IG Officer

Job summary

The Privacy, Transparency & Trust (PTT) Sub-directorate is a sub-directorate of the Delivery Directorate. The mission of the PTT Sub-directorate is to enable NHS England to drive innovation and improve lives through greater use of data and technology and to be a well-run PTT Sub-directorate will enable and promote public trust in NHS England's custodianship of staff, workforce and patient data. This aligns with the new legal duty of NHS England to have regard to the need to respect and promote privacy of patients and the core principles that underpin NHS England as a safe haven of patient data.

The Information Governance Officer role sits within the PTT Sub-directorate, as part of the Information Risk and Assurance domain that is responsible for providing oversight and assurance of IG compliance by NHSE and organisations it shares data with and mitigates and minimises organisational information risk. The risk and assurance team contribute to ensuring that NHS England is a well-run organisation and that we are meeting the expectations set for us through the new Statutory Guidance. This includes hosting and membership of the Advisory Group for Data, carrying out day-to-day operational activities and support for the Senior Information Risk Owner (SIRO) and providing a central role in the management of information risks owned by the PTT sub-directorate.

Main duties of the job

The role of an Information Governance Officer is to provide essential support to the work and mission of the Risk and Assurance domain within the PTT Sub-directorate. The role is key for helping colleagues within the risk and assurance team to deliver key operational IG activities, which include:

Providing assurance on IG and Statutory Guidance compliance through:o Assurance and monitoring of internal business areas and external suppliers and 3rd parties to ensure that standards and processes are implemented appropriately;o Internal information governance compliance audits and reviews;o Audits of data use and sharing.

On behalf of the Senior Information Risk Owner (SIRO):o Develop and maintain the organisational information risk strategy;o Discharge many of the SIRO operational responsibilities on behalf of the SIRO, including all operational day-to-day responsibilities;o Monitor and report on mitigation of information risk across the PTT sub-directorate and across the organisation, ensuring information risk is being appropriately identified, mitigated and managed on an ongoing basis;o Manage the operation of the advisory group for data, including leading the oversight and assurance review framework.

About us

The NHS England board have set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all, which will inform the detailed design work and we will achieve this purpose by:

Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities. Making the NHS a great place to work, where our people can make a difference and achieve their potential. Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care Optimising the use of digital technology, research, and innovation Delivering value for money.

If you would like to know more or require further information, please visit

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person.

Job description

Job responsibilities

You can find further details about the job, organisational structure, recruitment profile, expected outcomes and benefits information in the attached Job Description and other supporting documents.

Person Specification

Qualifications

Essential

Educated to Graduate degree level (in a relevant subject) or equivalent relevant experience within a professional working environment. Accredited IG specific qualification (but not limited to) BCS, ISEB, PDP, IAPP or equivalent experience

Knowledge

Essential

The role requires knowledge of the following laws and legal frameworks: Data protection law: Understanding key principles and concepts of data protection law set out in the UK GDPR, DPA 2018, Human Rights Act 1998. Understanding how IG assurance is achieved within NHS organisations, including the requirements of the NHS Data Security and Protection Toolkit / Cyber Assurance Framework. NHS legal framework: Understanding the statutory functions of NHS England, and NHS England's use of personal data.

Experience

Essential

Experience working in an information governance / privacy / data protection role. Experience in identifying IG, compliance and operational risks and issues and escalating where appropriate. Experience working collaboratively across team, function, and organisational boundaries, to achieve the best outcomes for the organisation. Engaging and contributing to a team culture of continuous improvement and excellent service delivery. Developing yourself and others to operate a "one team" respectful and inclusive culture.

---