Job Description
Part time IRO (Permanent contract, 3 days per week – flexibility with working pattern)
Remote (very occasional on-site visits may be required)
Background
HEFESTIS is a not-for-profit shared service organisation, jointly owned by member institutions across the UK university and college sector. Our core vision is "to be the shared service partner of choice for sustainably delivering information and change management services across the UK Further and Higher Education sectors".
HEFESTIS has established a successful Data Protection Service, providing Data Protection Officer (DPO) and Information Rights Officer (IRO) to members on a shared service basis. DPO’s provide an advisory service to support our members with their data protection compliance requirements, while IRO’s deliver on-the-ground administrative assistance to facilitate this. The Team works together for our members to reduce the risks associated with regulatory action. The Data Protection Service is continuing to expand and currently consists of eleven staff from a variety of backgrounds including records management and information governance, providing a wealth of knowledge and expertise in data protection. We work together remotely, providing a peer network of support, allowing individuals to grow professionally as well as providing an effective and resilient resource for our members.
The role
We are looking to recruit an Information Rights Officer to meet the needs of our member institutions. You will be an efficient administrator who has strong stakeholder engagement skills, excellent attention to detail and a passion for data protection and compliance. You will work closely with an experienced HEFESTIS DPO with a reporting line to an appropriate member of the senior management team at the Member institution as well as to the HEFESTIS Head of Service. You will be expected to work from home in this role.
As an Information Rights Officer at HEFESTIS you will be responsible for supporting the day-to-day administration of the data protection regime across our member institution(s), from co-ordinating, collating and recording of data subject requests, maintaining data incident and breach logs, redacting documents for review prior to release and acting as an ambassador for compliance with data protection policies and procedures.
This role offers the benefits of being part of a knowledgeable, experienced, and well-respected data protection team while working directly with one of our DPO’s providing opportunities for on-the-job learning and development.
The key aspects of this role include but are not limited to:
* Supporting staff to fulfil and respond to data subject rights requests including subject access requests (SAR’s) in a timely and appropriate manner.
* Maintaining data protection records, including logs for SARs and other data subject requests, data security incidents/breaches, data protection impact assessments (DPIA’s) and Freedom of Information requests (FOISA).
* Supporting compliance with policies, processes, and procedures throughout the member organisation with day-to-day management of the data protection regime.
* Engaging with key stakeholders to promote data protection best practice and a culture of compliance across institutions. This will include support to different departments, under the direction of the DPO or Institutional lead.
* Supporting the DPO to respond to day-to-day requests for advice from across institutions and provide timely and accurate responses.
* Supporting the DPO and institutions with any investigations resulting from data incidents or breaches, collecting, and analysing information, making recommendations, and supporting remediation as required.
* Assisting the DPO to maintain a scheduled program of work to support compliance with all regular data protection activity, including but not limited to reviewing policies, processes, procedures, and privacy notices, supporting staff to complete, and contributing to data protection impact assessments (DPIA’s), legitimate interest assessments (LIA’s) and record of processing activity (ROPA).
* Participating in audit and compliance activities to identify areas requiring improvement and highlight good practice.
* Providing support to institutions responding to freedom of information requests (FOISAs).
The Person
This role would suit someone who already has experience in a compliance analyst role or with a data protection administration background. You should be highly organised, reliable, motivated, and looking to pursue a career in data protection compliance. The post holder must be able to work as part of the HEFESTIS Data Protection Service, engaging with the team regularly. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels within your institution(s) as well as other stakeholders.
As such, candidates will be required to demonstrate capability and experience in the following areas:
Experience and Skills:
* Experience of data protection administration including handling subject access requests and maintaining records is essential.
* A strong background in data protection, information governance and/or records management is essential, preferably with a recognised qualification.
* Experience of engaging with and managing stakeholders.
* A genuine passion for data protection.
* Experience of participating in audits and compliance activity would be beneficial.
* An understanding of the Higher and Further Education sector would be beneficial.
* Experience of working in or with the public sector.
Personal
* Excellent verbal and written communication skills.
* Highly organised.
* Attention to detail.
* Sound judgement.
* Ability to establish and maintain a high degree of confidentiality.
Terms
* Part time IRO (Permanent contract, 3 days per week) flexibility with working patterns
* Competitive Salary: £24K - £32K per annum which will be prorated for part time hours.
* Annual leave: 26 days annual leave plus 14 fixed/floating days per annum pro-rated for part-time hours.
* Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts.
How to Apply
Applications should be made by forwarding your CV and covering letter outlining why you would like to work for HEFESTIS. Closing date for applications is 15th September 2025. Interviews will be held virtually via Microsoft Teams on 25th or 26th September 2025.