Information Governance Officer

Information Governance Officer – Patient Care Locally (PCL), a not‑for‑profit Community Interest Company, works closely with the NHS to safeguard patient and organisational data. Interviews are scheduled for 15 December 2025. The role supports the delivery of PCL’s Digital and Governance, Risk & Compliance (GRC) strategies, maintains IG and Accountability Frameworks, leads the Information Risk Management Programme, and delivers staff awareness and training.

Key duties include maintaining IG policies, SOPs and DPIAs; coordinating the annual Data Security and Protection Toolkit (DSPT); managing incident and breach processes; supporting audits and compliance reviews; and promoting a culture of data protection across all teams.

Patient Care Locally (PCL) is a not–for–profit Community Interest Company dedicated to enhancing healthcare delivery across Leicester, Leicestershire and Rutland. In partnership with the NHS, PCL focuses on meeting patient care needs within primary and community settings and is rapidly expanding beyond its original region. PCL is CQC registered, values patient‑centred care and continuous improvement, and has been recognised as a finalist at the HSJ Awards and Strategic PA Awards in 2024.

• Support the delivery and ongoing improvement of PCLs Digital and GRC strategies, ensuring that information governance principles are embedded across all business areas.
• Act as a Digital and IG champion within the organisation, promoting best practice in data protection, confidentiality, and information handling.
• Encourage and support compliance with all relevant legislation and guidance including UK GDPR, the Data Protection Act 2018, Freedom of Information Act, and NHS Confidentiality Code of Practice.
• Support awareness and understanding of information security by collaborating with technical colleagues to align IG and security practices and to embed data protection by design.
• Develop organisational initiatives aimed at improving data governance maturity, supporting the safe and ethical use of new technologies in line with legal and professional standards>
• Lead on maintaining the Information Governance Framework and Accountability Framework, ensuring these reflect current legislation, NHS England requirements, and best practice.
• Lead, support, and coordinate the organisations Information Risk Management Programme, working in partnership with the SIRO and Information Asset Owners to ensure information risks are systematically identified, assessed, recorded on the risk register, monitored, and effectively mitigated, with clear ownership and action plans in place.
• Develop and deliver staff awareness, communications, and training on Data Protection, Information Governance, records management, and information security, ensuring teams understand their responsibilities and good practice is embedded across the organisation.

• Manage the, review, and communication of Standard Operating Procedures (SOPs) for IG and data handling.
• Work with the Digital Team and wider business to embed IG and data protection considerations into new systems, processes, and projects from the outset.
• Develop and deliver training and awareness materials (e.g. IG induction modules, refresher sessions, campaigns, or guidance notes) to promote a positive culture of data protection and accountability.
• Contribute to the organisations communication and engagement plans around IG and digital transformation, ensuring that staff understand their responsibilities and feel confident in handling information appropriately.
• Participate in IG‑related initiatives that enhance staff engagement and support PCLs ambition to be a digitally confident, data‑secure organisation.

• Development, review and implementation of information governance policies, procedures, and guidance, ensuring they remain accurate, relevant, and accessible.
• Coordinate the completion and annual submission of the Data Security and Protection Toolkit (DSPT), ensuring compliance evidence is collected and verified across all PCL entities.
• Oversight, coordination, and logging of Data Protection Impact Assessments (DPIAs), Information Sharing Agreements, and Data Processing Agreements across the organisation, ensuring that relevant stakeholders complete them with appropriate guidance, support, and due diligence to mitigate risk.
• Lead on data protection incident and breach management, including investigation, documentation, learning, and reporting to regulators or partners as required.
• Manage audits, compliance reviews, and assurance reporting, helping to track actions and improvements.
• Support records owners by maintaining oversight of records management practices, retention schedules, and secure disposal, including carrying out audits to check compliance with the NHS Records Management Code of Practice.
• Contribute to risk management activities, supporting IG risk identification, assessment and reporting within the organisations risk register.
• Collaborate with IT and security colleagues to ensure that technical measures (access control, encryption, data loss prevention) align with IG and data protection requirements.
• Keep abreast of updates to data protection legislation, national NHS guidance, and best practice, sharing learning with colleagues to promote continuous improvement.

• Work collaboratively across PCL and our partner organisations, strategic relationships, and new company entities to ensure consistent IG standards and shared learning.
• Provide timely and professional support to colleagues across departments, assisting with queries and helping to find practical solutions to IG challenges.
• Attend internal and external meetings (both in‑person and virtual) to represent IG interests, contribute to discussions, and share updates on progress or issues.
• Build and maintain effective working relationships with other teams, including Digital, Operational, Finance, People Practice, Business Intelligence, and Clinical Services, to ensure integrated governance and compliance support.
• Communicate complex information in a clear and accessible way, adapting style for technical and non‑technical audiences.
• Liaison with the Data Protection Officer where high‑level escalation of issues is required.
• Providing expert support to the Caldicott Guardian (CG) and Senior Information Risk Owner (SIRO) in promoting a strong information governance culture.

• Demonstrate a commitment to personal and professional development, keeping knowledge up to date with evolving IG and data protection standards.
• Participate in relevant training, webinars, and conferences to enhance skills and horizon‑scan emerging trends in IG, information security, and digital health.
• Support organisational development by sharing learning and good practice within the Digital and Governance teams.
• Contribute to internal staff engagement and development sessions, championing continuous learning and improvement.
• Deputise for senior colleagues when appropriate, within scope of competence and responsibility (e.g. at Governance Committee).

• Strong analytical skills; ability to risk assess and recommend effective solutions.
• Clear communicator able to translate complex concepts and language into business‑friendly terminology.
• Proactive and forward‑thinking mindset keeping up with digital trends and new technology.
• Organised and detail‑orientated able to manage multiple priorities effectively.
• Team player works collaboratively within the teams across the organisation.
• Ability to drive change and influence others with passion and integrity in your work.
• Excellent leadership skills with the ability to inspire and develop others.
• Strong problem‑solving abilities and a solution‑focused approach.
• Have great interpersonal and organisational skills.
• Excellent stakeholder engagement and relationship‑management skills.
• Willingness to learn new skills and follow process.
• Ability to work independently, prioritising own workload and escalating when needed.
• Being perceptive and able to work on intuition.

• Must be able to demonstrate behaviours consistent with PCLs Values and Behaviours.

• Educated to degree level or equivalent relevant experience.
• Recognised qualification in Information Governance, Data Protection, or related discipline (e.g. BCS Foundation Certificate in Data Protection, BCS Information Governance Practitioner, CIPM, CIPT, CIPP).

• Qualification or training in information security (e.g. ISO 27001 / Cyber Essentials awareness).
• Membership of a relevant professional body (e.g. BSC, IAPP).

• Demonstrable experience in an information governance, data protection, or compliance‑related role.
• Proven experience of managing IG activities (e.g. SARs, DPIAs, IG audits, RoPA, training, policy development).
• Experience of supporting organisational compliance with the Data Protection Act, GDPR and related legislation.
• Experience in IG within NHS, health, or social care organisations.

• Experience of supporting or delivering IG elements of GRC frameworks.
• Experience of risk register management and audit follow‑up.
• Records Manager experience.
• Previous involvement/completion of NHS DSPT.

• Strong working knowledge of UK GDPR, Data Protection Act 2018, FOIA and NHS Confidentiality Code of Practice.
• Understanding of IG Framework and ICO Accountability Framework principles.
• Awareness of NHS England standards and the Data Security and Protection Toolkit (DSPT).
• Familiarity with NHS Records Management Code of Practice and retention schedules.

• Understanding of emerging technologies such as AI, automation, and telehealth.
• Understanding of digital health technologies, patient‑facing systems, and NHS digital initiatives.

• Able to demonstrate a commitment and understanding of the importance of treating all individuals with dignity and respect appropriate to their individual needs.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and requires a submission for Disclosure to the Disclosure and Barring Service to check for any previous criminal convictions.

LLR Patient Care Locally Community Interest Company
Office 2 and 3, Coalville Business Centre
Goliath Way
Coalville
Leicestershire
LE67 3FT