Job summary
Join a passionate, forward-thinking team at Navigo as our newInformation Governance Compliance Lead. This vital role has opened tostrengthen our focus on data protection, compliance and integrity. You will leadIG assurance activities, oversee policies and audits, and work with nationalpartners to meet evolving legal standards. You will thrive in a collaborative,supportive team that values autonomy, impact and innovation while making adifference in mental health services.
Main duties of the job
As theInformation Governance Compliance Lead, you will play a key role in safeguardingdata integrity and ensuring our organisation meets national informationgovernance standards. With 2026 marking our first year of compliance with thenew Cyber Assessment Framework (CAF), you will lead preparations and ensure wemeet all requirements. You will also support compliance with the Data ProtectionAct, GDPR, and the DSPT. Working across teams, you will coordinate audits, managedata breaches, write and review policies, and deliver IG training. You will needexcellent communication, strong planning, and the ability to translate complexlegislation into practical action. This is a proactive, collaborative rolewhere you will make a real impact in a purpose-driven organisation.
About us
Hello!
Weare Navigo. We look after North East Lincolnshire's mental health andwell-being, an award-winning social enterprise that provides mental healthservices to the NHS and beyond.
Thewhole basis of our work is to deliver services that we would be happy for ourown family to use.
Weoffer a range of mental health services, including acute and communityfacilities as well as specialist support such as outstanding older adultsinpatient services, rehabilitation and recovery community mental health and anoutstanding specialist eating disorder facility.
Rankedas one of the top UK companies to work for, we feature in the Best Companiestop 100 large company list.
Asa social enterprise, we do things a little bit differently and have alsodeveloped income-generating commercially viable businesses that providetraining, education and employment opportunities including Grimsby GardenCentre.
Workingat Navigo is not like working anywhere else. Lots of places say that, but wereally mean it.
Welike to work with forward-thinking people who want to make a difference.
Comeand Join us !
Pleasenote: Whilst we value all applications, if we believe an application to be AIgenerated, we will use a checking tool and may reject any application that hasbeen automatically generated.
Shouldyou require any assistance in completing this application due to a disabilityor other needs please contact navigo.recruitment@nhs.net
Job description
Job responsibilities
To supportinformation governance (IG) compliance within the organisation, in conjunctionwith the wider information governance team.
Develop andmaintain the IG framework to ensure compliance with the NHS Data Security andProtection Toolkit (DSPT), Cyber Assessment Framework (CAF), and otherregulatory requirements.
Write,review, and update IG policies, ensuring alignment with legal, regulatory, andNHS standards.
Design anddeliver training to staff on data protection, confidentiality, and recordsmanagement, to ensure compliance with IG policies.
Oversee databreach investigations and reporting to relevant authorities (e.g., the ICO) andupdating the SIRO on progress of investigations.
Conductinternal audits and risk assessments to identify and mitigate IG risks.
Act as theprimary point of contact with NHS Digital, regulators, and partners regardingIG matters.
Provideevidence for CAF and DSPT compliance, particularly as an operator of essentialservices.
Toline manage identified staff, ensuring that all enquiries and incidents aredealt with effectively and responsively.
Job description
Job responsibilities
To supportinformation governance (IG) compliance within the organisation, in conjunctionwith the wider information governance team.
Develop andmaintain the IG framework to ensure compliance with the NHS Data Security andProtection Toolkit (DSPT), Cyber Assessment Framework (CAF), and otherregulatory requirements.
Write,review, and update IG policies, ensuring alignment with legal, regulatory, andNHS standards.
Design anddeliver training to staff on data protection, confidentiality, and recordsmanagement, to ensure compliance with IG policies.
Oversee databreach investigations and reporting to relevant authorities (e.g., the ICO) andupdating the SIRO on progress of investigations.
Conductinternal audits and risk assessments to identify and mitigate IG risks.
Act as theprimary point of contact with NHS Digital, regulators, and partners regardingIG matters.
Provideevidence for CAF and DSPT compliance, particularly as an operator of essentialservices.
Toline manage identified staff, ensuring that all enquiries and incidents aredealt with effectively and responsively.
Person Specification
Qualifications
Essential
* Educated to Degree Level or equivalent demonstrable experience in Information Governance
* Specialist qualification in Information Governance / Data Protection or equivalent demonstrable experience
Desirable
* Recognised qualification or experience in project management or equivalent
Experience
Essential
* Writing and implementing policy and strategy documents.
* Investigating possible breaches of compliance and experience of identifying issues and problem solving
* Being flexible and adaptable at work in order to meet competing priorities
* Ability to work independently; The ability to work autonomously and interpret available standards and legislation, e.g. GDPR, Records Management Code of Practice, Data Security & Protection Toolkit
Desirable
* Personally leading change & improvement programmes with a range of staff
* Producing and delivering appropriate training to staff
Additional Criteria
Essential
* Advanced keyboard skills and advanced user of Microsoft Office, including Outlook, Word, Excel, PowerPoint, Teams, Planner, Forms.
Knowledge
Essential
* Excellent understanding of Data Protection Legislation
* Understanding of the use of Data Protection Impact Assessments
Desirable
* Knowledge and understanding of privacy by design principles
Person Specification
Qualifications
Essential
* Educated to Degree Level or equivalent demonstrable experience in Information Governance
* Specialist qualification in Information Governance / Data Protection or equivalent demonstrable experience
Desirable
* Recognised qualification or experience in project management or equivalent
Experience
Essential
* Writing and implementing policy and strategy documents.
* Investigating possible breaches of compliance and experience of identifying issues and problem solving
* Being flexible and adaptable at work in order to meet competing priorities
* Ability to work independently; The ability to work autonomously and interpret available standards and legislation, e.g. GDPR, Records Management Code of Practice, Data Security & Protection Toolkit
Desirable
* Personally leading change & improvement programmes with a range of staff
* Producing and delivering appropriate training to staff
Additional Criteria
Essential
* Advanced keyboard skills and advanced user of Microsoft Office, including Outlook, Word, Excel, PowerPoint, Teams, Planner, Forms.
Knowledge
Essential
* Excellent understanding of Data Protection Legislation
* Understanding of the use of Data Protection Impact Assessments
Desirable
* Knowledge and understanding of privacy by design principles
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer details
Employer name
Navigo Health and Social Care CIC
Address
Navigo House, 3-7 Brighowgate
Hybrid of Office/working from home
Grimsby
DN32 0QE
Employer's website #J-18808-Ljbffr