Information Governance & Information Security Manager

Surrey and Borders Partnership NHS Foundation Trust

Information:

This job is now closed

Job summary

The role of the Information Governance and Information Security Manager provides the organisation with independent, risk-based advice to support decision-making based on the Principles and Rights, laid down in the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The role also keeps the organisation safe with regards to Information Governance and Security and leads compliance with the Freedom of Information Act. This is a management role, responsible for a team of information governance officers.

Main duties of the job

This role would suit someone who has the capability to work within a changing environment and be able to work with internal or external stakeholders. The person will be responsible for managing the Information Governance and Information Security agenda within the Trust, bringing together and prioritising work on initiatives including Data Protection, Information Security and Freedom of Information in a consistent way. Key objectives for the post-holder will be to raise awareness of Information Governance and Security and the understanding of why it matters across all staff groups in the Trust.

About us

Surrey and Borders Partnership NHS Foundation Trust is the leading provider of health and social care services for people of all ages with mental ill-health, substance mis-use, and learning disabilities in Surrey and North East Hampshire.

We actively seek to engage people who use our services and our communities in improving the mental wellbeing of the local population. We work closely with other NHS and voluntary sector organisations who provide services and support people who use services and carers.

Surrey is a beautiful county lying just 30 minutes away from Central London and from the South Coast.

Our historic market towns and bustling districts are enveloped in wonderful countryside, and our excellent road and rail networks bring the rest of the country within easy reach.

For international travel, both Gatwick and Heathrow airports are nearby.

Please note that we reserve the right to close posts as soon as sufficient applications are received.

Eligibility to high cost area supplement is conditional upon candidates residence and will be discussed on offer.

We look forward to receiving your application!

Date posted

28 October 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£55,877 to £62,626 a year Incl. 5% Fringe HCAS, pa, pro rata.

Contract

Permanent

Working pattern

Full-time

Reference number

325-6755700-CORP

Job locations

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Job description

Job responsibilities

Key Responsibilities

  • Responsible and accountable on a day-to-day basis for information governance work in the Trust. Responsible for ensuring compliance with the NHS Code of Practice, Data Protection Act and Common Law Duty of Confidentiality.
  • Manage and coordinate projects required for implementation of information governance and information security across the Trust.
  • Establish, maintain, and monitor the required security levels for accessing data held on both manual and electronic system records ensuring compliance with Data Protection Act and Caldicott recommendations.
  • Support and advise the Trust's Data Protection Officer with their duties of ensuring that patient and staff rights are protected.
  • Act as the subject matter expert for information governance in supporting the Caldicott Guardian, the SIRO (Senior Information Risk Owner) and Associate Director of Records and Privacy on matters relating to national legislation and best practice.
  • Support the SIRO and Associate Director of Records and Privacy on the development of strategies, policies and guidance to promote and develop best practices as defined by the NHS Data Security and Protection Toolkit (DSPT) and to comply with national legislation.
  • Shape and lead the Trusts Information Governance team, managing the Trusts information governance annual assessment, work programme and action/improvement plans in line with the Trusts information governance strategy and policy and the evolving requirements of the DSPT.
  • Provide information governance advice within the Trust where service developments, changes, or closure of services may impact on compliance to legislation and national policy.
  • Work with other providers, such as health, social services, police etc. to comply with any lawful information governance requirements.
  • Ensure compliance with UK GDPR 2016and Data Protection Act 2018 and any other legal/national requirements.
  • Provide information security and Electronic Patient Record privacy support and advice to the Trust; Lead on ensuring compliance and conformance with the legal and regulatory framework covering information security and privacy and relevant DSPT requirements.
  • Co-ordinate the necessary response and resolution activities following a suspected or actual data security incident or breach.
  • Continuously assess, audit and review, any shortfalls with current security measures compared to the levels required at a policy level thus highlighting deficiencies for remedial action.
  • Provide regular briefings to the Associate Director of Records and Privacy prior to meetings of the Information Governance Steering Group (IGSG) or similar group/board on the effectiveness of information security and privacy functions.
  • Contribute to decision making and carry through decisions made by the IGSG or other relevant group/boards or the Trust Board.
  • Maintain currency with information security and security technologies and coordinate with cyber colleagues as needed to enable measures to be implemented where and when necessary/desirable.
  • Responsible for reporting accurate figures on Information Governance training. This requires a very high level of accuracy to ensure the DSPT target is met.
  • Oversee the Trust compliance with the Freedom of Information Act 2000 so that all FOIA requests are processed within the legal timescales.
  • Provide specialist expert advice and support to the Trusts Senior Information Risk Owner (SIRO) ensuring delivery of the SIROs annual work programme showing compliance with the NHS Digital Information Risk Management standards.
  • Head the IG team with management of IG staff, ensuring budgetary resources are used effectively.

Tasks

  • Own the pipeline on Data Protection Impact Assessments (DPIAs) and Data Sharing Agreements (DSAs.)
  • Manage the Information Asset Register.
  • Coordinate engagement with Information Asset Owners ensuring their services and electronic systems are compliant with information governance standards and risk-assessed annually and fed into the Annual Trust Board SIRO assurance statement.
  • Provide ad hoc advice and support on IG and IS matters.
  • Ensures that all staff have appropriate IG training.
  • Escalate to the DPO whenever breaches are discovered.
  • Manage internal Data Protection activities by close liaison with senior clinical and non-clinical colleagues to enable and support both operational and strategic decision-making.
  • Conduct internal audits and privacy reports.
  • Deputise for the Associate Director of Records and Privacy and the Data Protection Officer when necessary.
  • Provide additional support to the AD Records and Privacy / DPO for contact with the Information Commissioners Office and provide advice on complex Data Protection issues, procurement decisions, Information / Cyber Security, and Information Sharing.
  • Coordinate with the Head of Records and the Records Management team leader on common issues.
  • Actively engage with local and regional forums and webinars, ensuring ongoing personal development and knowledge of Data Protection law, issues, and developments.
  • Coordinate and prioritise the work and meetings of the IG Team.
  • Supervise and support staff wellbeing and development in line with the Trusts appraisal policy.

Job description

Job responsibilities

Key Responsibilities

  • Responsible and accountable on a day-to-day basis for information governance work in the Trust. Responsible for ensuring compliance with the NHS Code of Practice, Data Protection Act and Common Law Duty of Confidentiality.
  • Manage and coordinate projects required for implementation of information governance and information security across the Trust.
  • Establish, maintain, and monitor the required security levels for accessing data held on both manual and electronic system records ensuring compliance with Data Protection Act and Caldicott recommendations.
  • Support and advise the Trust's Data Protection Officer with their duties of ensuring that patient and staff rights are protected.
  • Act as the subject matter expert for information governance in supporting the Caldicott Guardian, the SIRO (Senior Information Risk Owner) and Associate Director of Records and Privacy on matters relating to national legislation and best practice.
  • Support the SIRO and Associate Director of Records and Privacy on the development of strategies, policies and guidance to promote and develop best practices as defined by the NHS Data Security and Protection Toolkit (DSPT) and to comply with national legislation.
  • Shape and lead the Trusts Information Governance team, managing the Trusts information governance annual assessment, work programme and action/improvement plans in line with the Trusts information governance strategy and policy and the evolving requirements of the DSPT.
  • Provide information governance advice within the Trust where service developments, changes, or closure of services may impact on compliance to legislation and national policy.
  • Work with other providers, such as health, social services, police etc. to comply with any lawful information governance requirements.
  • Ensure compliance with UK GDPR 2016and Data Protection Act 2018 and any other legal/national requirements.
  • Provide information security and Electronic Patient Record privacy support and advice to the Trust; Lead on ensuring compliance and conformance with the legal and regulatory framework covering information security and privacy and relevant DSPT requirements.
  • Co-ordinate the necessary response and resolution activities following a suspected or actual data security incident or breach.
  • Continuously assess, audit and review, any shortfalls with current security measures compared to the levels required at a policy level thus highlighting deficiencies for remedial action.
  • Provide regular briefings to the Associate Director of Records and Privacy prior to meetings of the Information Governance Steering Group (IGSG) or similar group/board on the effectiveness of information security and privacy functions.
  • Contribute to decision making and carry through decisions made by the IGSG or other relevant group/boards or the Trust Board.
  • Maintain currency with information security and security technologies and coordinate with cyber colleagues as needed to enable measures to be implemented where and when necessary/desirable.
  • Responsible for reporting accurate figures on Information Governance training. This requires a very high level of accuracy to ensure the DSPT target is met.
  • Oversee the Trust compliance with the Freedom of Information Act 2000 so that all FOIA requests are processed within the legal timescales.
  • Provide specialist expert advice and support to the Trusts Senior Information Risk Owner (SIRO) ensuring delivery of the SIROs annual work programme showing compliance with the NHS Digital Information Risk Management standards.
  • Head the IG team with management of IG staff, ensuring budgetary resources are used effectively.

Tasks

  • Own the pipeline on Data Protection Impact Assessments (DPIAs) and Data Sharing Agreements (DSAs.)
  • Manage the Information Asset Register.
  • Coordinate engagement with Information Asset Owners ensuring their services and electronic systems are compliant with information governance standards and risk-assessed annually and fed into the Annual Trust Board SIRO assurance statement.
  • Provide ad hoc advice and support on IG and IS matters.
  • Ensures that all staff have appropriate IG training.
  • Escalate to the DPO whenever breaches are discovered.
  • Manage internal Data Protection activities by close liaison with senior clinical and non-clinical colleagues to enable and support both operational and strategic decision-making.
  • Conduct internal audits and privacy reports.
  • Deputise for the Associate Director of Records and Privacy and the Data Protection Officer when necessary.
  • Provide additional support to the AD Records and Privacy / DPO for contact with the Information Commissioners Office and provide advice on complex Data Protection issues, procurement decisions, Information / Cyber Security, and Information Sharing.
  • Coordinate with the Head of Records and the Records Management team leader on common issues.
  • Actively engage with local and regional forums and webinars, ensuring ongoing personal development and knowledge of Data Protection law, issues, and developments.
  • Coordinate and prioritise the work and meetings of the IG Team.
  • Supervise and support staff wellbeing and development in line with the Trusts appraisal policy.

Person Specification

Qualifications

Essential

  • Degree or equivalent 5 years' experience
  • Evidence of continual professional development

Experience

Essential

  • 2 years working in a similar environment
  • 5 years Information Governance/Security, Data Protection issues and IG Toolkit completion experience and knowledge
  • Proven evidence of using different electronic systems and to be able to use these to produce reports
  • Working in a Team in an office environment
Person Specification

Qualifications

Essential

  • Degree or equivalent 5 years' experience
  • Evidence of continual professional development

Experience

Essential

  • 2 years working in a similar environment
  • 5 years Information Governance/Security, Data Protection issues and IG Toolkit completion experience and knowledge
  • Proven evidence of using different electronic systems and to be able to use these to produce reports
  • Working in a Team in an office environment

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Surrey and Borders Partnership NHS Foundation Trust

Address

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Employer's website

https://www.sabp.nhs.uk/working-for-us (Opens in a new tab)


Employer details

Employer name

Surrey and Borders Partnership NHS Foundation Trust

Address

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Employer's website

https://www.sabp.nhs.uk/working-for-us (Opens in a new tab)


For questions about the job, contact:

Associate Director Records and Privacy

Charles Sant

charles.sant@sabp.nhs.uk

07958314193

Date posted

28 October 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£55,877 to £62,626 a year Incl. 5% Fringe HCAS, pa, pro rata.

Contract

Permanent

Working pattern

Full-time

Reference number

325-6755700-CORP

Job locations

18 Mole Business Park

Randalls Road

Leatherhead

KT22 7AD


Supporting documents

Privacy notice

Surrey and Borders Partnership NHS Foundation Trust's privacy notice (opens in a new tab)