Information Governance & Information Security Manager

Surrey and Borders Partnership NHS Foundation Trust

Information:

This job is now closed

Job summary

The Purpose of the Information Governance and Information Security manager is to provide the organisation independent, risk-based advice to support its decision-making in the appropriateness of processing Personal and Special Categories of Data within the Principles and Data Subject Rights laid down in the General Data Protection Regulation (GDPR). The role also keeps the organisation safe with regards to information governance and security, compliance to the Freedom of Information Act. This role will hold regular monthly meetings with the Caldicott Guardian who is a member of the Trust Board, to highlight and discuss relevant issues.

Main duties of the job

This role would suit someone who has the capability to work within a changing environment and be able to work with all staff both internally or externally. The person will be responsible for managing the Information Governance and Information Security agenda within the Trust, bringing together and prioritising work on initiatives including Information Quality Assurance, Data Protection, Information Security and Freedom of Information in a consistent way. Key objectives for the post-holder will be to raise awareness of information governance and security and the understanding of why it matters across all staff groups in the Trust.

About us

Surrey and Borders Partnership NHS Foundation Trust is the leading provider of health and social care services for people of all ages with mental ill-health, substance mis-use, and learning disabilities in Surrey and North East Hampshire.

We actively seek to engage people who use our services and our communities in improving the mental wellbeing of the local population. We work closely with other NHS and voluntary sector organisations who provide services and support people who use services and carers.

Surrey is a beautiful county lying just 30 minutes away from Central London and from the South Coast.

Our historic market towns and bustling districts are enveloped in wonderful countryside, and our excellent road and rail networks bring the rest of the country within easy reach.

For international travel, both Gatwick and Heathrow airports are nearby.

Please note that we reserve the right to close posts as soon as sufficient applications are received.

Eligibility to high cost area supplement is conditional upon candidates residence and will be discussed on offer.

We look forward to receiving your application!

Date posted

17 July 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£52,963 to £59,360 a year Incl. 5% Fringe HCAS, pa, pro rata.

Contract

Permanent

Working pattern

Full-time

Reference number

325-6430593-CORP

Job locations

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Job description

Job responsibilities

Key Responsibilities

  • Responsible and accountable on a day-to-day basis for information governance work in the Trust, including information quality assurance, records management, Data Protection and confidentiality, information security and Freedom of Information.
  • Manage and coordinate projects required for implementation of information governance and information security across the Trust.
  • Establishing, maintaining, and monitoring the required security levels for accessing data held on both manual and electronic system records ensuring compliance with Data Protection Act and Caldicott recommendations.
  • Act as the subject matter expert for information governance in supporting the Caldicott Guardian, the SIRO (Senior Information Risk Owner) and Associate Director of Records and Privacy on matters relating to national legislation, EU law and best practice.
  • Support and advise the Trust's Data Protection Officer with their duties of ensuring that patient and staff rights are protected.
  • Support the SIRO and Associate Director of Records and Privacy on the development of strategies, policies and guidance to promote and develop best practices as defined by the NHS Data Security and Protection Toolkit (DSPT) and to comply with national legislation.
  • To shape and lead the Trusts Information Governance team, managing the Trusts information governance annual assessment, work programme and action/improvement plans in line with the Trusts information governance strategy and policy and the evolving requirements of the NHS DSPT.
  • To provide information governance advice within the Trust where service developments, changes, or closure of services may impact on compliance to legislation and national policy.
  • Work with other providers, such as health, social services, police etc to comply with any information governance requirements.
  • Ensure compliance with UK GDPR 2016 and Data Protection Act 2018 and any other legal/national requirements.
  • Provide information security and EPR privacy support and advice to the Trust; Lead on ensuring compliance and conformance with the legal and regulatory framework covering information security and privacy and relevant Data Security and Protection Toolkit requirements.
  • Lead on in ensuring the Trust's Policies and Procedures that cover information security and privacy are appropriate, up to date, and reflect the business practices of the Trust in accordance with current legislation and local requirements.
  • Working with the Trust EPR System Administration Support function to investigate suspected and actual breaches of security and privacy and undertake reporting/remedial action, as instructed. Maintain a log of any incidents and remedial recommendations and actions and raise those on the Trust's Risk Management system by liaising with the Head of Risk.
  • Continuously assess, via audit and review, the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action.
  • Provide regular briefings to the Associate Director of Records and Privacy prior to meetings of the Information Governance Steering Group (IGSG) or similar group/board on the effectiveness of information security and privacy functions.
  • Contribute to decision making and carry through decisions made by the IGSG or other relevant group/boards or the Trust Board.
  • Maintain currency with information security and security enhancing technologies and brief colleagues as needed to enable measures to be implemented where and when necessary/desirable.
  • Developing and conducting regular audits to check on integrity of data security and privacy within the Trust and ensure robust reporting is in place and address any necessary breaches.
  • To take forward the Trusts current work programmes for the implementation of the Freedom of Information Act and ensure that the Trust meets its statutory requirements to deal with information requests and comply with all aspects of the Act.
  • Head the IG team with management of IG staff, ensuring budgetary resources are used effectively.
  • The purpose of this role is to provide the organisation independent risk-based advice to support its decision-making in the appropriateness of processing Personal and Special Categories of Data within the Principles and Data Subject Rights laid down in the General Data Protection Regulation (GDPR). This role will hold regular monthly meeting with the Caldicott Guardian who is a member of the Trust Board, to highlight and discuss relevant issues.

Job description

Job responsibilities

Key Responsibilities

  • Responsible and accountable on a day-to-day basis for information governance work in the Trust, including information quality assurance, records management, Data Protection and confidentiality, information security and Freedom of Information.
  • Manage and coordinate projects required for implementation of information governance and information security across the Trust.
  • Establishing, maintaining, and monitoring the required security levels for accessing data held on both manual and electronic system records ensuring compliance with Data Protection Act and Caldicott recommendations.
  • Act as the subject matter expert for information governance in supporting the Caldicott Guardian, the SIRO (Senior Information Risk Owner) and Associate Director of Records and Privacy on matters relating to national legislation, EU law and best practice.
  • Support and advise the Trust's Data Protection Officer with their duties of ensuring that patient and staff rights are protected.
  • Support the SIRO and Associate Director of Records and Privacy on the development of strategies, policies and guidance to promote and develop best practices as defined by the NHS Data Security and Protection Toolkit (DSPT) and to comply with national legislation.
  • To shape and lead the Trusts Information Governance team, managing the Trusts information governance annual assessment, work programme and action/improvement plans in line with the Trusts information governance strategy and policy and the evolving requirements of the NHS DSPT.
  • To provide information governance advice within the Trust where service developments, changes, or closure of services may impact on compliance to legislation and national policy.
  • Work with other providers, such as health, social services, police etc to comply with any information governance requirements.
  • Ensure compliance with UK GDPR 2016 and Data Protection Act 2018 and any other legal/national requirements.
  • Provide information security and EPR privacy support and advice to the Trust; Lead on ensuring compliance and conformance with the legal and regulatory framework covering information security and privacy and relevant Data Security and Protection Toolkit requirements.
  • Lead on in ensuring the Trust's Policies and Procedures that cover information security and privacy are appropriate, up to date, and reflect the business practices of the Trust in accordance with current legislation and local requirements.
  • Working with the Trust EPR System Administration Support function to investigate suspected and actual breaches of security and privacy and undertake reporting/remedial action, as instructed. Maintain a log of any incidents and remedial recommendations and actions and raise those on the Trust's Risk Management system by liaising with the Head of Risk.
  • Continuously assess, via audit and review, the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action.
  • Provide regular briefings to the Associate Director of Records and Privacy prior to meetings of the Information Governance Steering Group (IGSG) or similar group/board on the effectiveness of information security and privacy functions.
  • Contribute to decision making and carry through decisions made by the IGSG or other relevant group/boards or the Trust Board.
  • Maintain currency with information security and security enhancing technologies and brief colleagues as needed to enable measures to be implemented where and when necessary/desirable.
  • Developing and conducting regular audits to check on integrity of data security and privacy within the Trust and ensure robust reporting is in place and address any necessary breaches.
  • To take forward the Trusts current work programmes for the implementation of the Freedom of Information Act and ensure that the Trust meets its statutory requirements to deal with information requests and comply with all aspects of the Act.
  • Head the IG team with management of IG staff, ensuring budgetary resources are used effectively.
  • The purpose of this role is to provide the organisation independent risk-based advice to support its decision-making in the appropriateness of processing Personal and Special Categories of Data within the Principles and Data Subject Rights laid down in the General Data Protection Regulation (GDPR). This role will hold regular monthly meeting with the Caldicott Guardian who is a member of the Trust Board, to highlight and discuss relevant issues.

Person Specification

Qualifications

Essential

  • Degree or equivalent 5 years' experience
  • Evidence of continual professional development

Experience

Essential

  • 2 years working in a similar environment
  • 5 years Information Governance/Security, Data Protection issues and IG Toolkit completion experience and knowledge
  • Proven evidence of using different electronic systems and to be able to use these to produce reports
  • Working in a Team in an office environment
Person Specification

Qualifications

Essential

  • Degree or equivalent 5 years' experience
  • Evidence of continual professional development

Experience

Essential

  • 2 years working in a similar environment
  • 5 years Information Governance/Security, Data Protection issues and IG Toolkit completion experience and knowledge
  • Proven evidence of using different electronic systems and to be able to use these to produce reports
  • Working in a Team in an office environment

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Surrey and Borders Partnership NHS Foundation Trust

Address

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Employer's website

https://www.sabp.nhs.uk/working-for-us (Opens in a new tab)


Employer details

Employer name

Surrey and Borders Partnership NHS Foundation Trust

Address

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Employer's website

https://www.sabp.nhs.uk/working-for-us (Opens in a new tab)


For questions about the job, contact:

Associate Director Records and Privacy

Charles Sant

charles.sant@sabp.nhs.uk

07958314193

Date posted

17 July 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£52,963 to £59,360 a year Incl. 5% Fringe HCAS, pa, pro rata.

Contract

Permanent

Working pattern

Full-time

Reference number

325-6430593-CORP

Job locations

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Supporting documents

Privacy notice

Surrey and Borders Partnership NHS Foundation Trust's privacy notice (opens in a new tab)