RNIB Job Description Job Title: Information Governance Manager and designated Data Protection Officer Job level: L3 Job level cluster: Leadership, Strategy, Direction Group: Corporate Services Section: Business Support Unit: Information Governance Location: 105 Judd St, London, WC1H 9NE with some travel nationally. Reports to: Head of Business Support and Compliance Purpose of Job: Develop, implement and maintain Information Governance policies and procedures and controls to manage the charity’s information assets in order to support its business needs and its legal, risk management and operational requirements. Provide specialised knowledge to senior management and staff, and clear guidance and performance assessment to ensure that the organisation meets its meets both its statutory and legal obligations. IG Manager would be the designated Data Protection Officer (DPO) for RNIB RNIB would like to expand its IG function and continue its plans to embed privacy into all parts of the organisations, people and processes, becoming compliant with the new Data Protection Regulation. The IG Manager would not only be the designated Data Protection Officer (DPO) for RNIB (as set out in Article 37 of GDPR) but would be responsible for working with the business to embed privacy throughout all processes, in line with the Data Protection Act 1998 (DPA), the General Data Protection Regulation (GDPR), The Privacy and Electronic Communication Regulations (PECR) and any other relevant information legislation or standards. Impact: The post holder will work across the organisation leading the Information Governance Team, which consists of a Data Protection and Records Management which will impact on all aspects of the organisation. Financial responsibility: Financial responsibility for the information governance budget Main accountabilities: 1. Lead the development and implementation of the Data Protection Impact Assessments across the organisation, including defining the methodology, determining outcomes for advice 2. Act as the first point of contact for Data Protection issues, both externally and internally. To foster a practical, privacy by design and ethical approach to data management 3. To be involved in all aspects of privacy work and to give advice, where necessary, ensuring that any view that dissents from yours is recorded 4. Attendance at key leadership meetings to understand the business 5. Liaison with the Information Commissioners Office, as necessary ensuring up to date understanding of requirements and processes. 6. Lead on the planning and implementation of the General Data Protection Regulations compliance work and then develop and implement appropriate monitoring processes, and create and maintain briefings and risk registers 7. Collect information to identify processing activities and maintain records of processing activities as set out under Article 30. 8. Being accountable to and Provide regular reporting and updates to the Executive team, the Board of Trustees, SIRO and Head of Business Support and Compliance ensuring they are aware of high IG risks as well as an overall picture of compliance. 9. Provision of advice on marketing and fundraising communications in line with the DPA, GDPR and PECR. 10. Assessment of contracts, ensuring relevant clauses with processors and controllers relating to DPA and GDPR 11. Creation of and advice on data sharing agreements and memoranda of understanding 12. Submission of NHS IG Toolkit, maintaining at least Level 2 accreditation 13. Strategic lead on the records management projects, enabling specialist records management staff to create an information asset register and other records management projects, 14. Create practical training courses on DPA, GDPR and PECR for staff and volunteers as well as the Board of Trustees, SIRO and Caldicott Guardian. 15. Advise on an data breaches and incident handling of issues 16. Providing expert advice on any other issues relating to data protection and Information Governance. 17. Lead on the development and implementation of policies and procedures to support the delivery of information Governance 18. Manage a team of information professionals, including records and data management experts. General 1. Undertake any other duties commensurate with the post. 2. Adhere to all RNIB policies and procedures. Person Specification All criteria are essential unless otherwise stated 1. Specialist knowledge, skills and experience 1.1 A lead role in a significant organisation with Data Protection, Information Compliance, Information Governance or Information Assurance as the main remit; 1.2 Knowledge and understanding of the legislation in the context of Privacy and Electronic Communications Regulations 2003, Data Protection 1998 and the governance of marketing communications; 1.3 A thorough understanding of GDPR and ability to understand how to apply it in a practical riskbased way. 1.4 Experience of completing the NHS IG Toolkit and other audit work. 1.5 Experience of information risk assessment and management; 1.6 Experience at leading with liaison with the ICO; 1.7 Some understanding of Records Management, specifically information asset registers; 1.8 Some experience of Information Security management, specifically breach and incident handling and reporting and Privacy Impact Assessments 1.9 Experienced in delivering direct Training to staff, the SIRO and Caldicott Guardian 1.10 Education and development: 1.10.1 ISEB in Data Protection or Postgraduate at Northumbria or Winchester on the LLM programme, or equivalent experience and a recognised qualification in Data Protection and/or Freedom of Information 1.10.2 Course in GDPR or other evidence of expertise in the Regulation; 1.10.3 Evidence of attendance at relevant conferences and/or membership of, for example, NADPO, IRMS, IAPP or ARA, to show ongoing professional development. Other skills: 1.10.4 Ability to translate GDPR, PECR and other requirements into clear business processes. 1.10.5 Understanding business processes and being able to give tailored, balanced advice, with regard to risk and business needs; 1.10.6 Ability to create risk registers, plans, strategies and other business documents; 2. People management skills / team working skills 2.1 Good leadership and management skills. 2.2 Proven ability to motivate and empower others through clear leadership and direction. 2.3 Ability to influence others to adopt information governance good practice. 3. Planning and organisational skills 3.1 Experience in effective planning and in setting, managing and monitoring budgets. 4. Problem-solving and creative skills 4.1 Ability to find innovative ways of solving or preempting problems. 4.2 Ability to make high level decisions through evaluating information and making systematic and rational judgements. 5. Communication skills 5.1 Effective communication skills, in all formats, with the ability to impart difficult ideas in a clear way to non-specialists; 5.2 Experience of Board-level reporting. 5.3 Ability to develop and maintain effective working relationships with other members of the programme team, senior managers, the project teams and third-party providers. 5.4 Experience in building alliances and maintain effective relationships. Able to influence, convince and negotiate with others in a way that results in acceptance and agreement. 6. Special conditions 6.1 The post holder will be expected to travel throughout the UK and to make occasional overnight stays. Behaviours Deliver results Inspire and enable commitment to outstanding service. Engage Customers Determine and drive customer outcomes and work across the organisation to deliver customer excellence. Engage others Lead by example in promoting equality and inclusion for all. Set Direction Develop strategies to achieve greater commercial and financial accountability and sustainability. Creates a culture of innovation, flexibility and responsiveness. Seeks and encourage ideas, improvements and measured risk taking to deliver better approaches and services. Is able to manage complexity, uncertainty and ambiguity of major change. Work with others internally and externally to embrace opportunities and find innovative ways to overcome challenges while maintaining the effectiveness of service delivery. Lead and inspire Creates and leads a culture of high performance and accountability. Displays resilience and takes a rational approach. Personal impact Adapts own influencing style according to the audience and context and expertly negotiates in complex situations to achieve successes.
© Copyright 2024 Paperzz