Job summary
Join a passionate, forward-thinking team at Navigo as our new
Information Governance Compliance Lead. This vital role has opened to
strengthen our focus on data protection, compliance and integrity. You will lead
IG assurance activities, oversee policies and audits, and work with national
partners to meet evolving legal standards. You will thrive in a collaborative,
supportive team that values autonomy, impact and innovation while making a
difference in mental health services.
Main duties of the job
As the
Information Governance Compliance Lead, you will play a key role in safeguarding
data integrity and ensuring our organisation meets national information
governance standards. With 2026 marking our first year of compliance with the
new Cyber Assessment Framework (CAF), you will lead preparations and ensure we
meet all requirements. You will also support compliance with the Data Protection
Act, GDPR, and the DSPT. Working across teams, you will coordinate audits, manage
data breaches, write and review policies, and deliver IG training. You will need
excellent communication, strong planning, and the ability to translate complex
legislation into practical action. This is a proactive, collaborative role
where you will make a real impact in a purpose-driven organisation.
About us
Hello!
We
are Navigo. We look after North East Lincolnshire's mental health and
well-being, an award-winning social enterprise that provides mental health
services to the NHS and beyond.
The
whole basis of our work is to deliver services that we would be happy for our
own family to use.
We
offer a range of mental health services, including acute and community
facilities as well as specialist support such as outstanding older adults
inpatient services, rehabilitation and recovery community mental health and an
outstanding specialist eating disorder facility.
Ranked
as one of the top UK companies to work for, we feature in the Best Companies
top 100 large company list.
As
a social enterprise, we do things a little bit differently and have also
developed income-generating commercially viable businesses that provide
training, education and employment opportunities including Grimsby Garden
Centre.
Working
at Navigo is not like working anywhere else. Lots of places say that, but we
really mean it.
We
like to work with forward-thinking people who want to make a difference.
Come
and Join us !
Please
note: Whilst we value all applications, if we believe an application to be AI
generated, we will use a checking tool and may reject any application that has
been automatically generated.
Should
you require any assistance in completing this application due to a disability
or other needs please contact navigo.recruitment@nhs.net
Job description
Job responsibilities
To support
information governance (IG) compliance within the organisation, in conjunction
with the wider information governance team.
Develop and
maintain the IG framework to ensure compliance with the NHS Data Security and
Protection Toolkit (DSPT), Cyber Assessment Framework (CAF), and other
regulatory requirements.
Write,
review, and update IG policies, ensuring alignment with legal, regulatory, and
NHS standards.
Design and
deliver training to staff on data protection, confidentiality, and records
management, to ensure compliance with IG policies.
Oversee data
breach investigations and reporting to relevant authorities (e.g., the ICO) and
updating the SIRO on progress of investigations.
Conduct
internal audits and risk assessments to identify and mitigate IG risks.
Act as the
primary point of contact with NHS Digital, regulators, and partners regarding
IG matters.
Provide
evidence for CAF and DSPT compliance, particularly as an operator of essential
services.
To
line manage identified staff, ensuring that all enquiries and incidents are
dealt with effectively and responsively.
Job description
Job responsibilities
To support
information governance (IG) compliance within the organisation, in conjunction
with the wider information governance team.
Develop and
maintain the IG framework to ensure compliance with the NHS Data Security and
Protection Toolkit (DSPT), Cyber Assessment Framework (CAF), and other
regulatory requirements.
Write,
review, and update IG policies, ensuring alignment with legal, regulatory, and
NHS standards.
Design and
deliver training to staff on data protection, confidentiality, and records
management, to ensure compliance with IG policies.
Oversee data
breach investigations and reporting to relevant authorities (e.g., the ICO) and
updating the SIRO on progress of investigations.
Conduct
internal audits and risk assessments to identify and mitigate IG risks.
Act as the
primary point of contact with NHS Digital, regulators, and partners regarding
IG matters.
Provide
evidence for CAF and DSPT compliance, particularly as an operator of essential
services.
To
line manage identified staff, ensuring that all enquiries and incidents are
dealt with effectively and responsively.
Person Specification
Qualifications
Essential
- Educated to Degree Level or equivalent demonstrable experience in Information Governance
- Specialist qualification in Information Governance / Data Protection or equivalent demonstrable experience
Desirable
- Recognised qualification or experience in project management or equivalent
Experience
Essential
- Writing and implementing policy and strategy documents.
- Investigating possible breaches of compliance and experience of identifying issues and problem solving
- Being flexible and adaptable at work in order to meet competing priorities
- Ability to work independently; The ability to work autonomously and interpret available standards and legislation, e.g. GDPR, Records Management Code of Practice, Data Security & Protection Toolkit
Desirable
- Personally leading change & improvement programmes with a range of staff
- Producing and delivering appropriate training to staff
Additional Criteria
Essential
- Advanced keyboard skills and advanced user of Microsoft Office, including Outlook, Word, Excel, PowerPoint, Teams, Planner, Forms.
Knowledge
Essential
- Excellent understanding of Data Protection Legislation
- Understanding of the use of Data Protection Impact Assessments
Desirable
- Knowledge and understanding of privacy by design principles
Person Specification
Qualifications
Essential
- Educated to Degree Level or equivalent demonstrable experience in Information Governance
- Specialist qualification in Information Governance / Data Protection or equivalent demonstrable experience
Desirable
- Recognised qualification or experience in project management or equivalent
Experience
Essential
- Writing and implementing policy and strategy documents.
- Investigating possible breaches of compliance and experience of identifying issues and problem solving
- Being flexible and adaptable at work in order to meet competing priorities
- Ability to work independently; The ability to work autonomously and interpret available standards and legislation, e.g. GDPR, Records Management Code of Practice, Data Security & Protection Toolkit
Desirable
- Personally leading change & improvement programmes with a range of staff
- Producing and delivering appropriate training to staff
Additional Criteria
Essential
- Advanced keyboard skills and advanced user of Microsoft Office, including Outlook, Word, Excel, PowerPoint, Teams, Planner, Forms.
Knowledge
Essential
- Excellent understanding of Data Protection Legislation
- Understanding of the use of Data Protection Impact Assessments
Desirable
- Knowledge and understanding of privacy by design principles
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
