Information Assurance Team Leader

Job Purpose

The Deputy Data Protection Officer (DPO) and Information Assurance Team Leader will support the DPO and Head of Information Assurance and line manage the Information Assurance team to ensure the university's compliance with the Freedom of Information Act 2000, Privacy and Electronic Communications Regulations 2003, Environmental Information Regulations 2004, General Data Protection Regulation 2016 and the Data Protection Act 2018.

Main Responsibilities

Lead the Information Assurance team to deliver service as agreed with the Head of Information Assurance

• Line manage Information Assurance Advisers agreeing individual and team objectives
• Determine and manage appropriate processes to ensure the prioritisation of the team's work to meet relevant statutory timeframes in responding to requests made under data protection and related legislation
• Develop and maintain processes to ensure an efficient processing and delivery of the Information Assurance team's wider responsibilities including maintaining documentation applicable under Article 30(1) of the GDPR
• Oversee team resources and provide estimates of and capacity to manage the team's workload
• Provide regular reporting and management information to the Head of Information Assurance on the status of the Information Assurance team's activity, highlighting any potential failure to comply with statutory delivery timeframes and maintaining high quality records

Deputise for Uni's Data Protection Officer

• Support the Data Protection Officer in meeting their statutory obligations and act on their behalf where required

Provide subject matter expertise on the Data Protection and Information Management legislation

• Act as a point of escalation for the Information Assurance Advisers in relation to stakeholder management and the resolution of Freedom of Information and Subject Access Requests and complex work packages
• Review and approve exemptions applied to Freedom of Information and Subject Access Requests to ensure their compliance with relevant legislation
• Research or source guidance, advice or case law in respect of complex or novel information requests or information handling scenarios where there is uncertainty about processing them lawfully
• Provide expert advice on Data Sharing and Processing Agreements, Data Protection Threshold Tests and Impact Assessments, Privacy Notices and Consent Statements
• Provide guidance and support to Senior Information Risk Owners, Information Asset Owners and Principal Research Investigators to ensure that the correct business processes and documentation are in place to demonstrate Privacy by Design and legislative compliance
• Support in related training activities, including advising on course content and providing bespoke training materials as required
• Research, write and implement policies, standards, procedures and best practice documentation
• Conduct Internal Reviews in line with codes of practice and ICO guidelines and make recommendations to the Head of Information Assurance, IT Director or Data Protection Officer as relevant to the case
• Conduct data breach investigations in line with university policies and procedures and make recommendations to the Head of Information Assurance, IT Director or Data Protection Officer as appropriate

Provide Information Assurance support for the University

• Provide support and assistance to all areas and levels of the university on the application of the Data Protection legislation
• Produce Subject Access Requests and Freedom of Information Requests in line with university policies and procedures always ensuring that the applicant meets the criteria, agreeing barriers for release, with full redactions within the statutory deadlines
• Take ownership of coordinating and compiling responses to complex and sensitive requests to ensure that all relevant functions within the university are properly consulted and informed and that finalised responses are complete and the content is consistent
• Maintain the internal data protection guidance webpages, keeping content current and relevant

Manage Internal and External Relationships with Key Stakeholders

• Attend and provide updates to the Information Governance Committee and other boards as requested
• Act as central point of contact for advice to staff and students including Senior Information Risk Owners and Information Asset Owners
• Attend regular meetings with internal stakeholders to ensure work stacks are communicated
• Attend Senate and school research ethics committees as appropriate
• Liaise with the Information Commissioner's Office for advice and guidance on the General Data Protection Regulation as appropriate