Information Governance Manager (Secondary Care)

We believe that everyone has the right to be treated with dignity and respect.

We encourage all applicants to share their equality information with us.

Job overview

Would you like to be part of a - Describe your Team e.g. dynamic, friendly, well established, highly skilled?

Are you passionate about improvement, and would like to play a key role in transforming health and care services using digital technology?

NHS Informatics Merseyside is looking for hardworking and enthusiastic individuals to join our Insert Team/Service. We are looking to recruit one individual into the position of Information Governance Manager (Secondary Care) on a permanent contract.

Applicants should be:

• Committed to delivering excellent customer service
• Motivated and hardworking
• Respectful and supportive of others
• Able to work to their own initiative as well as being an excellent team player

What we can offer:

• Role based training
• Continued personal and professional development
• A friendly and supportive environment
• Consideration of requests for Flexible working arrangements
• Health and wellbeing services and support
• Access to NHS staff discounts scheme
• Staff recognition schemes
• Minimum of 27 days annual leave plus bank holidays, depending on length of service this may increase.
• The opportunity to participate in the NHS pension scheme

Shortlisting is scheduled: 17 March 2025

Interviews are scheduled to take place on Tuesday 25 March 2025

Main duties of the job

The Information Governance Manager (Secondary Care) will be a member of the Information Governance (IG) Management Team and will support the Deputy Head of IG (Secondary Care) in managing the day-to-day operational aspects of the following areas of the Team, so they support the clinical and business objectives of the Trust.

• Confidentiality and Caldicott Principles
• Data Protection
• Data Protection by Design
• Data Security and Protection Toolkit
• Information Risk Management
• Information Sharing

Working for our organisation

Our commitment to exceptional service is demonstrated by the number of awards and accreditations we have achieved, as well as our NHS Staff Survey results and consistently high customer service satisfaction rates. Visit our website at https://www.imerseyside.nhs.uk to find out more about NHS Informatics Merseyside.

Detailed job description and main responsibilities

1. To manage the IG Business Partners and Advisors, including allocating them work, managing supervision and performance appraisals, ensuring that staff are managed and developed effectively, and any other line management duties as needed.
2. Support the IG Business Partners in assisting in the development of new Trust services/systems, ensuring any IG arrangements are robust and that high standards are established from the beginning (Data Protection by Design and Default).
3. To promote awareness of the strategies, policies and procedures amongst staff and other stakeholders including health and social care professionals via workshops, presentations, induction and mandatory training.
4. To assist with the production of policies, guidance, leaflets and training materials.
5. To maintain the IG and Data Protection sections of the Trust’s Intranet and website, ensuring appropriate information and documentation is available to support staff and inform patients.
6. To contribute to the development of the annual IG Communications Plan and the production of any documentation identified within it by the set deadlines.
7. To contribute to the development of the annual IG Work Plan, completing any tasks allocated to the post-holder by the set deadlines.
8. To facilitate, contribute and support the work of the Trust’s Information Governance and Security Forum and Virtual User Groups, including the cascading of information to staff.
9. To assist the Deputy Head of IG in interpreting national guidance in respect of IG and Data Protection, and any new/changes to current legislation, and its dissemination to ensure that the Trust’s legal obligations are met.
10. To supervise the collection and validation of evidence and ensure that the Trust adheres to current standards stated within the Data Security and Protection (DSP) Toolkit, liaising with the IM&T Security Team to ensure a consistent and co-ordinated approach.
11. To participate in the Trust’s annual DSP Toolkit audit.
12. To administer the Trust’s Information Asset Register, ensuring all annual reviews are undertaken (e.g., supplier due diligence, business continuity planning and testing, etc).
13. Work proactively with Information Asset Owners (IAOs) and Administrators (IAAs) to ensure information systems are risk assessed and secure, ensuring the CIA Triad of Confidentiality, Integrity and Availability can be maintained.
14. Ensure all IAOs and IAAs are appropriately briefed, trained and supported in their roles.
15. Work with the Procurement Team to undertake due diligence against each IT supplier, participating in supplier assurance audits and assisting in contract disputes were required.
16. Maintain the Trust’s information flow maps between the Trust and its partner organisations – providing advice and guidance where necessary. Undertake risk assessments of all information flows to ensure they do not contravene Trust policies and procedures (and therefore national guidance/legislation).
17. Support with the production and/or evaluation of Data Protection Impact Assessments (DPIAs) and Data Sharing Agreements (DSAs), providing advice to staff completing them as needed.
18. To present DPIAs and DSAs to the Data Protection Panel for review and approval.
19. Administer the Trust’s Information Sharing Gateway account, ensuring DSAs are kept up-to-date and relevant.
20. Assist with the maintenance of the Trust’s Record of Processing Activities.
21. To assist with the management of the IG Risk Register.
22. Supervise the process for managing, monitoring, reporting, and investigating IG and Data Protection incidents and identifying incidents that are legally required to be reported within 72- hours.
23. Provide reports on incidents to relevant meetings, ensuring trends and areas of concern are flagged up for further discussion and action.
24. Draft staff briefings in relation to findings from thematic analyses of IG and Data Protection incidents.
25. Undertake IG and Data Protection audits, analysing and presenting findings as required and assisting with the development and implementation of any actions plans.
26. Provide advice and take action in response to audit findings and recommendations.
27. To monitor the Team’s shared mailboxes, allocating work to the appropriate staff as needed.
28. To act as the designated deputy and represent the Deputy Head of IG (Secondary Care) as directed at internal/external meetings.
29. To provide cover for the IG Manager (Primary Care), Information Assurance Manager and/or Records Manager during periods of leave and sickness, managing the relevant teams to ensure work continues uninterrupted and responding to any queries or concerns.
30. To network with neighbouring trusts and other organisations as appropriate and represent the Trust at local or national events.
31. To participate in any local or national professional activities in order to continue personal and professional development.

1. To agree and review own objectives with their line manager and to ensure a Personal Development Plan is produced.
2. Participate in regular supervision, engage in reflective practice and be committed to continued development.
3. Develop own skills and knowledge and contribute to the development of others.
4. Write, develop, and deliver clear IG and Data Protection training and awareness materials to a wide range of staff across the Trust on complex and specialist topics in a way that complements the Trust’s e-learning.
5. Maintain an awareness of all aspects of legislation, national guidance and policy relating to IG and Data Protection.

Person specification

Qualifications

• High level of Education – Degree level or equivalent experience
• First line management qualification or equivalent
• PRINCE2 qualification
• Training qualification

• Data Protection Qualification
• Information Risk Management Qualification
• Membership of appropriate professional body (e.g., the British Computer Society, FEDIP, etc)

Knowledge and Experience

• Comprehensive understanding and ability to interpret current Information Governance (IG) and Data Protection initiatives
• Understanding of Data Security and Protection Toolkit Standards
• Understanding of Information Risk Management
• Data Sharing and Confidentiality
• Information Asset Management
• Objective setting
• NHS Code of Confidentiality
• High level experience in IG and Data Protection
• Development and delivery of training sessions
• Working to set deadlines/targets
• Staff supervision, performance appraisals, Recruitment process
• System and organisational processes
• Participation in relevant IG meetings
• Organisation of meetings & minute taking/compiling

• Links to regional/national networking groups
• Knowledge of NHS Plan targets
• Caldicott principles
• Change management processes
• Supplier due diligence
• Business continuity planning and testing
• Information Sharing Gateway

Skills

• High levels of verbal and written communication skills
• Ability to work in a confidential and sensitive manner with a professional attitude towards all stakeholders
• Highly motivated, innovative and enthusiastic with the ability to motivate others
• Excellent problem solving skills
• Strong interpersonal skills
• Effective problem solving, logical troubleshooting and analytical skills
• Ability to work unsupervised and able to manage own time and workload
• Excellent organisational skills and ability to react to changing requirements positively
• Ability to write reports, policies & procedures
• Ability to undertake audits
• Ability to understand and analyse data and to compile and initiate audits and present findings
• Ability to problem solve
• Ability to use professional judgement and advise others on best practice and national guidelines and legislation

Values

• Continuous Improvement
• Accountability
• Respectfulness
• Enthusiasm
• Support
• High professional standards
• Responsive to service users
• Engaging leadership style
• Strong customer service belief
• Transparency and honesty
• Discreet
• Change oriented

Please ensure you check the email account from which you apply for all correspondence. All information regarding your application will come from apps.trac.jobs not NHS Jobs.

Only those applicants who demonstrate clearly how they meet our person specification will be shortlisted for interview.

As a Disability Confident Employer, we offer a guaranteed interview scheme for applicants who consider themselves to be disabled who meet the minimum (essential) criteria for the role in the person specification. If you would like your application to be considered under the Trust’s guaranteed interview scheme you can indicate this in the personal information section of your online application form.

Should you require a reasonable adjustment to our recruitment process please email [email protected] to ensure that measures can be put in place to support you.

We reserve the right to close any vacancy earlier than advertised in exceptional circumstances once we have received a high volume of applications.

The team can prevent any previous identity showing on the DBS Certificate, unless the applicant has a conviction under their previous details in which case this will need to be disclosed.

Flexible working requests will be considered for all roles.

Please be advised that the use of Artificial Intelligence on applications is monitored and if you choose to use this, you must declare this on your application form.