Head of Information Management, public sector (Flexible working/Sussex)

Head of Information Management - South East, United Kingdom

Ref: 152Monday 20 September 2021

Interim role! Head of Information Management required by public sector organisation to develop and direct the delivery of the information management strategy, resources, and functions in partnership, to enable both organisations to effectively manage their information assets, supporting regional collaboration and ensuring that their statutory obligations are effectively discharged. This role will oversee and direct all data protection and related Information privacy activities, to ensure the proper handling of personal information complies with data protection legislation. This includes providing specialist advice, training, and instruction to ensure all personnel has an appropriate level of awareness in relation to GDPR data protection legislation. You will also be responsible for raising the profile of data compliance across the organisation, by setting the Data Protection Compliance Strategy and fostering a data protection culture. This role is for an initial period of 6 months with the potential of an extension.

Main responsibilities include:

  • Develop, negotiate and deliver an agreed strategy and implementation plan for information management which supports the strategic objectives of both organisations, ensuring it is compatible with national and regional initiatives and directives, and legislation including GDPR and the new Data Protection Act 2018.
  • Advise colleagues on the Data Protection Compliance Strategy and fostering a data protection culture within the organisation, including metrics for Data Protection Impact Assessments and monitoring the performance of such assessments.
  • Monitor compliance with the GDPR and other data protection laws, data protection policies, awareness-raising, training, and audits.
  • Ensure that all systems are identified, authorised and the relevant business rules and levels of access are appropriately applied.
  • Support and lead the concept of ‘Data Protection By Design’ by ensuring that Privacy Impact Assessments are integrated into the early stages of any project, and then throughout its lifecycle.
  • Undertake systematic auditing and monitoring of all local and national information and systems used to ensure compliance with GDPR data protection legislation, national standards, Codes of Practice, and policies and procedures.
  • Act as the primary contact with the Information Commissioner’s Office (ICO) in respect of complaints, data breaches, and annual registration and associated fee.
  • Risk assess and determine the frequency of system audits through application of the Data Protection Manual, formulating and submitting recommendations to the Security and Information Management Board.
  • Direct effective governance of Policy, Procedure, and guidance and specifically development of policy and procedures to support information management.
  • Achieve compliance with the Data Protection Act obligations, including subject access, courts, and other legislative requests.
  • Development, review, and audit of all Information Sharing Agreements held.
  • Develop and implement a system of Data Protection Impact Assessment for all high risk activity relating to personal data.
  • Provide briefings, advice, and guidance on all matters relating to information management and lead on training and awareness strategy for Information Management.
  • Manage all staff responsible for delivering IM, DPA, FOIA, Data Compliance.
  • Initiate, sponsor and deliver information management change programmes and projects and lead the information management contribution to other relevant programmes.
  • Oversee an effective process for the identification and internal reporting of data protection and cyber security breaches. Develop strategies for the management and rectification of any data security incidents. Perform investigations into data protection and cyber security breaches.

To be considered for this role you will need the following skills and experience:

  • Degree or appropriate qualification/experience in Information Management, Business Management with a strong information element, or similar.
  • GDPR/DP management qualifications.
  •  Expertise in GDPR and other national and European data protection laws and practices.
  • Experience in a data protection role, preferably within a public sector organisation using large- scale, complex information processing systems.
  • Experience of implementing a compliance strategy within an organisation and conducting audits, investigations, and risk management to ensure adherence.
  • Understanding of information security management, information technologies, and data security.