Governance Officer

This is an incredible opportunity to work for a forward-thinking community equipment services provider, who’ll support you to be the best you can be in your chosen field. Join us as our new Governance Officer at Medequip Assistive Technology Ltd and let us empower you to truly make a difference.

Our continued employee development programmes, internal training and exceptional leadership will give you the ability to continuously develop yourself professionally whilst providing person-centred support. You’ll be supported by an excellent team of professional and ever-developing co-workers who all identify and align with Medequip’s values.

Medequip is the leading provider of medical equipment services to local authorities and the NHS across the UK, delivering a wide range of equipment and support to people in their own homes, keeping people independent for longer.

As the Governance Officer for Medequip Assistive Technology Ltd, you will support and enhance a proactive, organisation-wide approach to information governance, data protection, training and compliance, working closely with the SHEQ, Governance & Training Team, Caldicott Guardian and SIRO. Reporting to the Head of SHEQ, Governance & Training and DPO, your day-to-day responsibilities will include, but not be limited to:

• Supporting the delivery of a comprehensive information governance and data protection framework.
• Supporting compliance with UK GDPR, the Data Protection Act 2018, Access to Health Records Act 1990 and associated legislation.
• Identifying, assessing and managing information governance and data protection risks, including maintaining the Information Asset Risk Register and reporting to the SIRO.
• Managing and coordinating responses to statutory requests, including Subject Access Requests and Access to Health Records requests.
• Supporting completion of the Data Security & Protection Toolkit.
• Assisting with Data Protection Impact Assessments, records retention and disposal schedules, information sharing agreements and data processing contracts.
• Maintaining oversight of records management practices to ensure compliance with legal retention requirements.
• Supporting the DPO function in monitoring organisational compliance with data protection law.
• Contributing to data breach management, including initial assessment, documentation and escalation to the DPO and ICO where required.
• Promoting and embedding privacy by design and default across projects.
• Supporting mandatory information governance and data protection training, including targeted training for high-risk roles.
• Supporting SHEQ initiatives including risk identification and mitigation, policy and document control, and internal audits.
• Providing clear guidance to staff on information governance and data protection matters.
• Building effective relationships across departments and with external partners.
• Communicating complex legislation in an accessible way.

Above all, you will identify and align with our company values:

• We empower people to be accountable for their actions and performance.
• We help people with empathy, courtesy, dignity and kindness.
• We show respect and are trusted by our colleagues, suppliers and customers.
• We believe in teamwork and are passionate about our work.
• We encourage innovation and the development of technology.
• We embrace change and seek to achieve excellence.
• We deliver cost-effective, efficient and safe healthcare solutions.

You will bring integrity, discretion, strong attention to detail, a collaborative and supportive approach, and a proactive, solution-focused mindset. You will also be committed to continuous learning and professional development.

Qualifications and experience required:

• Degree or equivalent experience.
• Experience in information governance, data protection or compliance roles.
• Experience managing Subject Access Requests and/or health records requests.
• Experience working with data protection processes and documentation.
• Strong working knowledge of UK GDPR, the Data Protection Act 2018 and the Access to Health Records Act 1990.
• Understanding of Caldicott Principles, information governance in health or social care settings, and records management best practice.
• Awareness of data breach reporting requirements and ICO guidance and expectations for DPO functions.
• Strong communication skills, with the ability to explain legal concepts clearly.
• Ability to manage competing priorities and work independently.
• Data Protection qualification, such as Practitioner or GDPR certification.
• Qualified Data Protection Practitioner with significant experience of information legislation.
• Experience developing or delivering training programmes.
• Experience supporting audits, compliance frameworks or the Data Security & Protection Toolkit.

What we offer:

• 21 days’ holiday plus bank holidays, increasing by one day per year to 25 days after four years’ service.
• Ongoing personal development and training, including annual appraisal and ownership of your training and development needs.
• Access to company training courses and operational meetings as required.
• The opportunity to work as part of a supportive, professional and values-led organisation.

We welcome applications from all sections of the community as an Equal Opportunities Employer. We are also happy to make any reasonable adjustments at any stage of the recruitment process should you need it, please let us know.

We take our data privacy seriously and commit to processing your data in line with GDPR guidelines. Medequip’s Privacy Notice sets out the basis on which the personal data collected from you, or that you provide to us, will be processed in connection with our recruitment processes.

This role may be subject to a DBS disclosure and satisfactory references. The job description states that a DBS check will be required and refreshed every two years. This role is not eligible for sponsorship. Candidates without satisfactory right to work in the UK are unlikely to be suitable.