ML - 26599
£55,000 - £65,000 + Monthly Supplement
ASAP - Following Vetting process
Head of Information Management
£55,000 - £65,000 + Monthly Supplement
Full Time – 37 hours a week
Start – ASAP
Vetting required following offer
About the company
Sue Hill Recruitment are delighted to be working exclusively with Sussex Police, who are looking to recruit an experienced Head of Information Management (Senior Manager and Information Governance professional),
who can lead the Information Management team, and act as Data Protection Officer whilst also advising Chief Officers on a sustainable future model for resourcing Information Management.
The post-holder will work closely with the Head of Corporate Development and other senior stakeholders to understand the future needs of the organisation and ensure that they have the correct structures and resources in place to deliver their obligations under GDPR and to improve the way that the organisation manages Information.
This is an exciting opportunity to shape the organisations approach to Information Management and improve the service to the public. They are looking for someone who is pro-active and can hit the ground running.
What you’ll be doing
To develop and direct the delivery of the Information Management strategy, resources and functions in partnership with Surrey Police, to enable both forces to effectively manage the Force’s Information assets, supporting regional collaboration and ensuring that the statutory obligations are effectively and lawfully discharged
To perform the role of Data Protection Officer, overseeing and directing all data protection and related Information privacy activities, to ensure the proper handling of personal Information by Sussex Police, to comply with data protection legislation.
Provide specialist advice, training and instruction to ensure all personnel have an appropriate level of awareness in relation to GDPR data protection legislation.
Monitor compliance with the other data protection laws and policies.
Provide the audit capability of all aspects of data protection governance
Raise the profile of data compliance across the Sussex Police, by setting the Data Protection Compliance Strategy and fostering a data protection culture.
Oversee the Management of personal Information, including the creation, review and updating of effective policies and procedures across business units and any future transformational activities.
Responsible for Information lifecycle Management, which includes data quality, Information security, Data Protection and Freedom of Information Act, Information exchange and disclosure procedures, the Force Research Bureau (PNC/PND) and the Disclosure and Barring Service.
Represent Sussex Police at a National and Regional level in matters relating to Information Management.
Develop, negotiate and deliver an agreed strategy and implementation plan for Information Management which supports the strategic objectives of the organisation, ensuring it is compatible with national and regional initiatives and directives, and legislation including GDPR and the new Data Protection Act 2018.
To act as Data Protection Officer for the organisation including:
Ø Advising Chief Officers on the Data Protection Compliance Strategy and fostering a data protection
culture within the organisation, including metrics for Data Protection Impact Assessments and monitoring the performance of such assessments.
Ø Monitoring compliance with the GDPR and other data protection laws, data protection policies,
awareness-raising, training, and audits.
Manage the highest level of demand for Data Subject Rights, and achieve compliance with the DPA obligations, including subject access, courts and other legislative requests.
Development, review and audit of all Information Sharing Agreements held by the Force and provide advice and decisions of the ad-hoc sharing of police information.
Support and lead the concept of ‘Data Protection by Design’ by ensuring that Privacy Impact Assessments are integrated in the early stages of any project, and then throughout its lifecycle when:
Ø Building new IT systems for storing or accessing personal data
Ø Developing policy or procedures that have privacy implications
Ø Embarking on a data sharing initiative
Ø Using data for new purposes
Undertake systematic auditing and monitoring of all local and national Information and systems used to ensure compliance with GDPR data protection legislation, national standards, Codes of Practice, and policies and procedures; identifying issues & risks, and reporting to Chief Officers to ensure corrective actions are implemented.
Act as the primary contact for the Information Comissioner’s Office (ICO) in respect of complaints, data breaches and annual registrations.
Risk assess and determine the frequency of system audits through application of the Data Protection Manual, formulating and submitting recommendations to the Security and Information Management Board.
Direct effective governance of policies and procedures, and specifically development of policy and procedures to support Information Management, consistent with DPA/FOI and MOPI principles and Information Management related projects.
Achieve compliance with the Data Protection Act obligations, including subject access, courts and other legislative requests, including in relation to withdrawal of consent, the "right to be forgotten", and other rights available to data subjects under data protection legislation.
Lead all DBS disclosure decisions where this function is delegated.
Develop and implement a system of Data Protection Impact Assessment for all high-risk activity relating to personal data.
Provide briefings, advice and guidance to Chief Officers or Heads of Departments on all matters relating to Information Management and lead on training and awareness strategy for Information Management
Manage all staff responsible for delivering IM, DPA, FOIA, Data Compliance, FRB and disclosure functions in accordance with employment policies and employment regulations.
Initiate, sponsor and deliver Information Management change programmes and projects and lead the Information Management contribution to other relevant programmes.
Share knowledge and best practice and identify collaborative working opportunities. Develop and maintain effective and cooperative working relationships with other companies and outside agencies in order to ensure best practice across data protection legislation matters.
Oversee an effective process for the identification and internal reporting of data protection and cyber security breaches. Develop strategies for the Management and rectification of any data security incidents. Perform investigations into data protection and cyber security breaches.
Liaise with the CIO regarding notification of any data breaches to the ICO. Assist where appropriate in the investigation of misconduct and criminal matters where breaches of data protection are a factor, through the provision of advice and assistance with the evaluation of evidence.
Liaise with Legal Services regarding changes to data protection legislation, and the implications of these, including any required changes to policies, procedures and working practices.
Undertake other duties appropriate to the grade and character of work as may be reasonably required, including specific duties of a similar or lesser graded post.
Manage delegated IM, FRB, DBS, Access and DCT Budgets.
Why you will be hired
To be considered for this role you will require:
Degree or appropriate qualification/experience in Information Management, Business Management with a strong information element, or similar
BCS Practitioners Certificate in Data Protection
BCS Practitioner Certificate in Freedom of Information
Expertise in UK GDPR, DPA 2018 and other national and European data protection laws and practices, such as the Freedom of Information Act, Computer Misuse Act, Copyright, Designs and Patents Act, Human Rights Act, and the HMG Security Policy Framework.
Experience in a data protection role, preferably within a public sector organisation using large- scale, complex information processing systems.
Experience of implementing a compliance strategy within an organisation and conducting audits, investigations and risk management to ensure adherence.
Understanding of information security management, information technologies and data security.
Experience of leading a large and diverse team working under high levels of demand
Before an appointment can be confirmed, you will be subject to an MV level vetting procedure
Why you should apply
This is a fantastic opportunity for an experienced Information Governance professional to lead and shape the organisations future