HealthJobsUK

Swydd ddisgrifiad a phrif gyfrifoldebau manwl

As a Senior Information Governance Officer, you will:

·       Be responsible for the production an annual delivery plan and any associate regular reports identifying the organisations progress against the DSP Toolkit as necessary, any risks to compliance, statistical progress against the training requirements and identification of areas for improvement, within agreed timescales ensuring that key performance indicators are consistently achieved.

·       Be responsible for ensuring that any reports, papers, including relevant cover sheets, are prepared, and submitted in a timely manner for any meetings at which the IG Team service will be represented or discussed.

·       Assist with the investigation of IG breaches, including advising on the completion of RCAs, identifying immediate mitigating actions, escalation to the IG Consultant where required and assisting with further reporting to the ICO/DSPT/NHSE for breaches identified as significant and reportable.

·       Assist with investigations for all levels of breaches including those which are not reportable to the supervisory authority. To provide a response and action plan to all IG breaches which is agreeable with the ML teams and/or customer and oversee the actions through to completion.

·       Undertake an annual review (or adhoc as required) of Information Governance Policies and Procedures, in line with the Toolkit requirements and changes in legislation or national best practice within the year to ensure that they remain relevant and fit for purpose whilst reflecting local requirements including strengthening procedures where data breaches have occurred.

·       Assist in undertaking a review of IG policies and procedures to ensure IG compliance.

·       Provide specific advice and guidance to projects and carry out the initial review and completion of Data Protection Impact Assessments and Data Sharing/Processing Agreements, providing Information Governance Consultant with the recommendations on whether to send on to Caldicott Guardians and SIROs for approval and the rational for that decision.

·       Ensure the IG call management system is kept up to date, providing administrative support to the Information Governance Consultant with this where necessary.

·       Include within breach action plans and work closely with teams and make recommendations where breaches identify a need for:

- Process Change

- Staff Briefings

- Training

- Information Asset Registers/Data Flows to be updated

- Absence/Update of contracts/agreements

- Third party contract management

·       Link directly with the organisation IT services as appropriate to ensure that all CareCERT notifications are acted upon and that where required, plans are put in place to ensure that the implementation of any relevant changes are undertaken in a timely manner by the relevant services.

·       Be responsible for the day-to-day implementation of the Information Risk Work Program.

·       Following submission of Information Asset Registers and Data Flows, the Senior Information Governance Officer will be responsible for the final approval ensuring accuracy and continuity of the records for all services.

·       Support Information Asset Owners with the completion of Information Risk action plans, review those plans against whether they will mitigate or reduce the risk sufficiently and submit to the Senior Information Risk Owner including a recommendation as to what action should be taken.

·       Ensure System & Software assessments/audits completion and assessment as well as 3rd party assurance audits

·       Be responsible for working directly with IT, BI and Business Continuity to ensure all technical aspects of toolkit are completed and that there are clear links between them and the IG service, with particular focus on:

·       To provide advice and support to the SIRO and the Caldicott Guardian in relation to all aspects of Data Protection compliance.

·       Oversee the training statistics, ensuring that compliance is achieved and highlighting to the relevant staff where non-compliance is becoming an issue via reporting and associated meetings where the report is discussed.

·       Be responsible for the delivery of remote specialist IG training, either on a group or 1-1 basis, including but not limited to:

- Information Risk Training

- Information Breach Training

- Subject Access Request Training

- Freedom of Information Training

- Data Protection Impact Assessment Training

- Primary Care Training

·       Complete a training/learning needs analysis for all staff within the customer organisation to ensure any specialist IG training needs are identified.

·       Respond to complex IG queries and provide advice and guidance within the required time frames and linking with other staff members as required.