Job Title: Information Governance Lead

Responsible to: Head of Intelligence

Principal Working Contacts

Internal
Senior Information Risk Owner (SIRO)
Deputy SIRO
Executive Directors and senior managers
Information Asset Owners and Administrators
Internal subject matter experts in related disciplines
Head of IT Service Delivery, Organisation and Workforce Development, Legal
Services and Customer Services
Information Governance Team
Managers and employees of the Care Inspectorate

External
UK Information Commissioner
Scottish Information Commissioner (SIC)
National Records of Scotland
Care Inspectorate strategic partners
Care service providers and people experiencing care
Members of the public

Job Purpose

The post holder will provide the Care Inspectorate with leadership in information governance and assurance, internally & externally. They will be the prime source of expert advice and policy development, to create and maintain high level awareness, profile and understanding of the strategic and operational importance of information governance. They will also assure the Care Inspectorate that it is meeting its statutory and legal obligations and be capable of acting as Data Protection Officer as defined under the UK General Data Protection Regulation (GDPR) 2018 and Data Protection Act 2018.
The post holder will lead on delivering information governance support across the Care Inspectorate, supported by the Deputy SIRO and the Information Governance team, and will bear responsibility for performance and/or service delivery. The post holder will be responsible for managing their own and their team’s workload ensuring that work is completed to the required high standard in a timely fashion. The post holder must possess highly developed specialist knowledge, underpinned by theory and experience.

Key Responsibilities/Accountabilities

Operational Management

• Develop and implement corporate strategy, policies and procedures to support IG and effective use of information, in line with business and legal requirements and ensure that they are kept up to date and in line with changes to the Care Inspectorate’s internal and external operating environment.
• Coordinate the identification, assessment, reporting and management of risk in relation to all aspects of information governance (IG) within the Care Inspectorate, including regular review of the Information Risk Register and reporting to the Senior Information Risk Owner (SIRO) and Senior Management Team.
• Monitor and report on compliance and performance as required by Care Inspectorate governance arrangements and lead on creating and implementing improvement plans.
• Be capable of acting as Data Protection Officer for the Care Inspectorate and acting as key contact with the supervisory authority and leading on preparations for and on-going compliance with the requirements of the General Data Protection Regulation and revised UK Data Protection Act.
• Support the proportionate, lawful and secure use and sharing of personal data, implementing, monitoring, auditing and reviewing the Data Processing Contracts, Information Sharing Protocols, Privacy notices, Data Protection Impact Assessments and Compliance Checks.
• Develop, oversee and monitor IG training for staff, implement clear and robust information and data handling standards and procedures, raise awareness of IG responsibilities, and promote awareness and best practice.
• Coordinate and manage the organisation’s response to information security vulnerabilities and incidents.
• Coordinate and manage responses to all statutory requests for information received by the organisation, including Subject Access Requests and Freedom of Information (Scotland) Act requests.
• Develop and maintain corporate information governance tools and standards, for example, business and security classifications, metadata schemes, lifecycle retention schedules and information asset registers and ensure local implementation and compliance.
• Manage delivery of the Care Inspectorate’s Records Management.
• Improvement Plan and act as the statutory contact for Records Management, as required under the Public Records (Scotland) Act 2011.
• Support improvement of current record creation and record keeping standards to ensure that the Care Inspectorate is holding adequate records of business activity and decision making to meet statutory and legal requirements and as evidence of its accountability and transparency.
• Ensure that information governance requirements are integrated into business processes, standard operating procedures and organisational change.
• Advance the “digital by default” agenda and exploit opportunities to automate information governance through technology solutions and tools electronic record-keeping within Care Inspectorate systems.
• Observe the provisions of and adhere to all Care Inspectorate policies and procedures.
• Carry out your duties in accordance with our Health and Safety policies, procedures, guidance, practices and legislative requirements, taking reasonable care for your safety and that of others who may be affected by what you do or fail to do while at work.
Relationship Management
• Demonstrate a commitment to Care Inspectorate’s aims, vision, values and overall objective of improving care in Scotland.
• Prepare and deliver briefings, reports and presentations on IG to colleagues within and outside the Care Inspectorate in a manner that is informative, contextual and easily understood.
• Provide advice and guidance to staff on IG issues, including statutory and regulatory compliance.
• Act as a subject matter expert and staff mentor on all aspects of information governance.
• Liaise with and build professional working relationships with partner organisations on IG matters.
• Monitor individual and service performance.
• Line manage and motivates staff.
• Conduct staff appraisals.
• Ensuring that the team deliver the information governance service to the required high standard.

Other Duties

This job description is a broad picture of the post at the date of preparation. It is not an exhaustive list of all possible duties, and it is recognised that jobs change and evolve over time. Consequently, the post holder will be required to carry out any other duties to the equivalent level that are necessary to fulfil the purpose of the job, and to respond positively to changing business needs.