Information Governance Compliance Lead

Main duties of the job

As the Information Governance Compliance Lead, you will play a key role in safeguarding data integrity and ensuring our organisation meets national information governance standards. With 2026 marking our first year of compliance with the new Cyber Assessment Framework (CAF), you will lead preparations and ensure we meet all requirements. You will also support compliance with the Data Protection Act, GDPR, and the DSPT. Working across teams, you will coordinate audits, manage data breaches, write and review policies, and deliver IG training. You will need excellent communication, strong planning, and the ability to translate complex legislation into practical action. This is a proactive, collaborative role where you will make a real impact in a purpose-driven organisation.

About us

Hello!

We are Navigo. We look after North East Lincolnshire's mental health and well-being, an award-winning social enterprise that provides mental health services to the NHS and beyond.

The whole basis of our work is to deliver services that we would be happy for our own family to use.

We offer a range of mental health services, including acute and community facilities as well as specialist support such as outstanding older adults inpatient services, rehabilitation and recovery community mental health and an outstanding specialist eating disorder facility.

Ranked as one of the top UK companies to work for, we feature in the Best Companies top 100 large company list.

As a social enterprise, we do things a little bit differently and have also developed income-generating commercially viable businesses that provide training, education and employment opportunities including Grimsby Garden Centre.

Working at Navigo is not like working anywhere else. Lots of places say that, but we really mean it.

We like to work with forward-thinking people who want to make a difference.

Come and Join us!

Pleasenote: Whilst we value all applications, if we believe an application to be AI-generated, we will use a checking tool and may reject any application that has been automatically generated.

Should you require any assistance in completing this application due to a disability or other needs please contact

Job responsibilities

To support information governance (IG) compliance within the organisation, in conjunction with the wider information governance team.

Develop and maintain the IG framework to ensure compliance with the NHS Data Security and Protection Toolkit (DSPT), Cyber Assessment Framework (CAF), and other regulatory requirements.

Write, review, and update IG policies, ensuring alignment with legal, regulatory, and NHS standards.

Design and deliver training to staff on data protection, confidentiality, and records management, to ensure compliance with IG policies.

Oversee data breach investigations and reporting to relevant authorities (e.g., the ICO) and updating the SIRO on progress of investigations.

Conduct internal audits and risk assessments to identify and mitigate IG risks.

Act as the primary point of contact with NHS Digital, regulators, and partners regarding IG matters.

Provide evidence for CAF and DSPT compliance, particularly as an operator of essential services.

Line manage identified staff, ensuring that all enquiries and incidents are dealt with effectively and responsively.

Person Specification Qualifications

• Educated to Degree Level or equivalent demonstrable experience in Information Governance
• Recognised qualification or experience in project management or equivalent

Experience

• Writing and implementing policy and strategy documents.
• Investigating possible breaches of compliance and experience of identifying issues and problem solving
• Being flexible and adaptable at work in order to meet competing priorities
• Ability to work independently; The ability to work autonomously and interpret available standards and legislation, e.g. GDPR, Records Management Code of Practice, Data Security & Protection Toolkit
• Personally leading change & improvement programmes with a range of staff
• Producing and delivering appropriate training to staff

Additional Criteria

• Advanced keyboard skills and advanced user of Microsoft Office, including Outlook, Word, Excel, PowerPoint, Teams, Planner, Forms.

Knowledge

• Excellent understanding of Data Protection Legislation
• Understanding of the use of Data Protection Impact Assessments
• Knowledge and understanding of privacy by design principles

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.