Oh, no!

This job listing has already expired.

Browse Active Jobs


Information Governance Officer

Corporate Services and Infrastructure (CSI)

Newcastle University, Newcastle upon Tyne, UK


  • Posted on: 27th Oct 2021
  • Salary: £31,406
  • REF: 13202
  • Closes: 28th November 2021
  • Contract Type: Permanent
  • Hours: Full Time

We are a world class research-intensive university. We deliver teaching and learning of the highest quality. We play a leading role in economic, social and cultural development of the North East of England. Attracting and retaining high-calibre people is fundamental to our continued success.

Salary: £31,406.00 – £33,309.00 (with progression to £40,927) per annum

Closing Date: 28 November 2021

The Role

You will be a member of a team which leads the implementation of a number of elements of the University’s Freedom of Information and Data Protection policies. You will ensure and promote a culture of compliance with legislation and best practice, helping the University to maintain and enhance its compliance with information security obligations.

The role is suited to a mixture of campus and remote work and typically involves working at least 50-60% of the week on campus and the remainder remotely. The Information Governance team comprises five posts (including this role) and is led by the Head of Information Governance and Data Protection Officer. The team is part of the University’s Executive Office.

Further information about the University Executive Office can be found here.

This is a full-time, open-ended post.

Informal enquiries should be addressed to Maureen Wilkinson (Head of Information Governance and Data Protection Officer) via email: Maureen.Wilkinson@ncl.ac.uk

Key Accountabilities

  • Help the University maintain and improve compliance with its legal, regulatory and contractual information security obligations; including but not limited to DPA (including GDPR), FOI, EIR, NHS IGT and PCI DSS
  • Review and update the University’s Data Protection and Information Security Policy Framework, and recommend changes to policy in response to legal and regulatory changes, and emerging information risks
  • Maintain the information security risk register; identify appropriate information security controls; and ensure risk owners and control owners are identified and appropriately briefed on their responsibilities
  • Manage data protection and information security incidents, and act as a point of contact between the University, Janet CSIRT, regulatory bodies (e.g. the Information Commissioner’s Office), the police, and other relevant parties, on data protection and information security issues
  • Identify threats posed to technological and non-technical information assets and information systems; identify security weaknesses; and recommend appropriate security controls to maintain confidentiality, integrity and availability. The post holder must have an understanding of appropriate IT security controls, and is required to liaise with internal technical teams and personnel to ensure those security controls are in place and correctly maintained
  • Develop and manage the University’s programme of FOI, data protection and information security education and awareness
  • Maintain a watching brief for legislative and regulatory changes; new threats; new technologies; evolving information governance standards and associated best practice
  • Identify new opportunities for information governance improvements throughout the University
  • On occasion the post-holder may be reasonably requested to carry out duties not specifically described in this job description. Such requests will be in the interests of maintaining the smooth running and delivery of NUIT services to customers and stakeholders

The Person (Essential)

Knowledge, Skills and Experience

  • Extensive practical knowledge relevant to their duties;
  • Keep knowledge of legislation and information security risk management up-to-date.
  • Ability to solve problems based upon past experience and independent investigative analysis;
  • Excellent communication and influencing skills and attention to detail;
  • Excellent negotiation and diplomacy skills
  • Extensive experience in a similar or related customer-facing role;
  • Extensive experience of delivering, maintaining and improving organisational governance arrangements such as DPA (including GDPR), FOI, EIR, NHS IGT, PCI DSS and Cyber Essentials;
  • Extensive experience of data protection principles and managing organisation DPA, FOI and EIR practices and policies;
  • Experience of reaching pragmatic solutions to complex problems

Attributes and Behaviour

Delivering Services:

  • Knows and understands customer/stakeholder needs in terms of outputs;
  • Co-operates with others in achieving targets
  • Disseminate key organisational messages internally and externally and ensures understanding
  • Understand how best to appeal to the other person/group, correctly interpreting the right way to approach a situation
  • Chooses communications tools appropriately e.g. selective use of email and other channels of communication
  • Clear and concise; gets the message across to others
    Finding Solutions:
  • Recognises urgency and takes decisive action when required;
  • Looks at ways of overcoming obstacles rather than coming to a standstill
  • Makes decisions based on understanding the wider organisational needs and having considered a range of possible options
    Team Working
  • Operates with a number of different teams across the institution;
  • Looks at ways of developing cross functional co-operation and support
  • Confident in adopting a range of team roles
    Thinking Strategically
  • Understands and is sensitive to wider organisational priorities
  • Understands the key aims of own area and how it relates to own job and responsibilities


  • You should be qualified to degree standard in computing or information management or have relevant practical, professional experience;
  • Continued professional development, and willingness to keep up to date;
  • BCS / ISEB Certificate in Data Protection and/or Freedom of Information or Data Protection or GDPR Practitioner Certificate (Desirable);
  • LLM in Information Rights Law and Practice (Desirable)

Newcastle University is committed to being a fully inclusive Global University which actively recruits, supports and retains colleagues from all sectors of society. We value diversity as well as celebrate, support and thrive on the contributions of all our employees and the communities they represent.We are proud to be an equal opportunities employer and encourage applications from everybody, regardless of race, sex, ethnicity, religion, nationality, sexual orientation, age, disability, gender identity, marital status/civil partnership, pregnancy and maternity, as well as being open to flexible working practices.

The University holds a silver Athena SWAN award in recognition of our good employment practices for the advancement of gender equality. The University also holds the HR Excellence in Research award for our work to support the career development of our researchers, and is a member of the Euraxess initiative supporting researchers in Europe.

We understand how important the full employment package is to our colleagues at Newcastle University and we are committed to providing a great range of benefits and discounts for all. You can learn more about what is available here on ourBenefitsWebsite page.

Requisition ID: 13202

Employer Achievements:

company award