Information Governance Officer in West Malling

The Information Governance Officer will be responsible for the day-to-day management and operational delivery of information governance (IG) across Sinclair-Strong Consultants Ltd. Working under the direction of the fractional Data Protection Officer (DPO), but directly reporting into the Senior Information Risk Owner (SIRO), the postholder will ensure SSC maintains robust, auditable compliance with UK GDPR, the Data Protection Act 2018, NHS Data Security and Protection Toolkit (DSPT) and relevant CQC regulatory requirements. The role acts as the organisation's central IG function, providing advice, assurance, monitoring, incident management support and potentially the scope to deliver training to teams across the organisation. This role will play a key part in the establishment and development of a newly formed Information Governance (IG) Team. The post holder will be required to work with a high degree of autonomy, taking responsibility for shaping IG processes, procedures and ways of working from the ground up. Working closely with the DPO, SIRO and other key stakeholders, the IG Officer will actively contribute to building a cohesive, effective team and embedding robust information governance practices across the organisation.

Main duties of the job:

• Act as a key point of contact for Information Governance across SSC.
• Coordinate and manage Data Subject Rights requests, including SARs.
• Act as first point of contact for data breaches and IG incidents.
• Support and maintain SSC's NHS Data Security & Protection Toolkit (DSPT) submission.
• Support completion of Data Protection Impact Assessments (DPIAs).
• Maintain IG policies, procedures, registers and audit trails.
• Provide IG assurance input for CQC inspections, commissioner requests and audits.
• Promote a strong culture of confidentiality, professionalism and data security.

About us: Sinclair-Strong Consultants Ltd is a CQC registered provider of NHS commissioned mental health services, delivering autism, ADHD and specialist services across multiple ICBs. We are seeking an experienced Information Governance Officer to lead the day-to-day operational delivery of information governance across the organisation.

Why Join Us?

• Work for a values driven, clinically led NHS provider.
• Flexible and hybrid working.
• Opportunity to shape and embed a new IG function.
• Strong organisational focus on quality, governance and patient safety.

Job responsibilities:

• Information Governance & Data Protection: Act as a key point of contact for information governance across SSC. Support the DPO in ensuring compliance with UK GDPR and the Data Protection Act 2018. Provide expert advice to staff and managers on IG, confidentiality and data protection matters. Ensure SSC IG policies, procedures and guidance remain up to date, implemented and accessible.
• NHS DSPT & Assurance: Support with the coordination, evidence gathering and maintenance of SSC's NHS Data Security and Protection Toolkit (DSPT) submission. Monitor compliance against DSPT standards, identifying gaps and supporting remedial action. Work with ICT, Operations and Clinical teams to ensure technical and organisational measures meet NHS requirements.
• Data Subject Rights & SARs: Manage and coordinate Data Subject Rights requests, including Subject Access Requests (SARs). Ensure statutory timescales are met and responses are lawful, proportionate and appropriately redacted. Maintain accurate SAR logs and audit trails in line with ICO expectations. Act as the first point of contact for actual or suspected data breaches. Coordinate breach assessment, investigation and documentation. Support the DPO with decision-making on ICO notification and DSPT incident reporting. Ensure learning is captured and shared to prevent recurrence.
• DPIAs & Project Support: Support with the production of Data Protection Impact Assessments (DPIAs) for new systems, services and changes. Work with project leads, ICT and clinical teams to identify risks and define mitigations. Maintain a central DPIA register and assurance records. Monitor completion of mandatory IG and data protection training, ensuring SSC meets NHS minimum compliance thresholds. Support delivery of bespoke IG training for specific roles or services. Promote a culture of confidentiality, professionalism and information security across the organisation.
• Records Management & Retention: Support compliance with the NHS Records Management Code of Practice. Provide guidance on retention, secure storage and lawful disposal of records. Work with teams to address data minimisation and quality issues.
• Governance, Audit & Regulation: Provide IG assurance input into CQC inspections, commissioner requests and internal audits. Maintain clear evidence trails demonstrating compliance with CQC regulations. Prepare reports and updates for senior leadership as required.

Person Specification:

• Demonstrable experience in an Information Governance or Data Protection role, ideally in healthcare.
• Strong working knowledge of UK GDPR and the Data Protection Act 2018.
• Experience of handling SARs, breaches and IG queries.
• Understanding of NHS DSPT requirements.
• Excellent attention to detail and ability to manage complex, sensitive information.
• Strong written and verbal communication skills.
• Ability to work independently, prioritise workload and meet statutory deadlines.
• Experience working within an NHS or CQC regulated environment.
• Experience completing or coordinating DSPT submissions.
• Knowledge of DPIAs and information risk management.
• Recognised industry qualification (e.g. GDPR Practitioner, CIPM, CIPP/EU etc).

Disclosure and Barring Service Check: This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Full-time, Part-time, Home or remote working.