Information Governance Lead

Information Governance Lead & Data Protection Officer (DPO) – Acute Hospital Location: Home-based with 1 day per week in-office Type: Contract, Outside of IR35 Duration: 3 months + Start Date: ASAP Overview: We are seeking an experienced Information Governance Lead to serve as the Data Protection Officer (DPO) for a large acute hospital. The successful candidate will lead the organization’s efforts to ensure data protection compliance, manage information governance (IG) processes, and assist with the completion of the Data Security and Protection Toolkit (DSPT) . In addition, the role will provide guidance on cybersecurity matters and work closely with internal stakeholders to safeguard patient and organizational data. This is a home-based role, with one day per week required in-office. Key Responsibilities: Act as the Data Protection Officer (DPO) , ensuring compliance with GDPR, the Data Protection Act, and other relevant legislation. Lead on the completion and ongoing compliance of the Data Security and Protection Toolkit (DSPT) . Develop, implement, and maintain information governance frameworks, policies, and procedures. Provide guidance and support on cybersecurity measures , including risk assessments, incident response, and compliance with NHS Digital and other regulatory bodies. Conduct audits and risk assessments to identify potential information governance issues and recommend improvements. Liaise with various departments across the hospital to provide training, advice, and guidance on data protection and information governance best practices. Act as the key point of contact for data breaches and incidents, ensuring timely and appropriate responses, including reporting to regulatory bodies where necessary. Stay informed about developments in data protection law, guidance, and best practice to ensure the organization remains compliant. Support the hospital in preparing for and responding to external audits and inspections, including CQC and NHS Digital reviews. Essential Experience & Skills: Proven experience in a senior Information Governance or Data Protection role, ideally within an NHS or healthcare setting. Strong knowledge of GDPR , the Data Protection Act , and other relevant legislation. Experience in completing and managing the Data Security and Protection Toolkit (DSPT) . Understanding of cybersecurity frameworks and ability to provide advice on technical security measures. Experience working in large organizations, ideally in healthcare, with knowledge of the complexities of managing sensitive data in such settings. Strong communication and interpersonal skills, able to engage with stakeholders at all levels. Ability to work independently and as part of a team, with a proactive and solution-focused approach. Desirable Qualifications: Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), or equivalent certifications. Experience of working within NHS Digital standards and frameworks. Understanding of information governance in relation to health informatics systems. Contract Details: Outside IR35 : This role is classified as outside IR35, making it ideal for contractors. Flexible Working : Home-based with one day a week required in the office.