Job vacancy: Senior Information Governance Officer, Hywel Dda University Health Board, to be confirmed

Job summary

Main area: Information Governance
Grade: Band 6
Contract: Permanent
Hours: Full time - 37.5 hours per week
Job ref: 100-AC307-1025

Employer: Hywel Dda University Health Board
Employer type: NHS
Site: to be confirmed
Town: to be confirmed
Salary: £39,263 - £47,280 per annum
Salary period: Yearly
Closing: 05/11/2025 23:59
Interview date: 14/11/2025

Senior Information Governance Officer

Band 6

Our Hywel Dda values reflect who we are and how we behave. We continuously work together to be the best we can be as we strive to develop and deliver excellent services, putting people at the heart of everything we do. Throughout our recruitment process you will be asked to think about how you would demonstrate these values in the way that you work with us.

If you are registered Health Care professional considering relocating to the Hywel Dda area in West Wales please don’t hesitate to contact our recruitment campaigns team directly via [email protected]

To keep up to date with our latest recruitment activity follow us on Facebook (Swyddi Hywel Dda Jobs), LinkedIn or on Twitter @SwyddiHDdaJobs

Hywel Dda University Health Board reserve the right to close vacancies after 24 hours if a large number of suitable applications are received. We encourage early applications to ensure consideration for a post.

Detailed job description and main responsibilities

Key Responsibilities

IG Breach Management: Lead on IG breaches, managing incidents from initial report to closure, including advice on recovery, containment, and lessons learned. Support the IG Breach Lead with high-level breaches.
Data Protection Impact Assessments: Support and approve DPIAs, identify risks, and advise on mitigation, escalating when necessary.
Auditing: Lead on audits related to IG breaches, report findings, and support the IG Team in raising awareness of responsibilities under Data Protection legislation.
Expert Advice: Provide IG advice to staff at all levels, draft reports, and support operational IG tasks (e.g., data sharing agreements, privacy notices, Subject Access Requests).
Trend Analysis: Identify and report on breach trends, produce statistics, and create improvement plans.
Incident Management: Support implementation of IG incident management procedures and assist staff in reporting incidents.
Compliance Monitoring: Review and maintain IG systems, ensure compliance with legislation, and take action on non-compliance.
Training & Communication: Deliver training, draft guidance, and communicate complex IG issues to staff and external stakeholders.
Records Management: Oversee Access to Health Records requests, ensure statutory compliance, and adapt systems as needed.
Audit Support: Participate in internal and external audits, produce reports, and maintain accurate records.
Redaction & Guidance: Redact sensitive information for disclosures and provide guidance on retention periods and IG policies.
Resource Management: Ensure efficient use of resources and support the department’s operational needs.
Line Management: Manage IG Officers and Access to Health Records Clerks, ensuring training and performance objectives are met.

You will be able to find a full job description and person specification attached within the supporting documents.

The Health Board is committed to supporting its staff to fully embrace the need for bilingualism thereby enhancing patient and service user experiences. In our commitment to increase the number of staff who are able to communicate in Welsh with patients and professionals, we welcome applications from Welsh speakers.

The ability to communicate in Welsh is desirable for this post. If you do not meet the Welsh Language requirements specified, the Health Board offers a variety of learning options and staff support to help you meet these minimal desirable requirements during the course of your employment with us.

Interviews will be held on 14/11/2025

Person specification

Qualifications and Knowledge

Essential criteria

Degree level or equivalent management experience
Further knowledge to postgraduate diploma level e.g: - Data Protection professional qualification e.g. BCS Foundation Certificate / Practitioner Certificate in Data Protection - Expert knowledge and understanding in the principles of the DPA, GDPR, FOIA and NHS Code of Confidentiality, - Expert knowledge in the areas of Caldicott, patient confidentiality, WASPI and information sharing, privacy notices, Data Protection Impact Assessments and information security.
Evidence of continuous professional development

Desirable criteria

Knowledge of risk management processes
Knowledge of Health and Care Standards

Experience

Essential criteria

Previous information governance experience
Previous breach/complaint management experience
Previous Data Protection Impact Assessment support & approval experience
Previous experience of report preparation and delivery
Previous experience of dealing with complex and confidential issues

Desirable criteria

Previous information/ IT security experience
Previous auditing experience
Previous project management experience
Previous experience of working within the NHS or other healthcare setting
Successful change management and negotiation experience
Previous experience of risk assessment
Experience of using Datix system

Other

Essential criteria

Ability to work in a busy, sometimes stressful environment, and to deal with interruptions and changing priorities
Professional and confident manner
Self-motivated, dynamic and proactive
Adaptable and flexible to meet any changing service needs with enthusiasm
Highly confidential always
Ability to deal positively with difficult situations e.g. verbal abuse from patients / staff on an occasional basis
Commitment to embedding excellent information governance practices into all levels of staff and the organisation as a whole
Ability to work effectively at home or away from agreed base but still within HDUHB’s region
Ability to travel within HDUHB’s geographical area

Desirable criteria

Welsh Speaker (Level 1)

Hywel Dda University Health Board operates a bilingual policy. All applicants are invited to apply in Welsh, any application submitted in Welsh will not be treated less favourably than an application made in English.

IMPORTANT NOTE FOR APPLICANTS: Applications for our roles are carefully reviewed and shortlisted based on specific criteria, which varies from job to job. Using a generic application to apply for multiple roles or relying on automated AI application services, such as Lazy Apply or AI Apply, may not provide the necessary information, leading to your application being overlooked. To ensure your application is given full consideration, we recommend submitting a tailored application that directly addresses the criteria listed in the Person Specification section of the advert.

By submitting your application to NHS Jobs/Trac, you are giving your consent for elements of your application data to be transferred to the NHS Electronic Staff Record (ESR) and other secure, internal NHS Workforce systems in order to support and manage your recruitment and employment within your employing organisation; to be used by Recruitment for purposes of checking your Professional Registration online (where applicable).

These processes are in line with Fair and Lawful processing in line with current Data Protection Legislation especially those in relation to your personal or sensitive personal data (sensitive personal data is defined as any declared physical or mental health conditions, racial or ethnic origin, sexual orientation, trade union membership, political opinion, religious beliefs). As an organisation, we ensure that the legislation defining confidentiality is observed such as use of data for specific, defined purposes, and use of data that is relevant and not excessive whilst practicing data accuracy and security of all held personal identifiable information (PII)

If you are successfully appointed, by completing the application form you authorise the UHB to obtain any previous NHS service details including all electronically held sickness information, via the Inter Authority Transfer process on the national Electronic Staff Record (ESR).

To work in the UK, all candidates who are not UK or Republic of Ireland (RoI) nationals require sponsorship to obtain either a Health and Care visa or Skilled Worker visa, unless you have permission to work via another route. Non UK / RoI candidates wishing to apply should self-assess the likelihood of obtaining a Certificate of Sponsorship by visiting Work in the UK. If you are eligible for the Health and Care visa, application costs are lower and you do not need to pay the annual Immigration Health Surcharge.