Information Governance, GDPR and Security Consultant
Harvey Nash Healthcare have partnered with an independent healthcare provider to secure the services of an experienced IG/GDPR Consultant for a 3 month period.
To take a strategic & operational lead for the implementation and management of the Information Governance and Security agenda across the business and be responsible for ensuring that Information Governance policies and processes (including IT Security, Confidentiality, Caldicott, Information Flows, Data Protection and Freedom of Information (FOI)) meet national requirements and minimise the risk the business is exposed to.
Raise awareness of staff’s responsibilities for information governance and security through the design and delivery of mandatory training ensuring all current and new staff have been adequately trained and briefed.
To act as the organisations Data Protection Officer
> GDPR Compliance (as stipulated by Article 39 of GDPR)
To inform and advise controller, processor and employees of obligations; To monitor compliance, including assignment of responsibilities; To provide advice with regard to data protection impact assessments; To monitor performance of the data protection impact assessment; To cooperate with the supervisory authority; To liaise with the supervisory authority; To have due regard to risk associated with processing operations; To focus their efforts on issues that present higher data protection risks.
> Information Governance Management
Develop and lead the Information Governance (IG) Strategy; Set and update policies and procedures to support the information governance framework requirements; Maintain a records management policy for the business and strategically lead its implementation, ensuring that all records (including electronic records) are managed, throughout their life cycle from planning, creation, usage, storage, through to ultimate disposal; Offer pragmatic advice on the implementation of the records management policy across the business and set out recommended minimum periods for retention for all types of records, regardless of the media on which they are held; Lead, co-ordinate and manage the Information Governance continuous improvement programme and update as required; Identify, manage, co-ordinate and deliver projects as required to ensure the efficient and effective implementation of Information Governance; Provide specialist advice and support across the business ensuring Information Governance initiatives are integrated into core business functions; Maintenance of appropriate evidence base for Information Governance Toolkit, ensuring that all key requirements of the IG toolkit requirements are maintained at level 2 compliance or above and in cases of non-compliance introduce robust improvement plans to address any shortfalls;Lead and manage the annual assessment, work programme and action plans in line with the requirements of the IG Toolkit; Prepare and present quality reports to the executive team on a monthly basis and facilitate the Information Governance Committee; reporting on key findings and learning, update on any risk issues and progress made and make evidenced based recommendations to help inform business decisions.
> Information Security
Work closely with the IT department to improve the technical controls protecting patient data; Review and agree action in respect of identified information risks; Ensure adherence to policies relating to accuracy, quality, storage and appropriate sharing of business information both internally and externally; ensuring third parties have dataflow descriptions that allows data to be exchanged securely; Ensure that there are effective mechanisms in place for reporting and managing serious untoward incidents relating to information;Thoroughly investigate Information Governance related incidents and security breaches, reporting back to key stakeholders and ensuring standards are met, maintained and all lessons learned are disseminated;
- Educated to degree level
- A privacy related qualification e.g. ISEB, IAAP
- A security specific qualification e.g. CISM, CISSP, CISMP
- Experience of working in Information Governance and security environment
- Experience of working with ISO27001/2
- Previous experience working in a Health care environment would be advantageous
- Knowledge of NHS Digital Information Governance Toolkit would be great
Working within the wider Governance/Legal teams you will be working with the project managers leading on GDPR as well as wider governance agendas within the business. If you have strong project management skills and have an extensive IG and Security background we would be keen to talk to you.
The assignment will run for approximately 3-6 months and requires an immediate start. If you have immediate availability please send your CV to Sam Alsop-Hall at Harvey Nash or call 01217171908