Job summary
The Information Governance (IG) Service Manager is responsible for leading the development, implementation, and maintenance of a robust information governance framework across the organisation.
This role ensures compliance with legal and regulatory requirements (e.g., UK GDPR, Data Protection Act 2018, Access to Health Records Act 1990, NHS Data Security & Protection Toolkit (DSPT)) while fostering a culture of accountability and transparency in the management of patient, staff, and organisational data.
The post holder will drive efficiency in IG operations, mitigate information risks, and advise on all aspects of data protection, confidentiality, and records management.The IG Service Manager holds key information governance and management responsibility in the organisation, supporting and as required standing in for, the IG Manager - Operations Lead.
Main duties of the job
Information Governance Leadership
Develop, implement, and monitor the Trust's IG strategy, policies, and procedures to ensure alignment with national NHS standards and legal requirements.
Lead the annual submission of the NHS Data Security and Protection Toolkit (DSPT), coordinating evidence collection and ensuring compliance with all mandatory standards.
Provide expert advice to senior leadership on IG risks, trends, and mitigation strategies.
Work with clinical/operational teams to embed IG best practice into daily workflows.
Personal Data Breach Management
Act as the Trust's lead investigator for suspected or confirmed data breaches, ensuring timely reporting to the Information Commissioner's Office (ICO) and affected individuals where required.
Maintain a breach incident log, conduct root cause analyses, and implement corrective actions to prevent recurrence.
Training & Awareness
Design and deliver tailored IG training programs (e.g., data protection, data sharing, records management) for staff at all levels, including mandatory training for new starters.
Promote a strong IG culture through campaigns, newsletters, and intranet resources.
Corporate Records Management
Oversee the Trust's corporate records management lifecycle, including retention schedules, secure storage/archiving, and lawful disposal of physical/electronic records.
About us
King's College Hospital NHS Foundation Trust is one of the UK's largest and busiest teaching Trusts with a turnover of c£1.8 billion, 1.5 million patient contacts a year and more than 15,000 staff based across South East London. The Trust provides a full range of local and specialist services across its five sites. The trust-wide strategy of Strong Roots, Global Reach is our Vision to be BOLD, Brilliant people, Outstanding care, Leaders in Research, Innovation and Education, Diversity, Equality and Inclusion at the heart of everything we do. By being person-centred, digitally-enabled, and focused on sustainability, we aim to take Team King's to another level.
We are at a pivotal point in our history and we require individuals who are ready to join a highly professional team and make a real, lasting difference to our patients and our people.
King's is committed to delivering Sustainable Healthcare for All via our Green Plan. In line with national Greener NHS ambitions, we have set net zero carbon targets of 2040 for our NHS Carbon Footprint and 2045 for our NHS Carbon Footprint Plus. Everyone's contribution is required in order to meet the goals set out in our Green Plan and we encourage all staff to work responsibly, minimising their contributions to the Trust's carbon emissions, waste and pollution wherever possible.
Job description
Job responsibilities
Team & Service Management
Line manage the IG team, fostering a collaborative and high-performing culture.
Monitor KPIs for the IG service (e.g., breach response times, corporate SAR compliance rates) and report outcomes to the Trust Information Governance Steering Group (IGSG).
Support the preparation of various reports for the SIRO, Deputy SIRO and Caldicott Guardian for relevant internal meetings, the Kings Executive and the Trust Board (including delegated committees) covering IG issues as required.
Act as a role model by demonstrating leadership and expertise, and by maintaining credibility within the Trust, the wider health community and external agencies ensuring a positive image of the Trust is maintained.
Representation of the Trust IG work stream at various meetings both internally and externally as required.
Strategy, Policy and Procedure
Working with the wider IG&M team, ensure that the Trust has in place the appropriate strategy, policy and procedure documents and training.
Develop relevant policy and procedure and oversee its implementation for the Trust in line with contemporaneous guidance: relevant law, DHSC targets, national regulation and guidelines, and best practice.
Ensure that these policies and procedures are communicated to Trust staff through the delivery of comprehensive training and other media and ensure that ongoing compliance with the same is monitored and audited as appropriate.
Job description
Job responsibilities
Team & Service Management
Line manage the IG team, fostering a collaborative and high-performing culture.
Monitor KPIs for the IG service (e.g., breach response times, corporate SAR compliance rates) and report outcomes to the Trust Information Governance Steering Group (IGSG).
Support the preparation of various reports for the SIRO, Deputy SIRO and Caldicott Guardian for relevant internal meetings, the Kings Executive and the Trust Board (including delegated committees) covering IG issues as required.
Act as a role model by demonstrating leadership and expertise, and by maintaining credibility within the Trust, the wider health community and external agencies ensuring a positive image of the Trust is maintained.
Representation of the Trust IG work stream at various meetings both internally and externally as required.
Strategy, Policy and Procedure
Working with the wider IG&M team, ensure that the Trust has in place the appropriate strategy, policy and procedure documents and training.
Develop relevant policy and procedure and oversee its implementation for the Trust in line with contemporaneous guidance: relevant law, DHSC targets, national regulation and guidelines, and best practice.
Ensure that these policies and procedures are communicated to Trust staff through the delivery of comprehensive training and other media and ensure that ongoing compliance with the same is monitored and audited as appropriate.
Person Specification
Knowledge & Experience
Essential
- Knowledge and experience of implementing a robust Information Asset Management system.
- Experience of managing patient-level data within an NHS setting.
- Knowledge of the legislative and national requirements including UK GDPR, Data Protection Act 2018, the Health and Social Care Records Management Code of Practice 2021
- Experience in delivering the Data Security and Protection Toolkit (DSPT).
- Demonstrable specialist knowledge in Information Governance in an NHS setting.
- Experience of managing a busy team.
- Experience of setting up and implementing internal processes and procedures.
- Experience of drafting and reviewing data sharing agreements and data protection impact assessments.
- Experience of dealing with complaints and personal data breach management.
- Experience of designing and delivering IG training to various staff groups.
- Demonstrated experience of co-ordinating projects in complex and challenging environments
- Experience of processing subject access requests, freedom of information and police requests.
Desirable
- Knowledge of the ISO15489 records management standard
- Knowledge of BS 10008:2014
- Comprehensive knowledge of project principles, techniques and tools, such as Prince 2 Foundation
- Knowledge of Financial Systems e.g. monitoring budget management, processing invoices and procurement
Skills & Competencies
Essential
- Clear communicator with excellent written and presentation skills; capable of constructing and delivering clear ideas and concepts concisely and accurately to a diverse and varied range of audiences consisting of internal and external stakeholders.
- Ability to prepare and produce concise yet insightful communications for dissemination to senior stakeholders and a broad range of stakeholders as required.
- Ability to analyse very complex issues where material is conflicting and drawn from multiple sources.
- Demonstrated capability to act upon incomplete information, using experience to make inferences and decision making.
- Numerate and able to understand complex financial issues combined with deep analytical skills.
- Demonstrated capabilities to manage own workload and make informed decisions. in the absence of required information, working to tight and often changing timescales
- Consistently thinks about how their work can help and support clinicians and frontline staff deliver better outcomes for patients.
- Values diversity and difference operates with integrity and openness.
- Works well with others, is positive and helpful, listens, involves, respects and learn.s from the contribution of others
- Consistently looks to improve what they do, look for successful tried and tested ways of working, and also seeks out innovation.
- Commitment to and focused on quality, promotes high standards in all they do.
- Good all round IT skills including email, internet, word processing, excel spreadsheet, power point presentation and database software.
- Evidence of commitment to personal development and training.
Education & Qualifications
Essential
- Educated to Post-graduate degree level in relevant subject or equivalent level qualification or significant experience of working at a similar level in specialist area.
- Further training or significant experience in project management, financial management or supporting change management processes.
Desirable
- Data Protection and/or Records Management qualification
Person Specification
Knowledge & Experience
Essential
- Knowledge and experience of implementing a robust Information Asset Management system.
- Experience of managing patient-level data within an NHS setting.
- Knowledge of the legislative and national requirements including UK GDPR, Data Protection Act 2018, the Health and Social Care Records Management Code of Practice 2021
- Experience in delivering the Data Security and Protection Toolkit (DSPT).
- Demonstrable specialist knowledge in Information Governance in an NHS setting.
- Experience of managing a busy team.
- Experience of setting up and implementing internal processes and procedures.
- Experience of drafting and reviewing data sharing agreements and data protection impact assessments.
- Experience of dealing with complaints and personal data breach management.
- Experience of designing and delivering IG training to various staff groups.
- Demonstrated experience of co-ordinating projects in complex and challenging environments
- Experience of processing subject access requests, freedom of information and police requests.
Desirable
- Knowledge of the ISO15489 records management standard
- Knowledge of BS 10008:2014
- Comprehensive knowledge of project principles, techniques and tools, such as Prince 2 Foundation
- Knowledge of Financial Systems e.g. monitoring budget management, processing invoices and procurement
Skills & Competencies
Essential
- Clear communicator with excellent written and presentation skills; capable of constructing and delivering clear ideas and concepts concisely and accurately to a diverse and varied range of audiences consisting of internal and external stakeholders.
- Ability to prepare and produce concise yet insightful communications for dissemination to senior stakeholders and a broad range of stakeholders as required.
- Ability to analyse very complex issues where material is conflicting and drawn from multiple sources.
- Demonstrated capability to act upon incomplete information, using experience to make inferences and decision making.
- Numerate and able to understand complex financial issues combined with deep analytical skills.
- Demonstrated capabilities to manage own workload and make informed decisions. in the absence of required information, working to tight and often changing timescales
- Consistently thinks about how their work can help and support clinicians and frontline staff deliver better outcomes for patients.
- Values diversity and difference operates with integrity and openness.
- Works well with others, is positive and helpful, listens, involves, respects and learn.s from the contribution of others
- Consistently looks to improve what they do, look for successful tried and tested ways of working, and also seeks out innovation.
- Commitment to and focused on quality, promotes high standards in all they do.
- Good all round IT skills including email, internet, word processing, excel spreadsheet, power point presentation and database software.
- Evidence of commitment to personal development and training.
Education & Qualifications
Essential
- Educated to Post-graduate degree level in relevant subject or equivalent level qualification or significant experience of working at a similar level in specialist area.
- Further training or significant experience in project management, financial management or supporting change management processes.
Desirable
- Data Protection and/or Records Management qualification
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
