Information Governance Manager (Secondary Care) | Mersey Care NHS Foundation Trust

Would you like to be part of a - Describe your Team e.g. dynamic, friendly, well established, highly skilled?

Are you passionate about improvement, and would like to play a key role in transforming health and care services using digital technology?

NHS Informatics Merseyside is looking for hardworking and enthusiastic individuals to join our Insert Team/Service. We are looking to recruit one individual into the position of Information Governance Manager (Secondary Care) on a permanent contract.

• Committed to delivering excellent customer service
• Motivated and hardworking
• Respectful and supportive of others
• Able to work to their own initiative as well as being an excellent team player

• Role based training
• Continued personal and professional development
• A friendly and supportive environment
• Consideration of requests for Flexible working arrangements
• Health and wellbeing services and support
• Access to NHS staff discounts scheme
• Staff recognition schemes
• Minimum of 27 days annual leave plus bank holidays, depending on length of service this may increase.
• The opportunity to participate in the NHS pension scheme

Shortlisting is scheduled: 17 March 2025

Interviews are scheduled to take place on Tuesday 25 March 2025

• Confidentiality and Caldicott Principles
• Data Protection
• Data Protection by Design
• Data Security and Protection Toolkit
• Information Risk Management
• Information Sharing

Our commitment to exceptional service is demonstrated by the number of awards and accreditations we have achieved, as well as our NHS Staff Survey results and consistently high customer service satisfaction rates. Visit our website athttps://www.imerseyside.nhs.ukto find out more about NHS Informatics Merseyside.

1. To manage the IG Business Partners and Advisors, including allocating them work, managing supervision and performance appraisals, ensuring that staff are managed and developed effectively, and any other line management duties as needed.
2. Support the IG Business Partners in assisting in the development of new Trust services/systems, ensuring any IG arrangements are robust and that high standards are established from the beginning (Data Protection by Design and Default).
3. To promote awareness of the strategies, policies and procedures amongst staff and other stakeholders including health and social care professionals via workshops, presentations, induction and mandatory training.
4. To assist with the production of policies, guidance, leaflets and training materials.
5. To maintain the IG and Data Protection sections of the Trust’s Intranet and website, ensuring appropriate information and documentation is available to support staff and inform patients.
6. To contribute to the development of the annual IG Communications Plan and the production of any documentation identified within it by the set deadlines.
7. To contribute to the development of the annual IG Work Plan, completing any tasks allocated to the post-holder by the set deadlines.
8. To facilitate, contribute and support the work of the Trust’s Information Governance and Security Forum and Virtual User Groups, including the cascading of information to staff.
9. To assist the Deputy Head of IG in interpreting national guidance in respect of IG and Data Protection, and any new/changes to current legislation, and its dissemination to ensure that the Trust’s legal obligations are met.
10. To supervise the collection and validation of evidence and ensure that the Trust adheres to current standards stated within the Data Security and Protection (DSP) Toolkit, liaising with the IM&T Security Team to ensure a consistent and co-ordinated approach.
11. To participate in the Trust’s annual DSP Toolkit audit.
12. To administer the Trust’s Information Asset Register, ensuring all annual reviews are undertaken (e.g., supplier due diligence, business continuity planning and testing, etc).
13. Work proactively with Information Asset Owners (IAOs) and Administrators (IAAs) to ensure information systems are risk assessed and secure, ensuring the CIA Triad of Confidentiality, Integrity and Availability can be maintained.
14. Ensure all IAOs and IAAs are appropriately briefed, trained and supported in their roles.
15. Work with the Procurement Team to undertake due diligence against each IT supplier, participating in supplier assurance audits and assisting in contract disputes were required.
16. Maintain the Trust’s information flow maps between the Trust and its partner organisations – providing advice and guidance where necessary. Undertake risk assessments of all information flows to ensure they do not contravene Trust policies and procedures (and therefore national guidance/legislation).
17. Support with the production and/or evaluation of Data Protection Impact Assessments (DPIAs) and Data Sharing Agreements (DSAs), providing advice to staff completing them as needed.
18. To present DPIAs and DSAs to the Data Protection Panel for review and approval.
19. Administer the Trust’s Information Sharing Gateway account, ensuring DSAs are kept up-to-date and relevant.
20. Assist with the maintenance of the Trust’s Record of Processing Activities.
21. To assist with the management of the IG Risk Register.
22. Supervise the process for managing, monitoring, reporting, and investigating IG and Data Protection incidents and identifying incidents that are legally required to be reported within 72- hours.
23. Provide reports on incidents to relevant meetings, ensuring trends and areas of concern are flagged up for further discussion and action.
24. Draft staff briefings in relation to findings from thematic analyses of IG and Data Protection incidents.
25. Undertake IG and Data Protection audits, analysing and presenting findings as required andassisting with the development and implementation of any actions plans.
26. Provide advice and take action in response to audit findings and recommendations.
27. To monitor the Team’s shared mailboxes, allocating work to the appropriate staff as needed.
28. To act as the designated deputy and represent the Deputy Head of IG (Secondary Care) as directedat internal/external meetings.
29. To provide cover for the IG Manager (Primary Care), Information Assurance Manager and/orRecords Manager during periods of leave and sickness, managing the relevant teams to ensurework continues uninterrupted and responding to any queries or concerns.
30. To network with neighbouring trusts and other organisations as appropriate and represent theTrust at local or national events.
31. To participate in any local or national professional activities in order to continue personal andprofessional development.

1. To agree and review own objectives with their line manager and to ensure a Personal Development Plan is produced.
2. Participate in regular supervision, engage in reflective practice and be committed to continued development.
3. Develop own skills and knowledge and contribute to the development of others.
4. Write, develop, and deliver clear IG and Data Protection training and awareness materials to a wide range of staff across the Trust on complex and specialist topics in a way that complementsthe Trust’s e-learning.
5. Maintain an awareness of all aspects of legislation, national guidance and policy relating to IG and Data Protection.

This advert closes on Sunday 9 Mar 2025