Reed in Partnership’s mission is to positively transform people and their communities.
We support individuals, their families and the places they live to prosper - often under challenging circumstances.
With our help, people start working, improve their health, develop their skills and fulfil their potential.
Hundreds of thousands of people across the UK have benefited from accessing a Reed in Partnership service and using it to change their lives for the better.
The role is responsible for overseeing Reed in Partnerships (RinP) information security requirements in conjunction with the wider group IT department, and data management governance standards. The role forms part of the wider risk management team.
The role would suit a technical project management type of approach so that tasks can be led and organised appropriately while working with other departments and functions. The role holder will be taking responsibility for RinPs information security requirements, owning this element, and ensuring all standards are met. The role holder will work closely with group IT to enable this but will be the subject matter expert for RinP. They will ensure work is completed, that deadlines are met and that where needed other departments and functions are engaged with to enable this to happen.
Gravitas in terms of working with senior personnel would be useful, building effective relationships with clear lines of responsibility being established and an organised task led approach embedded.
The role requires working closely with Reed’s IT Department for information security requirements, establishing objectives and responsibilities that ensure tasks are defined, allocated and delivered on time and to standard.
Working with RinPs commissioners and being solely responsible for all interactions with them and for completing any information security returns, along with leading and organising this area of responsibility is also a key component element.
Being responsible for reviewing due diligence for RinPs supply chain and ensuring they meet the required standards across various contracts is also a key task.
Other duties will include ensuring compliance to General Data Protection Regulations (GDPR) and all legislative requirements (in conjunction with the DPO and the Associate Director of Risk Management), ensuring the business has effective information security and data security policies and procedures in place and leading on the BAU activity this involves (for example DSAR requests). This will involve managing and organising the business needs and requirements for each of these across all contracts and business areas.
In line with this, a core responsibility will be to ensure all associated polices and processes are in place and maintained. This will involve a matrix approach, working at times with other departments (such as IT and HR) where this is a crossover of responsibilities and at other times taking sole responsibility for writing or maintaining policies and leading activity in these areas.
Ownership, leadership and organisation are key attributes needed in order to be successful in this area.
This is not intended to be an exhaustive list and as such you will be expected to carry out any other duties that may be specified by your Line Manager from time to time. This job description is non-contractual.
- Operations / Business Development
- Compliance & Audit
- Learning & Development
Maintain and have oversight of RinP information security, policies, and processes
- Such as DSAR, Data Breach, Retention & Archiving procedures
- Review and work with group IT to ensure RinPs Security Plan and information security policies are accurate, maintained and meet the required standards, taking ownership if appropriate to update these as advised
- Work with the Compliance Team to achieve elements of this where appropriate
Manage commissioner communications and returns relating to information security and data governance
- For new contract and new business bids and tenders
- For ongoing returns as and when required (such as annual returns, contract close returns, any internal business changes and ad hoc)
- Specific contractual required returns (such as the NHS IT Toolkit return)
- Liaising with other departments where required to achieve this (such as Group IT and Head of Systems)
Production of Bid and implementation requirements relating to Information Security and Data Governance
- Completing supporting information for information security and / or data security bid requirements
- Completing Data Protection Impact Assessments
- Updating records of processing
- Completing privacy notices
- Designing new or updating existing policies so that all GDPR and data governance requirements are captured
- Liaising with key stakeholder (such as group IT and Legal) when required to achieve all the above
Manage data governance requirement of the business ongoing
- Managing the Data Subject Access Request (DSAR) process
- Leading the data breach process
- Point of Contact for queries and questions within subject matter area
Skills & experience
- Project management experience, working with multiple departments to deliver tasks and documentation
- Knowledge of IT systems, processes, and information security practices
- Exposure to and understanding of Privacy, Data Protection, GDPR and Information Security requirements and standards
- Experience of and working knowledge of GDPR
- Experience of working with other stakeholders and other subject matter experts in a collaborative way
- Experience of working within a monitoring, continuous improvement, internal audit, contract management, compliance or comparable function.
- Experience of providing a high-quality advisory and guidance service to internal customers
- Highly professional, with the ability to handle confidential information, remain impartial and report all non-compliances
- Solid experience in drafting documents and policies
- Exceptional organisational skills with attention to detail
- Demonstrable experience of management of multiple (in tandem) projects.
- Ability to work autonomously
- Intermediate to advanced knowledge of excel; and intermediate knowledge of other Office packages
- Ability to quickly understand contractual requirements and support a control framework
- An ability to gather, analyse and evaluate facts and to prepare and present concise verbal and written reports.
- Experience of working in a collaborative manner with operational teams, whilst maintaining independence, integrity and confidentiality.
- Exemplary written and verbal communication skills.
- Ability to communicate effectively at all levels of the organisation, including the production and delivery of high-quality presentation to internal and external customers
- Demonstrable experience of assisting in the production of reporting and information to strict reporting deadlines.
- Exemplary organisational and time management skills, including the ability to work to deadlines
- Demonstrates a high level of business and commercial awareness
- A proactive and flexible, ‘can do’ attitude
- Willingness to work away from home base, as required (this will mean staying overnight)
- Exposure and understanding of contractual requirements of at least Department for Work and Pensions or Education and Skills Funding Agency provision e.g. evidence performance, validation requirements etc.
- Experience of IT systems design and implementation
- Exposure to compliance, audit, or quality functions with high profile Government contracts.
Proud member of the Disability Confident employer scheme
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident