Senior Information Management and Governance Officer
Data Protection and Information Rights lead (Grade E3)
FTC until August 2025 (Maternity cover)
Edinburgh/Hybrid
£46,392 – 54,003 per annum
Everything we do at the Scottish Funding Council (SFC) aims to create the right environment for colleges and universities to thrive.
The Scottish Funding Council is Scotland’s tertiary education and research authority. Our ambition is to make Scotland an outstanding place to learn, educate, research, and innovate – now and for the future. We focus on recruiting the best people and developing them throughout their career.
We’re looking for individuals who will connect with our guiding principles, including working in partnership, championing diversity, and supporting sustainability for future generations.
By fostering our guiding principles, we are proud of the inclusive working environment that we have created. We are committed to attracting people of all backgrounds: we want our colleague base to reflect the people and communities that we serve.
Job Summary
Reporting to the Assistant Director, Information Governance, you will lead on responding to information rights requests and fulfil the role of the Data Protection Officer. You will work closely with senior leaders, including the Senior Information Risk Officer and Chief Information Officer, supporting the Assistant Director to deliver the Information Governance Framework and leading on associated activities.
As an experienced Information Rights and Data Protection practitioner, you will be skilled in dealing with sensitive, complex information, building trusted relationships with colleagues across SFC, and exercising good judgement in responding to information rights requests.
You will be expected to work flexibly across the responsibilities of the information governance team, stepping in to provide cover and support when required to ensure deadlines are met. A keen understanding of the strategic context within which the SFC is working will be key to success in this role.
Key Responsibilities
1. Leading the response to information rights requests, providing advice to colleagues across SFC, ensuring legal compliance with relevant legislation.
2. Provide an efficient and effective senior contact point for queries in relation to information rights and data protection, including complex ones.
3. Ensure staff understand their responsibilities within data protection legislation and information rights and follow relevant processes.
4. Promote an information governance culture and an understanding of data protection compliance throughout the organisation.
5. Inform and advise SFC staff, including senior leaders, about their obligations to comply with the UK GDPR and other relevant data protection laws.
6. Develop and maintain effective coordination and liaison with stakeholders and external partners.
7. Identify opportunities to improve ways of working within Information Governance and implement positive change.
8. Manage and advise on internal data protection activities, such as supporting colleagues to deliver Data Protection Impact Assessments and Data Sharing Agreements.
9. Develop and maintain SFC’s Records of Processing Activities (RoPA) to ensure accuracy and regular reviews.
10. Co-ordinate with Information Governance colleagues to assess and respond to personal data breaches.
11. Identify and implement improvements to data protection and information rights compliance.
12. Contribute, make recommendations and report to the Information Governance Oversight Group on data protection and information rights development and compliance.
13. Monitor SFC’s compliance with the UK GDPR and other data protection laws, raising awareness of data protection issues.
14. Be the first point of contact for the ICO and for internal and external stakeholders.
15. Support the formulation, implementation and regular review of policy and guidance to ensure compliance with relevant legislation and best practice.
Person Specification
Essential Requirements:
1. Experience administering Azure Services: M365, App Service, Azure SQL, Blob Storage, Key Vault, ExpressRoute, Virtual machines, Virtual Networks.
2. Experience of Azure Migration, migrating on-premises solutions to the cloud using Azure Migrate (or other) tools.
3. Experience with Continuity of Operations/Disaster Recovery architecture and planning.
4. Extensive experience administering Windows Server OS 2016 and above.
5. In-depth technical knowledge of Microsoft Azure and On-Prem infrastructure components.
6. In-depth knowledge of Azure Security Centre and Azure Monitor.
7. In-depth knowledge of multi-factor authentication and Microsoft AD Integration.
8. Good working knowledge of Network and VPN administration.
9. Good working knowledge of Active Directory Services.
10. Qualifications: Microsoft Cloud Certification, at least one of the following (AZ-400, AZ-303, AZ-104).
11. Good interpersonal and communication skills.
12. Proven track record of delivering high quality and effective outputs.
13. Ability to work collectively and with impact as part of a team.
Desirable Criteria:
1. Experience of performing the Data Protection Officer role, preferably in a public sector context.
2. Experience of enhancing the information governance culture in an organisation.
Location
SFC offers hybrid working. While the role is based at our Edinburgh office, there is substantial opportunity to work from home. A minimum of one day a month in the office is expected, but this can be agreed between the employee and their line manager.
Key Rewards and Benefits
1. Normal full-time hours of work are 35 per week with flexible working arrangements.
2. Annual leave entitlement of 26.5 days pro-rata, rising to 30 days pro-rata after 4 years.
3. A flexible approach to hybrid working.
4. Annual pay review within the framework of the Scottish Government’s Public Sector Pay Policy.
5. Eligibility to join the Civil Service Pension Scheme.
6. Support for continuous professional development.
7. Support for health and wellbeing, including generous occupational sick pay.
8. Support for travel to and from work.
The Selection Process
How to Apply
To apply, please send your CV and cover letter. The selection panel will assess your application against the selection criteria in the Person Specification section above.
Pre-Employment Checks
As part of our pre-employment process, we will ask you to provide documentation to show that you are eligible to work in the UK and a Basic Disclosure Scotland certificate.
Disability Confident
If you need any adjustments to support your application, please contact us and we’ll do everything we can to help.
#J-18808-Ljbffr