Information Governance Officer

Go back LLR Patient Care Locally Community Interest Company

The closing date is 05 December 2025

As part of the interview, there will be a short assessment. This will include a scenario where you walk through your decision making and a small set of questions covering core IG knowledge.

You will be crucial in maintaining and improving our Information Governance and Accountability Frameworks, driving compliance with UK GDPR, Data Protection Act 2018, and other key legislation. Your responsibilities will span policy development, coordinating the annual DSPT submission, leading on data protection incident management and developing staff awareness and training. You will work closely across clinical, operational and digital teams providing clear and practical advice to diverse stakeholders.

This is an exciting opportunity to use your expertise to support the safe and effective use of information within a dynamic not for profit Community Interest Company (CIC) that works in close collaboration with the NHS.

You will be part of a team that is:

• Innovative, agile and adaptive, helping PCL deliver care in local settings to ensure patients receive the right care at the right time.
• Committed to patient centred care, working to alleviate pressure on hospital services.
• Committed to our team, where we respect, trust and value each other's contribution, and empower our people.

• Interviews: 15 December 2025

This role supports the delivery of PCLs Digital and GRC strategies and promotes good practice in data protection, confidentiality, and information handling. It helps ensure compliance with UK GDPR, the Data Protection Act, FOI, and NHS guidance, working with technical teams to embed data protection by design and strengthen data governance maturity. The postholder maintains the IG and Accountability Frameworks, leads the Information Risk Management Programme with the SIRO and Information Asset Owners, and delivers staff training on IG, security, and records management.

The role works across PCL and partner organisations, providing timely advice, supporting colleagues, and representing IG in meetings. It maintains strong relationships with Digital, Operations, Finance, BI, Clinical Services, and others, and provides expert support to the Caldicott Guardian, SIRO, and DPO. The postholder keeps knowledge up to date, shares learning, supports staff development, and may deputise for senior colleagues.

Patient Care Locally (PCL) is a not-for-profit Community Interest Company dedicated to enhancing healthcare delivery across Leicester, Leicestershire, and Rutland. Working in close collaboration with the NHS, we focus on delivering the right care at the right time in the right place - closer to home for patients.

As a CQC registered organisation rapidly expanding beyond our original region, we maintain the highest standards of quality while alleviating pressure on hospital services. Our innovative approach has earned recognition as finalists at both the HSJ Awards and Strategic PA Awards in 2024.

• Patient‑centred: Everything we do puts patients first.
• Team‑focused: We respect, trust, and empower each other while valuing every contribution.
• Our Company: We’re a trusted, caring company that’s innovative, agile, and adaptive – always delivering.

Working at PCL: You’ll join a fast‑paced, dedicated team committed to continuous improvement and making a real difference to over 1.2 million patients. We offer hybrid working arrangements, comprehensive training, and opportunities for cross‑functional learning and development. Our collaborative environment encourages skill‑sharing and supports professional growth while maintaining high‑quality patient care standards.

• Support the delivery and ongoing improvement of PCLs Digital and GRC strategies, ensuring that information governance principles are embedded across all business areas.
• Act as a Digital and IG champion within the organisation, promoting best practice in data protection, confidentiality, and information handling.
• Encourage and support compliance with all relevant legislation and guidance including UK GDPR, the Data Protection Act 2018, Freedom of Information Act, and NHS Confidentiality Code of Practice.
• Support awareness and understanding of information security by collaborating with technical colleagues to align IG and security practices and to embed data protection by design.
• Develop organisational initiatives aimed at improving data governance maturity, supporting the safe and ethical use of new technologies in line with legal and professional standards.
• Lead on maintaining the Information Governance Framework and Accountability Framework, ensuring these reflect current legislation, NHS England requirements, and best practice.
• Lead, support, and coordinate the organisations Information Risk Management Programme, working in partnership with the SIRO and Information Asset Owners to ensure information risks are systematically identified, assessed, recorded on the risk register, monitored, and effectively mitigated, with clear ownership and action plans in place.
• Develop and deliver staff awareness, communications, and training on Data Protection, Information Governance, records management, and information security, ensuring teams understand their responsibilities and good practice is embedded across the organisation.

• Development, review and implementation of information governance policies, procedures and guidance, ensuring they remain accurate, relevant and accessible.
• Coordinate the completion and annual submission of the Data Security and Protection Toolkit (DSPT), ensuring compliance evidence is collected and verified across all PCL entities.
• Oversight, coordination, and logging of Data Protection Impact Assessments (DPIAs), Information Sharing Agreements, and Data Processing Agreements across the organisation.
• Lead on data protection incident and breach management, including investigation, documentation, learning, and reporting to regulators or partners as required.
• Manage audits, compliance reviews and assurance reporting, helping to track actions and improvements.
• Support records owners by maintaining oversight of records management practices, retention schedules and secure disposal.
• Collaborate with IT and security colleagues to ensure that technical measures (access control, encryption, data loss prevention) align with IG and data protection requirements.
• Keep abreast of updates to data protection legislation, national NHS guidance, and best practice, sharing learning with colleagues to promote continuous improvement.

• Demonstrate a commitment to personal and professional development, keeping knowledge up to date with evolving IG and data protection standards.
• Participate in relevant training, webinars and conferences to enhance skills and horizon‑scan emerging trends in IG, information security and digital health.
• Support organisational development by sharing learning and good practice within the Digital and Governance teams.
• Contribute to internal staff engagement and development sessions, championing continuous learning and improvement.
• Deputise for senior colleagues when appropriate, within scope of competence and responsibility.

• Strong analytical skills, ability to risk assess and recommend effective solutions.
• Clear communicator able to translate complex concepts into business‑friendly terminology.
• Proactive and forward‑thinking mindset keeping up with digital trends and new technology.
• Organised and detail‑orientated able to manage multiple priorities effectively.
• Team player works collaboratively within the teams across the organisation.
• Ability to drive change and influence others with passion and integrity in your work.
• Excellent leadership skills with the ability to inspire and develop others.
• Strong problem‑solving abilities and a solution‑focused approach.
• Great interpersonal and organisational skills.
• Excellent stakeholder engagement and relationship management skills.
• Willingness to learn new skills and follow process.
• Ability to work independently, prioritising own workload and escalating when needed.
• Being perceptive and able to work on intuition.

• Must demonstrate behaviours consistent with PCLs Values and Behaviours.

• Educated to degree level or equivalent relevant experience.
• Recognised qualification in Information Governance, Data Protection or related discipline (e.g. BCS Foundation Certificate).
• Qualification or training in information security (e.g. ISO 27001 / Cyber Essentials awareness).
• Membership of a relevant professional body (e.g. BCS, IAPP).

• Demonstrable experience in an information governance, data protection or compliance‑related role.
• Proven experience of managing IG activities (e.g. SARs, DPIAs, IG audits, RoPA, training, policy development).
• Experience of supporting organisational compliance with the Data Protection Act, GDPR and related legislation.
• Experience in IG within NHS, health or social care organisations.
• Experience of supporting or delivering IG elements of GRC frameworks.
• Experience of risk register management and audit follow‑up.
• Previous involvement/completion of NHS DSPT.

• Strong working knowledge of UK GDPR, Data Protection Act 2018, FOIA and NHS Confidentiality Code of Practice.
• Understanding of IG Framework and ICO Accountability Framework principles.
• Awareness of NHS England standards and the Data Security and Protection Toolkit (DSPT).
• Familiarity with NHS Records Management Code of Practice and retention schedules.
• Understanding of emerging technologies such as AI, automation and telehealth.
• Understanding of digital health technologies, patient‑facing systems and NHS digital initiatives.

• Able to demonstrate a commitment and understanding of the importance of treating all individuals with dignity and respect appropriate to their individual needs.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

LLR Patient Care Locally Community Interest Company

Office 2 and 3, Coalville Business Centre

£38,682 to £46,580 a year dependent on experience

Permanent

Full‑time, Flexible working, Home or remote working

E0349‑25‑0018

Office 2 and 3, Coalville Business Centre