Main area Head of Information Governance Grade Band 8c Contract Permanent Hours
* Full time
* Home or remote working
37.5 hours per week Job ref 828-PROVIDE3419
Employer Provide CIC Employer type NHS Site Provide HQ Town Colchester Salary £74,290 - £85,601 pro rata Salary period Yearly Closing 03/03/2025 23:59
Job Overview
The main purpose of this role is to provide strategic planning and leadership for the Information Governance (IG) and Data Protection Services, whilst considering current policies, future legislative requirements, national standards and contractual agreements and be responsible for delivering the strategy, promoting innovation and supporting operational excellence across Provide group companies.
The post holder will be a prime source of expert advice, creating and maintaining a high level of awareness, profile and understanding of the strategic and practical importance of IG and Data Protection whilst ensuring that Provide and group companies are meeting their statutory and legal obligations.
The respective Provide Boards and Senior Leadership Team are committed to ensuring compliance with IG and Data Protection obligations across all areas of Provide and group companies and are a key driver of Provide groups ability to deliver excellence in all aspects of patient care and other corporate services.
Main duties of the job
IG Operational And Strategic Responsibilities
* Develop and execute IG strategic plans in alignment with Provide groups corporate strategy and ensure compliance with legal requirements, national standards and contractual agreements, responding to change where necessary
* To ensure the ethical, responsible, and compliant development, implementation, and use of Artificial Intelligence (AI) within the organisation
* Draft and update AI policies taking into account bias, fairness, transparency, accountability, privacy, and security
* Collaborate with cross-functional teams (SLT, IT, HR, Contracts, BI, etc.) to ensure alignment of AI governance with wider organisational policies and framework
* Ensure that best practice is developed and delivered at organisational and departmental levels. Challenge ways of working and persuade, motivate and influence other senior managers to realign their practice where necessary
* Responsible for overseeing IG and Data Protection Policies and Procedures ensuring they are compliant with the UK GDPR, DPA2018, National Standards and other relevant data protection legislation or code of practice
* Manage and escalate as required Provide groups Information risks in line with documented Policy
* Provide expert advice to the organisation on the Information Security Management System (ISMS) and information risk management. Oversee compliance and conformance with ISO27001 requirements
Working for our organisation
Provide is a Community Interest Company (social enterprise). We deliver a broad range of health and social care services in the community, and are committed to making sure that they are safe, responsive and of high quality. Provide is owned by its employees and has primarily social objectives. Any profits we make are reinvested into the local community or back into delivering services.
We work from a variety of community settings, such as community hospitals, community clinics, schools, nursing homes and primary care settings, as well as within people’s homes to provide more than 40 services to children, families and adults across Essex, Dorset, East Anglia and the North of England.
A Highly Respected, Award Winning Health And Social Care Provider. We Expect Our Staff To Demonstrate And Uphold Our Values At All Times
Vision: Transforming Lives
Values: Care, Innovation and Compassion
Mission: An ambitious, employee owned social enterprise, growing in size and influence. We transform lives by treating, caring and educating people.
Provide is an equal opportunity employer committed to building a team that represents a variety of backgrounds, perspectives and skills, proud to have LGBT+, Ethnic Minority and Men’s Networks. We welcome applicants from underrepresented groups. If you have the skills and experience for the job, please apply regardless of your background.
Detailed Job Description And Main Responsibilities
The post holder will lead the IG and Data Protection functions to ensure consistent and high-quality service across the entire organisation through a comprehensive programme of works and the provision of expertise in key areas. This includes but not limited to the following areas:
* Application of Data Protection principles
* Information Assurance Management
* Responsible and Ethical use of AI
* Review and guidance on Information Sharing Agreements and Protocols
* Subject Rights Management
* Freedom of Information
* RA Smart Cards – Access management
* Records management
* Regulatory compliance e.g UK GDPR, DPA2018, PECR, Health & Care Act 2022, Access to Health Records Act 1990, etc
* Compliance with the Caldicott Principles
* ISMS- ISO27001 management, certification and compliance
* Internal & external audits
* Data Protection Impact Assessments (DPIA)
* Contract reviews
* Data Security and Protection (DSPT) compliance
* Digital Technology Assessment Criteria (DTAC)
The post holder will also ensure that Provide group’s Information Governance agenda for the MSE Community Collaborative and wider Integrated Care System (ICS) is evolving to support the changes in care pathways and commissioning structures within the NHS.
The post holder will be expected to maintain overall steer and leadership for IG and Data Protection across the group, with responsibility for the safe and effective governance over sensitive patient confidential information, colleagues personal data, service user data and all other business sensitive data processed within the group.
As the recognised authority on all aspects of Information Governance and Data Protection the post holder will be expected to have regular contacts with internal and external stakeholders and will often need to engage with them over sensitive, complex, contentious and confidential issues.
Person specification
Qualifications
Essential criteria
* Educated to at least master’s degree level or equivalent substantial IG/DP/InfoSec practitioner experience, with a demonstrable track record working at a senior level in a specialist area
* Professional/formal qualifications or advanced training in any of the following areas – Information Governance, Data Protection, Information Security, Freedom of Information, Records Management
* Recognised project management qualification such as PRINCE2 Practitioner or equivalent extensive project management experience
* Evidence of continuing professional development
Desirable criteria
* Practitioner in Information Governance, Advanced Data Protection/Privacy or equivalent qualification e.g CIPP/E, CIPM, CISA, CISM, CISSP
* Formal Training/Certification in ISO27001 standards
* Formal Information Systems Auditor training/certification
Work Related Knowledge & Experience
Essential criteria
* Extensive Knowledge and experience working in a busy Information Governance role managing and leading in specialist areas, including Policy and strategy development, Information Sharing, Incident Handling, FOI, Caldicott Guidelines, risk management and Information Security
* Experience of implementing, managing and overseeing ISO27001:2013 certification in complex organisations
* In-depth knowledge and experience of ensuring compliance with regulatory and organisational policy and national guidelines, including at least 2 years’ experience developing and carrying out IG/IT/DP compliance audits
* Experience of matrix, cross-team and/or cross-discipline working
* Experience of reviewing, developing, procuring and managing information processing systems and applications and making recommendations for improved security and operational efficiency
Desirable criteria
* Experience of working within an ITIL framework.
* Experience in project lead role within the health or social care sectors.
* Member of an appropriate Information Governance/ Data Protection Professional body e.g. IAPP, BCS, ISACA, ISC2 etc
Skills
Essential criteria
* Excellent analytical and judgement skills with the ability to analyse and interpret complex data and information.
* Ability to maintain a plan of own workload that could be subject to adjustments due to varying workload and priorities.
* Ability to maintain a high level of accuracy when updating databases and systems in an environment where there could be multiple interruptions.
* Good documentation writing skills.
* Motivation and Negotiation skills. Ability to negotiate on difficult and very complex detailed issues.
Desirable criteria
* Experience of applying quality assurance techniques to check work outputs
* Ability to deal diplomatically with all levels and disciplines of staff.
* Capable of constructing and delivering clear ideas and concepts concisely
Further Information
How will we contact you?
* All correspondence for this post will be by email or text messaging. Please register for text messages on your TRAC account. Applicants are advised to check their email accounts regularly to ensure that email filters are set to allow our mails.
* As we often have many applicants for jobs at Provide, we regret that we will only be able to contact those external applicants who are shortlisted for interview. Therefore if you have not heard from us within 2 weeks of the closing date, then please assume you have not been shortlisted for interview on this particular occasion. Internal candidates who are unsuccessful can seek feedback from the recruiting manager.
* If you wish to contact the Recruitment Team, please do this via provide.recruitment1@nhs.net
* If you wish to contact the Recruiting Manager about the vacancy/role or for feedback after interview, their details are provided within the advert.
Checking progress on your application?
To check progress on your application, please log into your TRAC account. We aim to keep you updated on the status of your application as soon as we can.
Closing Date
Provide reserves the right to close this vacancy at any time or bring forward the closing date should it have an overwhelming response. We therefore encourage an early application to ensure consideration for this post.
Professional UK clinical registration required for the role?
If we require you to hold UK professional clinical registration to undertake a role we appoint you to, Provide will pay for your registration during the first year of your employment.
COVID-19 Vaccination
Provide CIC continues to encourage all colleagues to ensure they have been double vaccinated and received a booster vaccination. We recognise taking the vaccine provides the best defence against COVID 19 for our patients, service users, customers, fellow colleagues, and their families.
Anti Fraud
Our staff have been trained in 'Anti-Fraud' and will use technology to examine identity/immigration documents.
Disability
If you have a disability and need assistance or more time to complete your application or attending interview, please contact a member of the HR Services Team on 0300 3030 2661 or provide.recruitment1@nhs.net.
Work Trials
Please check with your local Job Centre Plus to see if you are eligible for a Work Trial. If you are interested in trying this job first, please contact the HR Services team and we can help you make the arrangements with the Job Centre and the Recruiting Manager.
We are committed to equal opportunities, flexible working practices and the National Living Wage.
Successful Applicant
You will be required to bring all your documentation to your interview to show the recruiting manager and again at your pre-employment appointment with the Recruitment Co-Ordinators. The information that you provide will be treated confidentially. If you fail to provide all of the information, Provide may not be able to fulfil our contractual obligations to you or may be prevented from complying with our legal obligations.
#J-18808-Ljbffr