Head of Information Governance and Data Protection

We are recruiting a Head of Information Governance and Data Protection to be part of the Independent Commission for Reconciliation and Information Recovery (ICRIR).

The Head of Information Governance and Data Protection is responsible for providing leadership, assurance and expert oversight across all aspects of the Commissions information governance and data protection framework. This role ensures the organisation meets its statutory, regulatory and ethical obligations under the UK GDPR and other Data Protection laws.

Key Responsibilities

• Development of the Information Management Strategy to ensure alignment of organisational & regulatory requirements.
• Informing and advising ICRIR senior management and staff about their obligations to comply with the UK GDPR and other Data Protection laws and Freedom of Information.
• Monitoring ICRIR’s compliance with UK GDPR, including leading the Data Protection Audit and maintaining a record of processing operations.
• Supporting development & maintenance of processes, systems and policies to enable ICRIR to effectively and appropriately share information with external bodies.
• Leading on the development and delivery of the data protection impact assessment process, including provision of support to business areas in drafting DPIA’s, consultation with ICO (when required), assessment of the outcome and conclusions and implementation of safeguards.
• Responsible for the management of the Subject Access Request process, Data complaints process and Data Breach Protocol and Freedom of Information requests.
• Serve as the primary point of contact between ICRIR and the Information Commissioners Office and act as a key point of contact for staff reporting data breaches.
• Conducting formal investigations into ICO Reportable data breaches Manage the Retention and Disposal Schedule and liaise with the relevant Authority.
• Provide input into the preparations for the Enhanced Inquisitorial Proceedings.
• Provide guidance on Artificial Intelligence & Data privacy.
• Leading the Data Protection team; to include setting objectives. performance monitoring and supporting the development of staff.
• Collaboration with IT and Security Team to ensure a holistic approach to data security in the organisation. Including introduction of new technologies to support information governance & robust data security.
• Development and delivery of organisation wide staff training in relation to GDPR & Information Management.
• Contribute to corporate governance, risk and assurance frameworks.

We welcome the unique contribution diverse applicants bring and do not discriminate based on culture, ethnicity, race, nationality or national origin, age, sex, gender identity or expression, religion or belief, disability status, sexual orientation, educational or social background or any other factor.

We are happy to discuss the role and answer any questions you may have. Please feel free to contact us for an informal conversation by emailing us at [email protected]  

Person Specification

Essential Criteria

• A current certified Practitioner e.g. a Data Protection/GDPR qualification e.g. Certified Information Privacy Professional/Europe or Certified Information Privacy Manager or equivalent.

  At least two years' demonstrable experience of the following:

• Successfully leading a data protection and information management service and the effective and efficient delivery of specific outcomes;
• Advising at a senior level* on information standards and Data Protection policies and procedures.

  *Senior level is defined as a Project Board, Director, Head of Business, NICS Grade 7 or company board member or equivalent.

• Expertise in national data protection law and practice, including in-depth understanding of the UK GDPR and Data Protection Act 2018.
• Experience supporting data protection compliance in organisations with large-scale or complex arrangements.
• The ability to assimilate and interpret information quickly; and explain complex legal, regulatory and policy requirements to colleagues and external stakeholders at all levels.
• Demonstrable evidence of having practised as a Data Protection Officer in a complex* environment.
• Create a positive, collaborative team culture that encourages learning, engagement, and continuous improvement.

*Complex is defined as working with a range of interest groups inside    and/or outside the organisation.

Desirable Criteria

• Leading and managing a team
• Managing staff to deliver high‑quality work, ensuring clear objectives and effective workload prioritisation.
• Lead on staff development through coaching, feedback, and identifying training needs to build team capability.

The Independent Commission for Reconciliation and Information Recovery is an independent organisation that has been established to recover information about Troubles-related deaths and serious injuries to families, victims, and survivors and to promote reconciliation. 

We are building the Commission and hiring more staff now that we have begun receiving cases.

We are building a values-led organisation. We operate with integrity, impartiality, openness, accountability, and respect, as set out in our Code of Conduct. This is reflected in our fair and open recruitment processes. We encourage people to join us across all backgrounds, communities and faiths to help us deliver. 

The Commission is primarily based in Belfast, with further operational sites in Northern Ireland and London. Travel to all locations will be required, but hybrid working arrangements will help us support a range of flexible working patterns. This is an exciting opportunity to join an organisation with a unique and vital remit. 

The Commission is formed of seven Commissioners, the Chief

Commissioner, Sir Declan Morgan, the Chief Executive Officer, Louise Warde Hunter and the Commissioner for Investigations, Peter Sheridan, as well as four Non-Executive Commissioners to provide challenge and scrutiny to the executive team. 

We are committed to creating a diverse and inclusive workplace. We welcome applications from all communities and backgrounds, including underrepresented groups. We value diversity in our workforce as it enhances our ability to serve the communities of Northern Ireland and the United Kingdom.