Head of Information Governance and Data Protection

We are recruiting a Head of Information Governance and Data Protection to be part of the Independent Commission for Reconciliation and Information Recovery (ICRIR).

The Head of Information Governance and Data Protection is responsible for providing leadership, assurance and expert oversight across all aspects of the Commissions information governance and data protection framework. This role ensures the organisation meets its statutory, regulatory and ethical obligations under the UK GDPR and other Data Protection laws.

Key Responsibilities Development of the Information Management Strategy to ensure alignment of organisational & regulatory requirements. Informing and advising ICRIR senior management and staff about their obligations to comply with the UK GDPR and other Data Protection laws and Freedom of Information. Monitoring ICRIR’s compliance with UK GDPR, including leading the Data Protection Audit and maintaining a record of processing operations. Supporting development & maintenance of processes, systems and policies to enable ICRIR to effectively and appropriately share information with external bodies. Leading on the development and delivery of the data protection impact assessment process, including provision of support to business areas in drafting DPIA’s, consultation with ICO (when required), assessment of the outcome and conclusions and implementation of safeguards. Responsible for the management of the Subject Access Request process, Data complaints process and Data Breach Protocol and Freedom of Information requests. Serve as the primary point of contact between ICRIR and the Information Commissioners Office and act as a key point of contact for staff reporting data breaches. Conducting formal investigations into ICO Reportable data breaches Manage the Retention and Disposal Schedule and liaise with the relevant Authority. Provide input into the preparations for the Enhanced Inquisitorial Proceedings. Provide guidance on Artificial Intelligence & Data privacy. Leading the Data Protection team; to include setting objectives. performance monitoring and supporting the development of staff. Collaboration with IT and Security Team to ensure a holistic approach to data security in the organisation. Including introduction of new technologies to support information governance & robust data security. Development and delivery of organisation wide staff training in relation to GDPR & Information Management. Contribute to corporate governance, risk and assurance frameworks.

Person Specification Essential Criteria Be a current certified Practitioner e.g. a Data Protection/GDPR qualification e.g. Certified Information Privacy Professional/Europe or Certified Information Privacy Manager or equivalent.

At least two years' demonstrable experience of the following:

Demonstrable evidence of having practised as a Data Protection Officer in a complex* environment. Successfully leading a data protection and information management service and the effective and efficient delivery of specific outcomes; Advising and reporting at a senior level** on information standards and Data Protection policies and procedures.

*Complex is defined as working with a range of interest groups inside and/or outside the organisation. **Senior level is defined as a Project Board, Director, Head of Business, NICS Grade 7 or company board member or equivalent.

Experience of managing a team to deliver high-quality work ensuring clear objectives and effective workload prioritisation. Experience of creating a positive, collaborative team culture that encourages learning, engagement, and continuous improvement. Experience of developing an effective information governance framework within a complex* environment. Expertise in national data protection law and practice, including in-depth understanding of the UK GDPR and Data Protection Act 2018. Experience supporting data protection compliance in organisations with large-scale or complex arrangements. The ability to assimilate and interpret information quickly; and explain complex legal, regulatory and policy requirements to colleagues and external stakeholders at all levels.

Location London or Belfast Our main operational base will be Belfast, with an operational site in London. Staff are split across both the London and Belfast Offices; therefore, regular travel will be required as will regular attendance in the office. You may also work from your home address, in line with the Commission’s approach on hybrid working and with the agreement of your line manager.

Security Level Willingness to be assessed against the requirements for DV clearance, if not already cleared.

Closing Date Monday 11th May 2026 11.59pm

We welcome the unique contribution diverse applicants bring and do not discriminate based on culture, ethnicity, race, nationality or national origin, age, sex, gender identity or expression, religion or belief, disability status, sexual orientation, educational or social background or any other factor.