Information and Corporate Risk Lead

Job Description

Job Title - Information and Corporate Risk LeadJackson Hogg are looking to recruit an Information and Corporate Risk Lead for a charity based in Sunderland.Job Purpose: You will be responsible for leading on the Information Governance and Risk Management Frameworks. The Information and Risk Lead will act as the Data Protection Officer and subject matter expert; informing and advising all employees of obligations to complywith the UK GDPR and other data protection laws.Duties to include:Information Governance

• Lead on, develop and manage the Information Governance Framework, ensuring that any action plans, policies and procedures are fully implemented.
• Manage the central information governance resource to ensure that obligations under the Data Protection Act 2018, the NHS Data Security & Protection Toolkit, and contracts with commissioners are met, and that the Caldicott Guardian has appropriate support.
• To fulfil the role of Data Protection Officer in line with Information Commissioner’s Office (ICO) guidance, and act as a point of contact for the ICO.
• To review the management and reporting of recorded Information Governance incidents; leading on recommendations/actions (as and when required) and the production of investigation reports.
• To receive and respond to data subject access requests from external parties relating to data processed, ensuring compliance with statutory requirements.
• To produce and advise on the development of Data Protection Impact Assessments and Information Sharing Agreements.
• Propose and present recommendations on working practices that will enable the company to maintain compliance with legislation and national standards set by the Information Commissioner’s Office, NHS Digital, Care Quality Commission, National Cyber SecurityCentre and others, leading on continuous improvement.
• To lead on identifying areas of risk and gaps in compliance with Information Governance standards and identifying and implement controls.
• To contribute to the development of new/revised Information Governance related controlled documents (policies, procedures, standard operating procedures).
• To write reports to the Information Governance board, and Audit and Risk Committee and any other working group with responsibility for Information Governance.
• To lead on all external Information Governance standards, including the Data Security and Protection Toolkit and Cyber Essentials.
• To chair the Information Governance Committee.
• To conduct internal and external Information Governance audits, ensuring that any recommended action plans are implemented in a timely manner, monitored and reviewed.
• Establishing working groups, to co-ordinate the activities of staff given Information Governance responsibilities and progress initiatives.
• To manage a central register of information governance records to include but not limited to: information asset register, contracts assurance register, information sharing agreements.

Corporate Risk

• Manage the development of the companies risk management strategy and risk register process so that risks and appropriate mitigating actions are identified, recorded, and appropriately escalated.
• Leading on the collaboration and development of the Corporate Risk Register, together with the Director of Strategy and Performance/Director of Finance and Technology, through regular dialogue with corporate risk owners.
• Lead, monitor and support the development of business continuity and disaster recovery plans, and plan and execute testing of these plans.
• Work collaboratively to ensure that the risk management framework is delivered.
• Manage the maintenance of the operational risk registers through regular dialogue with the risk register owners.
• Identify high priority risks, providing support to risk owners to manage mitigation and reduce overall risk
• Ensure that risk assessments and controls are developed in line with the companies risk appetite.
• Develop and produce a risk management reporting pack for the Audit and Risk Committee.
• Develop and maintain an up-to-date risk management recording and reporting system.
• Propose and present improvement solutions and initiatives to risk management arrangements.