Information Governance & Compliance Officer
Closing date: 30 April 2026
Play a key role in Information Governance within a growing NHS-commissioned mental health provider – with the autonomy to contribute and the support to succeed.
Are you an experienced Information Governance professional looking for a role where you can make a meaningful contribution?
As we continue to grow, we are investing in a dedicated IG professional to strengthen our compliance function. Working closely with our CITO/SIRO and external DPO, you will take genuine responsibility for delivering day‑to‑day IG activity – including DPIAs, NHS compliance requirements, and direct engagement with NHS bodies, suppliers, and regulators.
This is an opportunity to take responsibility for your own workstreams, contribute to organisational compliance, and develop your expertise within a well‑structured and evolving governance framework.
Main duties of the job
* Lead and deliver Data Protection Impact Assessments (DPIAs)
* Maintain and update the DPIA register, ensuring timely review and completion
* Provide specialist input into information rights requests, particularly complex or sensitive cases
* Draft and review IG policies, procedures, and documentation in line with current legislation, incl. maintaining the Record of Processing Activities (RoPA) and Information Asset Register (IAR)
* Lead and coordinate the DSP Toolkit submission cycle, maintaining evidence through the year rather than treating it as an annual exercise
* Monitor guidance from NHS Digital, ICO, and regulatory bodies, highlighting changes
* Support data breach and incident management, particularly higher‑risk cases
* Provide IG support to research projects and data‑related initiatives, including defining lawful bases, supporting DPIA completion, and advising on patient‑facing documentation
* Proactively engage with NHS IG teams, ICO, system suppliers, and external partners to gather information, resolve compliance questions, and build the evidential picture needed to support organisational decisions – this is an expectation of the role, not an exception
* Act as a point of contact for staff IG queries and advice and play an active role in developing and refining our information governance approach as the organisation evolves.
For a full breakdown of roles and responsibilities, please refer to the supplementary Job Description document available with this advert.
About us
Mental Health and Wellbeing Services Ltd (MHWS) is a growing, CQC-regulated provider of NHS-commissioned and private mental health services, based in Shrewsbury, Shropshire. Led by Dr Wasi Mohamad (Consultant Psychiatrist) and Sabeen Mohamad (Psychotherapist), our team of skilled and caring practitioners delivers a holistic approach to mental health and well‑being across a range of specialisms, including neuro‑developmental assessment and treatment pathways for ADHD and ASD.
We are friendly, committed, and hardworking and we believe that looking after our staff is inseparable from delivering excellent patient care. As we continue to grow and develop our services, we are investing in the people and the governance infrastructure that underpin safe, high‑quality care.
What We Offer
* Flexible working – hybrid approach with some remote working options
* Part‑time role – 22.5 hours per week (3 days)
* Supportive leadership structure – direct access to CITO (SIRO) and external DPO
* Autonomy with support – lead your own workstreams with expert oversight available
* Professional development – opportunity to deepen expertise across healthcare IG frameworks
* Meaningful work – contribute directly to safeguarding patient data across private and NHS‑commissioned mental health services
* Private healthcare – optional private healthcare on offer
Job responsibilities
This role sits within MHWS' Information Governance function, working directly alongside the CITO (who also holds the SIRO designation) and our external Data Protection Officer. The post‑holder will take genuine ownership of day‑to‑day IG activity – proactively managing workstreams, driving DPIA completion, and directly engaging with NHS bodies, suppliers, and regulators to keep our compliance position accurate and current.
This is not an isolated role. The CITO/SIRO provides experienced oversight and is readily accessible for guidance and escalation, and the external DPO remains available for specialist input on higher‑risk matters. The post‑holder will not be expected to navigate complex or novel situations alone – but they will be expected to arrive at those conversations with a developed position, having already taken the initiative to progress the matter as far as possible.
The role is part‑time (22.5 hours per week, 3 days) and is offered on a permanent basis, with some flexibility for hybrid working. For a full breakdown of responsibilities, please refer to the supplementary Job Description document.
Knowledge and Skills
* Strong working knowledge of UK GDPR, Data Protection Act 2018 and NHS data security standards
* Ability to work independently and drive IG workstreams
* Excellent written and verbal communication skills
* Strong organisational skills and ability to manage multiple priorities
* Confidence engaging with internal and external stakeholders
* Comfortable working with limited peer support in the immediate IG function, with clear escalation to CITO/SIRO and external DPO when needed
* Knowledge of NHS digital systems and data flows
* Understanding of research governance frameworks
* Experience interpreting regulatory guidance and applying it operationally
Qualifications
* Relevant qualification or demonstrable experience in Information Governance and Data Protection
* BCS Certificate in Data Protection, ISEB, or equivalent
* IG‑specific or NHS governance training
Experience
* Experience working in an NHS or healthcare IG role
* Hands‑on experience completing or supporting DPIAs
* Experience managing or contributing to data breach and information rights processes
* Experience engaging with NHS bodies, suppliers, or regulators
* Experience with DSP Toolkit submissions or evidence collection
* Experience supporting research governance
* Experience with clinical systems (e.g. EMIS Web)
* Familiarity with NHS national programmes (NDOP, MHSDS, etc.)
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer name
Mental Health and Wellbeing Services Ltd
#J-18808-Ljbffr