Information Governance Service Manager

Job overview

The Information Governance (IG) Service Manager is responsible for leading the development, implementation, and maintenance of a robust information governance framework across the organisation.

This role ensures compliance with legal and regulatory requirements (e.g., UK GDPR, Data Protection Act 2018, Access to Health Records Act 1990, NHS Data Security & Protection Toolkit (DSPT)) while fostering a culture of accountability and transparency in the management of patient, staff, and organisational data.

The post holder will drive efficiency in IG operations, mitigate information risks, and advise on all aspects of data protection, confidentiality, and records management.  The IG Service Manager holds key information governance and management responsibility in the organisation, supporting and as required standing in for, the IG Manager – Operations Lead.

Main duties of the job

Information Governance Leadership

• Develop, implement, and monitor the Trust’s IG strategy, policies, and procedures to ensure alignment with national NHS standards and legal requirements.
• Lead the annual submission of the NHS Data Security and Protection Toolkit (DSPT), coordinating evidence collection and ensuring compliance with all mandatory standards.
• Provide expert advice to senior leadership on IG risks, trends, and mitigation strategies.
• Work with clinical/operational teams to embed IG best practice into daily workflows.

Personal Data Breach Management

• Act as the Trust’s lead investigator for suspected or confirmed data breaches, ensuring timely reporting to the Information Commissioner’s Office (ICO) and affected individuals where required.
• Maintain a breach incident log, conduct root cause analyses, and implement corrective actions to prevent recurrence.

Training & Awareness

• Design and deliver tailored IG training programs (e.g., data protection, data sharing, records management) for staff at all levels, including mandatory training for new starters.
• Promote a strong IG culture through campaigns, newsletters, and intranet resources.

Corporate Records Management

• Oversee the Trust’s corporate records management lifecycle, including retention schedules, secure storage/archiving, and lawful disposal of physical/electronic records.

Detailed job description and main responsibilities

Team & Service Management

• Line manage the IG team, fostering a collaborative and high-performing culture.
• Monitor KPIs for the IG service (e.g., breach response times, corporate SAR compliance rates) and report outcomes to the Trust Information Governance Steering Group (IGSG).
• Support the preparation of various reports for the SIRO, Deputy SIRO and Caldicott Guardian for relevant internal meetings, the King’s Executive and the Trust Board (including delegated committees) covering IG issues as required.
• Act as a role model by demonstrating leadership and expertise, and by maintaining credibility within the Trust, the wider health community and external agencies ensuring a positive image of the Trust is maintained.
• Representation of the Trust IG work stream at various meetings both internally and externally as required.

Strategy, Policy and Procedure

• Working with the wider IG&M team, ensure that the Trust has in place the appropriate strategy, policy and procedure documents and training.
• Develop relevant policy and procedure and oversee its implementation for the Trust in line with contemporaneous guidance: relevant law, DHSC targets, national regulation and guidelines, and best practice.
• Ensure that these policies and procedures are communicated to Trust staff through the delivery of comprehensive training and other media and ensure that ongoing compliance with the same is monitored and audited as appropriate.