Job description

Information Governance and Security Analyst

Reporting to:Information Governance & Security Manager

Department:Technology & Transformation

Purpose of the job

To support Leonard Cheshire Disability (LCD) in the identification of personal and sensitive data processing activities, and establish whether these activities are being undertaken in accordance with the principles of the General Data Protection Regulation (GDPR) and Information/Cyber Security best practices.

To support all Information Security related activities to ensure the confidentiality, integrity and availability of physical and electronic information assets is established and maintained throughout the charity.

Key responsibilities

  • To support the design, implementation and ongoing management of an information security management system (ISMS) and its component parts;
  • To assist with the co-ordination, completion and project management of LCD’s annual NHS Information Governance (IG) submission;
  • To ensure Data Protection Impact Assessments (DPIA) are in place and completed throughout all key stages of LCD’s Transformational Programme and for any new or changed processing activities or projects involving personal or sensitive data;
  • To help ensure and monitor that Cyber Security best practices are in place and maintained at all levels throughout LCD, i.e. from the implementation of technical security controls to staff’s secure handling of data;
  • To assist with the timely management and investigation of any Information Governance and Security related breaches;
  • To undertake a range of Information Governance and Security project management activities;
  • To deputize as the Data Protection Officer (DPO) and liaise with management, staff, and third parties on Information Governance and Security matters;
  • To ensure that subject access requests (SAR) are maintained and completed in accordance with procedures and agreed deadlines;
  • To support the establishment of clear and effective Information Governance and Security Training and Awareness materials and content;
  • To undertake any other reasonable duties as requested;

Person specification

Essential Requirements

  • Experience or knowledge of Data Protection legislation and requirements;
  • Experience or knowledge of NHS IG Toolkit, ISO27001 standards and/or Cyber Security best practices;
  • Experience of conducting investigations or auditing IG or security;
  • Experience of monitoring adherence to policy, procedures and advice;
  • Experience of liaising with external suppliers;
  • Experience of dealing with staff at all levels;
  • Sympathy with the ethos and values of Leonard Cheshire Disability;
  • Ability to travel and stay away overnight when necessary.

Key competencies & skills

  • Highly developed IT skills;
  • Willingness and ability to quickly learn, research and engage with a wide range of Information Governance and Security subject matters;
  • Good attention to detail in all aspects of work;
  • Ability to prioritise and work under pressure;
  • Good project management skills and ability to construct and apply a structured way of working;
  • Ability to work collaboratively with a range of colleagues,including in the wider organisation and external stakeholders;
  • Ability to explain complex topics in non-technical language;
  • Good interpersonal and team working skills;
  • Strong written and verbal communication skills;
  • Well placed sense of judgement with absolute discretion and confidentiality.