Supports the development, implementation and monitoring of organisational policies and processes relating to information governance.
Regulatory compliance (Level 5) Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements.
Develops and builds effective relationships (RLMT) (Level 4) Works with customers and stakeholders, seeking to develop and enhance relationships
Threats and breaches (IG) (Level 5) Responds to major data security breaches in line with security and information governance policies and recommends appropriate control improvements. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation's security policy, which may include escalation and reporting the incident to the Information Commissioner's Office, and records the incident and action taken.
Review findings (AUDIT)(Level 4) Collates and analyses evidence regarding the interpretation and implementation of control measures, and/or conformance to standards, and prepares and communicates the audit report.

Behavioural Skills

Title Details
Organisational Awareness Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers.
Interacting with People Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences.
Influence, Persuasion and Personal Impact Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority.
Written Expression Communicating effectively in writing, such as reports and via emails.
Attention to Detail Applying specific quality standards to all tasks undertaken to ensure that deliverables are accurate and complete.
Information Acquisition Identifying gaps in the available information required to understand a problem or situation and devising a means of resolving them.
Teamwork Working collaboratively with others to achieve a common goal.

Technical Skills

Title Details Depth
Information Governance Audit Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit. Proficient in
Corporate, Industry and Professional Standards Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. Proficient in

Other Skills

Title Details Depth
Document Management Techniques Methods and techniques for the organisation, storage and version control of information in both paper and electronic formats. Familiar with
Legislation Relevant national and international legislation. Familiar with
Presentation Techniques Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. Familiar with
Risk Management Methods and techniques for the assessment and management of business risk. Familiar with
Report Writing Techniques Methods and techniques for writing clear, accessible and persuasive reports. Familiar with
Training Techniques Methods and techniques for creating and delivering effective and accessible learning and development. Familiar with
Coaching Techniques Methods and techniques for coaching individuals or groups by a balanced combination of support and direction, which could include use of virtual learning environments plus add-ons to augment feedback specific to work items, workflow or career plans. Aware of
Standards Writing Techniques Principles, methods and techniques for establishing, documenting, and maintaining standards. Familiar with
Stakeholder Engagement Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. Familiar with

Training

Title Details
Security Awareness Tools and techniques to help users and employees understand the role they play in helping to combat information security breaches and for IT and security professionals to prevent and mitigate risk.
Information Assurance Information assurance methods, tools and techniques used to protect the integrity, availability, authenticity, non-repudiation and confidentiality of user data and manage the risks related to the use, processing, storage, and transmission of information. 

Professional Development Activity (PDA)

Title Details PDA Group
Deputising Standing in for supervisor or manager on a temporary basis during periods of absence. Broadening Activities
Job Shadowing and Special Assignments Undertaking temporary periods or secondments in other roles, particularly those that offer a new perspective on own function or exposure to other environments and cultures. Broadening Activities
Gaining Knowledge of Activities of Employing Organisation Developing an understanding of the potentially diverse range of activities (service, governance, administrative, regulatory, commercial, charitable, industrial, etc.) undertaken by the employing organisation. Increasing Knowledge
Participation in Professional Body Affairs Taking an active part in professional body affairs at branch, specialist group, committee or board level. Participation in Professional Activities
Negotiating and Influencing Undertaking learning and practice of negotiating with and influencing others. Developing Professional Skills
Team Leadership Undertaking learning and practice of the skills required to lead teams, including motivation, direction, coaching, delegation, appraisal, counselling and developing others. Developing Professional Skills

Supporting Information

In addition to the broader learning delivery, learning delivery in this role should teach and coach colleagues to promote and embed good practice in information governance using appropriate methods, tools, and materials.

The Professional Body Responsible for this job family is IHRIM. This job role profile was created in collaboration with BCS, using Role Model Plus.

Give Feedback

The Occupational Architecture Project is interactive and dynamic


If you would like to provide feedback on this job role, or the job families, please click the button below.

Give Feedback