Employer Ashford and St. Peter's Hospitals NHS Foundation Trust Employer type NHS Site St Peter's Hospital Town Chertsey Salary WCP Request Closing 30/11/2025 23:59 Interview date 09/12/2025
Information Governance Manager
Band 7
Job overview
The postholder will
* Lead on all aspects of Information Governance
* Assume the role of Data Protection Officer and Privacy Officer for the Trust (DPO / PO)
* Be responsible for the Freedom of Information function (FOI)
* Be Responsible for co-ordinating the submission of the Data Security and Protection Toolkit (DSPT)
Main duties of the job
To have made an effective contribution to achieving the Trust’s vision, strategic objectives and key work programmes by:
* Leading on developing strategy, policy, and guidance to promote and develop ‘best practice’ as defined by the Data Security and Protection Toolkit and to comply with all relevant legislation.
* Leading on service improvements to the Information Governance service provided to the Trust, including but not limited to, manager training, documentation development and process improvement.
* Acting as source of expertise on Information Governance issues, legislation and local policies and procedures.
* Taking responsibility for the management of Freedom of Information requests.
* Producing and coordinating regular reports for the Information Governance Steering Group, appropriate internal Digital Services meetings and the Executive/Trust Boards.
* Acting as the Privacy Officer, receiving and investigating SCR notifications.
* Acting as the Data Protection Officer, providing support, advice and assurance of compliance across the Trust. At a high level, the key result area is to ensure that the organisation can demonstrate compliance with all the requirements of the DPA 2018, the GDPR and the FOIA 2000 through the annual submissions of the Data Security and Protection Toolkit.
Working for our organisation
Ashford and St. Peters Hospitals NHS Foundation Trust serves a population of more than 410,000 people living in North-West Surrey, parts of Hounslow and beyond.
Over 3,700 highly trained doctors, nurses, midwives, therapists, healthcare scientists and other support staff make up our workforce, providing a wide range of services across our two hospital sites, Ashford, Surrey and St Peter's, Chertsey, Surrey.
We also run many specialist clinics in the community and local community hospitals and other healthcare facilities.
Our vision is to be one of the best healthcare Trusts in the country. There has never been a better time to join us in the NHS at ASPH. We are committed to providing continuous professional development and flexibility to shape our workforce around our patient care.
We are expanding our theatres at Ashford Hospital and moving towards this becoming our dedicated elective centre. We want to create a state-of-the-art centre for excellence for planned surgical procedures.
We can offer you the full range of NHS benefits/discounts and in addition:
* Excellent pension scheme and annual leave entitlement
* On-site Nurseries
* On-site staff cafes
* On-site parking
* Salary Sacrifice schemes including wage stream, lease cars, Cycle to Work schemes and home electronics
Adverts may close early, so applicants are encouraged to submit an application as soon as possible.
Detailed job description and main responsibilities
Expertise and Advice
* To act as a source of expertise on Information Governance issues to all relevant areas of the Trust including but not limited to: Executive Board, Business Centres and the Information Services Team.
* Advise on Information Governance issues, and in particular Information Security, Data Protection and Freedom of Information, that arise with transformation or systems development to ensure best practice is adhered to.
* To provide advice and support in the investigation and management of Information Governance incidents including national reporting and incident-management for more serious cases as appropriate.
* To work with and support the Trust leads for other aspects of Information Governance ensuring the Trust works towards the highest possible attainment level for data security and protection governance standards as evidenced by the Data Security and Protection Toolkit.
* Work proactively with operational managers and other stakeholders to ensure that the Trust’s information governance processes meet the business requirements of the organisation.
* Responsibility for developing Trust procedures and processes relating to all areas of Information Governance, in particular those covering record keeping, records transfer, information security and information sharing.
* In collaboration with the Head of Digital Infrastructure and Cyber security colleagues, to examine and advise on all aspects of computer security policies including logon procedures, password setting and ageing and all other relevant matters covered in Best Practice Guides.
* To maintain an up to date knowledge of new developments in Data Protection legislation and related provisions.
* Continue to maintain specialist knowledge in the field of Information Governance, keeping up to date with any changes and recommended good practice and to be responsible for keeping abreast of new government initiatives and requirements relating to IG.
* To provide advice and guidance on rights for data subjects and ensure that the Trust’s privacy notice is regularly reviewed and updated.
* To manage Data Subject Access Requests for information outside the medical record eg. Police, Department of Health & Social Care, Coroners, Surrey County Council, Social Services, Safeguarding, staff members / ex-staff members, patient complaints, ICO complaints, solicitors etc.
Leadership and Managerial
* To assume the role of the Data Protection Officer (DPO), reporting directly to the Trust Board in matters relating to data protection assurance and compliance. The DPO acts under contract to the Trust and must not receive specific direction from any other staff member. Their responsibilities are:
* To provide support, advice, and assurance of compliance across the Trust.
* To maintain expert knowledge of data protection law and practices and how they apply to the business of the Trust.
* To be the first point of contact within the Trust for all data protection matters.
* To support programmes and initiatives that involve the development of new or innovative information processes on the need for data protection impact assessments (DPIAs), data sharing agreements (DSAs), and data processing agreements (DPAs).
* To support and advise programmes and initiatives in conducting data protection impact assessments, and to assure the proposed mitigations.
* To consult with the Information Commissioner’s Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations.
* To ensure that the IG team operates effectively in supporting these functions.
* To take account of the risks associated with processing in the performance of his or her tasks.
* Provision of specialist advice to the organisation on compliance obligations.
* Provision of advice to projects and business change initiatives on when data protection impact assessment is required.
* Development of materials to support staff in conducting data protection impact assessment, and system implementations.
* To be the first point of contact for the ICO.
* To cooperate with the ICO in any matters relating to data protection compliance including provision of evidence of compliance, and in relation to breach management.
* To be the Privacy Officer (PO) receiving and investigating SCR notifications.
* To be the Trust’s lead for Data Protection, working closely with the Trust’s Caldicott Guardian.
* Lead on the Trust’s Caldicott Assurance Plan.
* To ensure that Information Governance responsibilities and accountabilities are defined, communicated and acted upon.
* Lead on the Information Security Assurance Plan.
* Develop and maintain currency of the Trust’s Freedom of Information (FOI) publication scheme.
* Manage the FOI administrator ensuring they are appraised on a regular basis, including weekly 1-2-1 meetings.
* To be responsible for all FOI requests received by the Trust, signing off before responses are sent out and advising on use of legal exemptions.
* Manage appeals and internal reviews against decisions to refuse FOI requests.
Reporting
* Responsible for managing the Data Security and Protection Toolkit within the Trust, controlling user access, reminding contributors of deadlines, providing relevant training, advising on suitability of evidence and signing off evidence before submission, working with the auditor to ensure compliance with a subset of DSPT requirements. Report risks, issues and incidents to the Information Governance Steering Group.
* Attend meetings of the Trust Information Governance Steering Group and deliver progress reports on improvement to the Information Governance service.
* To co-ordinate all statutory and external audits of Information Governance.
* To act as Privacy Officer for the Trust conducting proactive and reactive audits for user access to Evolve, Cerner EPR, BadgerNet, TVS Surrey Care Record (SyCR), National Care Records Service (NCRS) etc.
* To carry out quarterly unannounced spot checks in order to measure the Trust’s compliance with national and local Information Governance standards.
* In conjunction with IT colleagues to investigate, manage and report cyber incidents.
* Responsibility for maintaining the Trust’s notification registration with the Information Commissioner and inform all relevant locations of the details of registration and what the responsibilities are within it.
* Liaise directly with the Information Commissioner’s Office as required.
* Produce an annual report and action plan on Information Governance in the Trust for the Trust’s Audit Committee.
Service Improvement and Training
* To be responsible for delivery of the Information Governance Improvement/Action Plan and co-ordinate the annual audit to confirm and score compliance.
* To co-ordinate and ensure delivery of an improvement plan to ensure compliance with data security and protection standards and relevant legislation.
* Lead the development and roll out of training programmes to managers and staff to support Information Governance, ensuring all members of the organisation are aware of and appreciate the importance of information governance and accept their responsibility for its delivery.
* Lead on the development of Information Governance documentation, including templates, document formats used, e.g. word documents versus Webforms.
* Lead on the continuous improvement of Information Governance processes and SOPs, to deliver earlier thought of IG within change initiatives and procurements and faster turnaround of high quality documents from clinical and operational colleagues.
Communications and Engagement
* To work closely with colleagues in similar posts in partner organisations across the Local Health economy to ensure the delivery of Information Governance across all organisations.
* Maintain the Trust Information Governance section of the intranet and internet.
* To manage the Information Governance mailbox, the Caldicott mailbox and the Police Liaison mailbox.
General responsibilities
* To support the department and organisation by carrying out any other duties that reasonably fit within the broad scope of a job of this grade and type of work.
Person specification
Qualifications
* Degree in related information subject or evidence of professional training of an equivalent standard or equivalent experience in the field
Experience
* Good understanding of the NHS Information Governance agenda and toolkit
* Experience of working within the NHS
Knowledge
* Working knowledge of the Data Security and Protection Toolkit, Data Protection Act 2018, General Data Protection Regulation (GDPR) and Freedom of Information Act 2000
Employer certification / accreditation badges
The postholder will have access to vulnerable people in the course of their normal duties and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.
#J-18808-Ljbffr