Information Governance Compliance Officer
The post holder will be a key member of the Information Governance (IG) team, providing a comprehensive, high quality, confidential service to Provide Group.
The post holder will perform a range of general and specialist duties associated with Information Governance systems and processes with particular focus on Compliance.
The prime objective of this role will be to lead on specific Information Governance programmes and to ensure that work is carried out effectively and professionally with specific responsibility for helping to develop and implement Information Security, Confidentiality and all key IG Policies and protocols across the Provide CIC and Group companies and to ensure compliance across the board.
The production and maintenance of accurate project documentation is an essential part of this role along with the coordination of time critical work.
Main duties of the job
* Carrying out Data Protection audits to monitor and assess compliance against IG Policies and Procedures, National Standards, Contractual clauses and relevant Data Protection Laws.
* Ensure that the organisation's Information Asset Register (IAR) and Records of Processing Activities (ROPA) are maintained and remain compliant with the UK GDPR and DPA2018.
* Liaising with IT and Cyber security team and other stakeholders with regards managing Information security risks and compliance with information security standards such as ISO27001, Cyber Essentials and the National Data Guardian Standards.
* Provide training on the use of new IG systems and processes.
* Support with the processing of Information Sharing Agreements.
* Assist with completing Data Protection Impact Assessments (DPIA).
* Ensure the recording of all work is in line with the organisation's procedures, and ensure all requests are appropriately approved and authorised through the change control processes.
* Programme and project administrative support when required, working to PRINCE2 Project Management standards.
* Give support and guidance on evidence for completion of the DSP Toolkit, ensuring evidence is cohesive, self-explanatory and relevant to the financial year assessment.
* Support the development, implementation, monitoring and maintenance of IG Policies and procedures to ensure that Provide CIC and Group companies comply with the Data Protection Act 2018, Access to Health Records Act and all other relevant data legislation.
About us
Provide is a Community Interest Company (social enterprise). We deliver a broad range of health and social care services in the community, and are committed to making sure that they are safe, responsive and of high quality. Provide is owned by its employees and has primarily social objectives. Any profits we make are reinvested into the local community or back into delivering services.
We work from a variety of community settings, such as community hospitals, community clinics, schools, nursing homes and primary care settings, as well as within people's homes to provide more than 40 services to children, families and adults across Essex, Dorset, East Anglia and the North of England. A highly respected, award-winning health and social care provider. We expect our staff to demonstrate and uphold our values at all times:
Vision: Transforming Lives
Values: Care, Innovation and Compassion
Mission: An ambitious, employee-owned social enterprise, growing in size and influence. We transform lives by treating, caring and educating people.
Provide is an equal opportunity employer committed to building a team that represents a variety of backgrounds, perspectives and skills, proud to have LGBT+ and Ethnic Minority Networks.
We welcome applicants from underrepresented groups. If you have the skills and experience for the job, please apply regardless of your background.
Eligible for NHS Pension
Job responsibilities
Please see attached full Job Description (JD) for detailed job description and main responsibilities.
Person Specification
Qualifications and Education
* Educated to Degree level (or equivalent qualification) o Evidence of continuing personal development.
* Certified Information Systems Auditor (CISA) o Recognised project management qualification such as PRINCE2 or equivalent project management experience o Specialist training in conducting a Data Protection impact Assessment (DPIA) o Specialist training in the Registration Authority process o Understand the ITIL framework and its principles o Foundation in Data Protection or equivalent qualification.
Work Related Knowledge and Experience
* At least one year of experience working in an Information Governance role providing support on all areas including Data Protection, Information sharing, Subject Access Requests, Incident Handling, Caldicott Guidelines, Information Security o Sound Knowledge in at least one of the specialisms listed above.
* Experience of working in a similar role in the health or care sector o Knowledge of assessing or monitoring compliance with either information security, data governance or quality standards and/or regulations o Understanding of Information Security Management principles o Experience of working within an ITIL framework o At least one year of experience in a project coordination role within the health or social care.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
#J-18808-Ljbffr