Information Governance Officer

JOB TITLE: Information Governance Officer

CONTRACT: Permanent

RESPONSIBLE TO: Head of Data

LOCATION: Homebased with a requirement to travel to UKROEd Head Office in Manchester for team meetings and as otherwise operationally required.

HOURS: 37.5 (Negotiable)

VETTING REQUIREMENTS (Essential): Baseline Personnel Security Standard and Non-Police Personnel Vetting (Level
3)

TO APPLY: Email CV and Covering Letter to

CLOSING DATE: Closing 13th March 2026

UKROEd Ltd is a private, not-for-profit company responsible for the delivery, management and administration of the National Driver Offender Retraining Scheme (NDORS) on behalf of the Police service. It is the operating company of the Road Safety Trust and is committed to the education and training of drivers who commit low level traffic offences. UKROEd values and respects each individual employee, client and customer and is committed to promoting equal opportunities throughout its workforce.

As such, all relevant applicants will receive consideration for employment without regard to age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex or sexual orientation.

Part of the UKROEd Digital and Data team, the Information Governance Officer contributes to ensuring that both RST and UKROEd manage its information securely, lawfully, and effectively across its entire lifecycle. The role covers compliance with UK data protection laws and Freedom of Information regulations, records management and confidentiality standards. The postholder will shape and implement policies, handle data protection enquiries including subject access and FOI requests, support data protection impact assessments, participate in third party audits, investigate breaches and provide staff training to promote best practice.

Appointment to this role is subject to the successful completion and maintenance of Non-Police Personnel Vetting (NPPV) Level 3.

• The first point of contact for general data protection enquiries, individual information rights requests (such as subject access requests) and freedom of information (FOI) requests from clients and stakeholders of the NDORS scheme and staff of both UKROEd and RST.
• The first point of contact for information breaches, effectively escalating to the Head of Data/ CIO when required.
• Responsible for monitoring RST and UKROEd adherence to UK GDPR and other statutory obligations and procedural requirements, you will work with colleagues to maintain the ROPAs, Privacy Notices, DPIAs and Information Sharing Agreements of both organisations.
• Contribute to, and sometimes lead, the development, implementation and review of IG policies and procedures.
• Manage data breaches, investigate incidents, advise on ICO reporting, propose mitigation.
• Assist the team and organisation with internal & external reviews and audits, this includes reviewing information governance documentation of key stakeholders as part of the Annual Provider Review (APR) process.
• Support the application and maintenance of effective system access and document and record management arrangements.
• Provide an ongoing programme of best-practice data protection and information governance training, updating material following incidents/ lessons learned and/ or to reflect legislative changes to internal staff and appropriate stakeholders.
• Challenge practices, processes, and procedures as required, using negotiation and specialist knowledge to achieve continual improvement and compliance.
• Keep up to date with developments in information governance and data protection legislation, case law and guidance.
• Provide regular assurance reporting on information governance and data protection compliance to the senior leadership, Boards and appropriate governance committees.

• You will either have a recognised data protection qualification (e.g. IAPP CIPP/E, BCS Practitioner Certificate in Data Protection, GDPR Practitioner) or have significant experience in this area and be willing to work towards qualification.

• Excellent knowledge and understanding of the General Data Protection Regulation & data protection and information governance best practice.
• Ability to identify, understand and clearly explain principles of data protection and information governance legislation.
• Strong written and verbal communication for policy drafting, stakeholder engagement and training.
• A strong analytical approach capable of incident and risk assessment, auditing and reporting.
• Excellent IT skills with the ability to adapt quickly to new technology and better ways of working.
• Excellent organisation and time management skills with the ability to work under pressure and meet tight deadlines when required.
• Ability to work positively and consistently across the organisation to support colleagues and maintain high standards whilst managing multiple tasks, maintaining a high degree of accuracy and attention to detail.
• A strong…