Go back
Kingston and Richmond NHS Foundation Trust

Deputy Head of Information Governance

The closing date is 22 March 2026

Apply for this job

Job summary

The Deputy Head of Information Governance provides expert leadership in data protection, FOI, information risk, and records management, supporting the Trust's compliance with UK GDPR and the Data Protection Act. The role requires deep specialist knowledge of IG legislation, the ability to interpret complex regulatory requirements, and the capability to advise, lead investigations, and manage statutory information requests. The post holder also leads IG staff, contributes to strategic IG planning, and supports DPIAs, DSPT compliance, and Trust-wide IG improvement initiatives.

Main duties of the job

  • Providing expert advice and operational delivery of all areas of IG including information sharing and transfer, legislation, training, FOI/EIR, Subject Access Requests, IG incidents, DPIAs and records management balancing between IG and operational requirements.
  • To manage the statutory information requests function of the IG Team, including FOI/EIR, SAR, information rights requests, etc
  • To produce the quarterly IG reports for IG committee, providing quality assurance, as well as appropriate insights and recommendations
  • To keep reviewed IG policies and Trust wide policies to ensure they align with the relevant data protection legislation and national standards.
  • The postholder will have delegated responsibility for managing and monitoring the IG department budget, including planning, forecasting, and authorising expenditure within agreed limits. They will ensure resources are used efficiently and contribute to financial planning for future service needs
  • Leads by example, with the ability to inspire confidence and respect within and external to the organisations.

Continued on attached JD...

About us

Developmentand staff wellbeing

Your growthand personal happinessmattersto us.After all, we can't expect the best from you if we don't invest in your development and nurture your wellbeing.From the moment you join us, we're committed to fostering your professional and personal development within a supportive, empowering environment. Whether you're just starting your career or looking to advance further, we provide you with the tools and opportunities you need to succeed.We actively support colleagues to take part in research, quality improvement and innovation, whatever their role or level in the organisation.

To support your wellbeing, we offer an extensive range of resources, including an on-site staff nursery at Kingston Hospital, wellbeing practitioners, regular wellbeing classes, dedicated staff physiotherapist, comprehensive occupational health services, 24/7 employee assistance programme, and a range of other support and activities.

We also take every opportunity to thank and recognise the work our teams do, through weekly 'shoutouts' and patient feedback, monthly and annual awards.

Wherever you work across our organisation, we look forward to welcoming you.

At KRFT we are committed to supporting flexible working arrangements. Applicants are encouraged to discuss any flexibility they may need during the recruitment process.

Details

Date posted

06 March 2026

Pay scheme

Agenda for change

Band

Band 8a

Salary

£61,631 to £68,623 a year pa pr incl HCAS (outer london)

Contract

Permanent

Working pattern

Full-time

Reference number

396-7791365-DE-DK-Z

Job locations

KRFT

Galsworthy Road

Kingston

KT2 7QB


Job description

Job responsibilities

***Please see the attached supporting document/s which contains more information about the role in the job description and person specification***

NB: ensure your supporting statement aligns with the job description and person specification, as your application will be assessed against these criteria.

Job description

Job responsibilities

***Please see the attached supporting document/s which contains more information about the role in the job description and person specification***

NB: ensure your supporting statement aligns with the job description and person specification, as your application will be assessed against these criteria.

Person Specification

Experience

Essential

  • In depth experience of delivering a full IG function across an organisation including information sharing and transfer, legislation, training, FOI, Subject Access and other individual rights requests, IG incidents, IG risk and records management.
  • Experience of developing and reviewing information sharing and transfer agreements
  • Experience of working with the Data Security & Protection Toolkit (DSPT)
  • Experience in review and assessment of Data Protection Impact Assessments
  • Experience of working as a Senior IG Officer, or Deputy Head of IG
  • Detailed knowledge of relevant corporate, professional and/or legal standards.
  • Excellent and in-depth knowledge of wide areas of IG legislation, concepts and practices. Can plan, schedule and monitor work, within set targets, for small dedicated teams.
  • Experience in handling IG security incidents and breaches.
  • Experience of staff management or can demonstrate ability to lead team members directly or indirectly.
  • Ability to work in a demanding environment.

Desirable

  • Experience of working with and across a number of agencies including the Information Commissioners' Office (ICO)
  • Experience of acting as the Trust's Privacy Officer, in undertaking regular audits of clinical system access to ensure access is justified and legitimate
  • Experience and knowledge of records management practices, particularly in the NHS
  • Experience and knowledge of NHS or social care

Education

Essential

  • First degree and/or equivalent experience

Desirable

  • IAPP accredited privacy qualification (CIPM, CIPP/E)
  • GDPR Practitioner Certificate

Skills and Knowledge

Essential

  • Knowledge of information governance legal and national regulatory requirements, including the General Data Protection Regulation and the Data Protection Act, Freedom of Information/Environmental Information Regulation and Access to Health Records Acts
  • Able to provide evidence of where you have demonstrated the Trust's Values and Behaviours
  • Able to demonstrate excellence in Customer Service and promotes partnership and collaborative working within teams
  • Able to meet the required IT Skills for the post
  • Draws rational and defensible conclusions, using appropriate information/ data and provides analysis in support of conclusions
  • Encourages rigour and provides critical challenge in determining outcomes
  • Undertakes robust risk and impact management
  • Awareness of, and collaborative working with, key decision makers across the Trust
  • Demonstrates accountability for decisions taken, by considering consequences, impacts and implications
  • Overcomes obstacles, and shows resilience in achieving desired
  • Makes best use of diverse talent, capabilities and technologies to achieve optimum results
  • Takes personal responsibility for team and organisational performance and practices
  • Resilient, sensitive and assertive with the wide variety of people and behaviours
  • Ability to communicate effectively both in writing and verbally

Desirable

  • Knowledge of confidentiality guidance (e.g. Caldicott Principles)
  • Able to respond and manage responses to concerns and requests around patient and staff records including organisational learning
Person Specification

Experience

Essential

  • In depth experience of delivering a full IG function across an organisation including information sharing and transfer, legislation, training, FOI, Subject Access and other individual rights requests, IG incidents, IG risk and records management.
  • Experience of developing and reviewing information sharing and transfer agreements
  • Experience of working with the Data Security & Protection Toolkit (DSPT)
  • Experience in review and assessment of Data Protection Impact Assessments
  • Experience of working as a Senior IG Officer, or Deputy Head of IG
  • Detailed knowledge of relevant corporate, professional and/or legal standards.
  • Excellent and in-depth knowledge of wide areas of IG legislation, concepts and practices. Can plan, schedule and monitor work, within set targets, for small dedicated teams.
  • Experience in handling IG security incidents and breaches.
  • Experience of staff management or can demonstrate ability to lead team members directly or indirectly.
  • Ability to work in a demanding environment.

Desirable

  • Experience of working with and across a number of agencies including the Information Commissioners' Office (ICO)
  • Experience of acting as the Trust's Privacy Officer, in undertaking regular audits of clinical system access to ensure access is justified and legitimate
  • Experience and knowledge of records management practices, particularly in the NHS
  • Experience and knowledge of NHS or social care

Education

Essential

  • First degree and/or equivalent experience

Desirable

  • IAPP accredited privacy qualification (CIPM, CIPP/E)
  • GDPR Practitioner Certificate

Skills and Knowledge

Essential

  • Knowledge of information governance legal and national regulatory requirements, including the General Data Protection Regulation and the Data Protection Act, Freedom of Information/Environmental Information Regulation and Access to Health Records Acts
  • Able to provide evidence of where you have demonstrated the Trust's Values and Behaviours
  • Able to demonstrate excellence in Customer Service and promotes partnership and collaborative working within teams
  • Able to meet the required IT Skills for the post
  • Draws rational and defensible conclusions, using appropriate information/ data and provides analysis in support of conclusions
  • Encourages rigour and provides critical challenge in determining outcomes
  • Undertakes robust risk and impact management
  • Awareness of, and collaborative working with, key decision makers across the Trust
  • Demonstrates accountability for decisions taken, by considering consequences, impacts and implications
  • Overcomes obstacles, and shows resilience in achieving desired
  • Makes best use of diverse talent, capabilities and technologies to achieve optimum results
  • Takes personal responsibility for team and organisational performance and practices
  • Resilient, sensitive and assertive with the wide variety of people and behaviours
  • Ability to communicate effectively both in writing and verbally

Desirable

  • Knowledge of confidentiality guidance (e.g. Caldicott Principles)
  • Able to respond and manage responses to concerns and requests around patient and staff records including organisational learning

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Kingston and Richmond NHS Foundation Trust

Address

KRFT

Galsworthy Road

Kingston

KT2 7QB


Employer's website

https://www.kingstonandrichmond.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Kingston and Richmond NHS Foundation Trust

Address

KRFT

Galsworthy Road

Kingston

KT2 7QB


Employer's website

https://www.kingstonandrichmond.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Information Governance

Madeleine Escott

m.escott@nhs.net

02085467711

Details

Date posted

06 March 2026

Pay scheme

Agenda for change

Band

Band 8a

Salary

£61,631 to £68,623 a year pa pr incl HCAS (outer london)

Contract

Permanent

Working pattern

Full-time

Reference number

396-7791365-DE-DK-Z

Job locations

KRFT

Galsworthy Road

Kingston

KT2 7QB


Supporting documents

Privacy notice

Kingston and Richmond NHS Foundation Trust's privacy notice (opens in a new tab)