Information Governance Officer

LOCATION: Homebased with a requirement to travel to UKROEd Head Office in Manchester for team meetings and as otherwise operationally required.

HOURS 37.5 (Negotiable)

SALARY £45,320

VETTING REQUIREMENTS (Essential) Baseline Personnel Security Standard and Non-Police Personnel Vetting (Level 3)

UKROEd Ltd is a private, not-for-profit company responsible for the delivery, management and administration of the National Driver Offender Retraining Scheme (NDORS) on behalf of the Police service. It is the operating company of the Road Safety Trust and is committed to the education and training of drivers who commit low level traffic offences.

UKROEd values and respects each individual employee, client and customer and is committed to promoting equal opportunities throughout its workforce. As such, all relevant applicants will receive consideration for employment without regard to age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex or sexual orientation.

About The Road Safety Trust

The Road Safety Trust is the UK's largest independent road safety grant giving charity, dedicated to achieving zero deaths and serious injuries on UK roads. It funds innovative projects, research, and initiatives to improve road safety for all road users. Its mission is to work with partners across the public, private, and voluntary sectors to reduce road harm and enhance public safety on the roads. Surplus funds from UKROEd activities from the delivery and management of the National Driver Offender Retraining Scheme (NDORS) are donated to The Road Safety Trust at the end of the financial year. This enables the Trust to carry out its grant making programme.

Overview of the role

Part of the UKROEd Digital and Data team, the Information Governance Officer contributes to ensuring that both RST and UKROEd manage its information securely, lawfully, and effectively across its entire lifecycle. The role covers compliance with UK data protection laws and Freedom of Information regulations, records management and confidentiality standards.

The postholder will shape and implement policies, handle data protection enquiries including subject access and FOI requests, support data protection impact assessments, participate in third party audits, investigate breaches and provide staff training to promote best practice.

Appointment to this role is subject to the successful completion and maintenance of Non-Police Personnel Vetting (NPPV) Level 3.

Principal Duties and Responsibilities

• The first point of contact for general data protection enquiries, individual information rights requests (such as subject access requests) and freedom of information (FOI) requests from clients and stakeholders of the NDORS scheme and staff of both UKROEd and RST.
• The first point of contact for information breaches, effectively escalating to the Head of Data/ CIO when required.
• Responsible for monitoring RST and UKROEd adherence to UK GDPR and other statutory obligations and procedural requirements, working with colleagues to maintain the ROPAs, Privacy Notices, DPIAs and Information Sharing Agreements of both organisations.
• Contribute to, and sometimes lead, the development, implementation and review of IG policies and procedures.
• Manage data breaches, investigate incidents, advise on ICO reporting, propose mitigation.
• Assist the team and organisation with internal & external reviews and audits, including reviewing information governance documentation of key stakeholders as part of the Annual Provider Review (APR) process.
• Support the application and maintenance of effective system access and document and record management arrangements.
• Provide an ongoing programme of best practice data protection and information governance training, updating material following incidents/ lessons learned and/or to reflect legislative changes to internal staff and appropriate stakeholders.
• Challenge practices, processes, and procedures as required, using negotiation and specialist knowledge to achieve continual improvement and compliance.
• Keep up to date with developments in information governance and data protection legislation, case law and guidance.
• Provide regular assurance reporting on information governance and data protection compliance to the senior leadership, Boards and appropriate governance committees.

UKROEd Person Specification Information Governance Officer Job Related Knowledge

• Essential: Excellent knowledge and understanding of the General Data Protection Regulation & data protection and information governance best practice.
• Ability to identify, understand and clearly explain principles of data protection and information governance legislation.
• Desirable: Understanding of information governance in multi organisation or partnership environments, including information sharing with police, public bodies, and third party providers.
• Experience of advising on the evaluation of new technologies, including AI, through an information governance lens ensuring compliance, risk mitigation and responsible innovation.

Experience

• Essential: Experience of working within minimal supervision in a data protection and/or information governance role, including responding to complaints and delivering excellent service.
• Proven experience of managing SARS, FOI requests, DPIAs and data sharing protocols.
• Experience managing and maintaining a ROPA.
• Experience of auditing arrangements against best practice standards.
• Desirable: Experience working in a regulated, public sector, charity or policing related environment.

Skills and Aptitudes

• Essential: Strong written and verbal communication for policy drafting, stakeholder engagement and training.
• Strong analytical approach capable of incident and risk assessment, auditing and reporting.
• Excellent IT skills with the ability to adapt quickly to new technology and better ways of working.
• Excellent organisation and time management skills with the ability to work under pressure and meet tight deadlines when required.
• Ability to work positively and consistently across the organisation to support colleagues and maintain high standards whilst managing multiple tasks, maintaining a high degree of accuracy and attention to detail.
• A strong team player, able to develop effective relationships across the organisation with a track record of respectful, open, and honest behaviour including a demonstrable commitment to inclusion and diversity.
• The ability to use your own initiative to foster improvements across the organisation, and to deliver work to an excellent standard.
• Desirable: Experience designing and delivering engaging training or awareness activity for non specialist audiences.

Qualifications

• Essential: You will either have a recognised data protection qualification (e.g. IAPP CIPP/E, BCS Practitioner Certificate in Data Protection, GDPR Practitioner) or have significant experience in this area and be willing to work towards qualification.