Governance Assurance Manager

• Area of work: Corporate Services - Governance & Assurance
• Contract type: Permanent
• Employment type: Full-time (35 hours per week)
• Salary: From £55,000 (depending on experience)
• Location: London (Hybrid)
• Annual leave: 25 days plus bank holidays
• Other benefits include: Pension scheme, employee assistance programme, flexible working, learning and development opportunities
• Closing date: Tuesday 17th February 2026
  
  Overview
  This is an excellent opportunity for an experienced Information Governance and Data Protection professional to take on a pivotal role within a respected UK organisation. As the organisation's Governance Assurance Manager, you will serve as the strategic lead for information governance, data protection, information security, and statutory compliance.
  
  The role includes acting as the organisation's independent Data Protection Officer (DPO), reporting directly to senior leadership and providing expert guidance on GDPR compliance, data protection risks, FOI obligations, and information governance best practice.
  
  Working as part of the Governance & Assurance function, you will play a central role in maintaining high standards of accountability, transparency, and information security. You'll collaborate with teams across the organisation, including IT, senior leadership, internal audit, and regulatory partners, to ensure compliance frameworks are robust, effective, and well-understood by staff.
  This is a great opportunity for someone who brings hands-on GDPR expertise, strong FOI/SAR experience, and confidence advising at senior level
  
  Key Responsibilities
• Lead the organisation's Information Governance (IG) strategy, ensuring adherence to legislative, Regulatory, and policy requirements.
• Provide authoritative advice to Senior leaders on GDPR, FOI, records management, and IG-related compliance matters.
• Develop, maintain, and oversee IG, data protection, information security, FOI, and records management policies.
• Act as the organisation's Data Protection Officer, including monitoring GDPR compliance, advising on DPIAs, and serving as point of contact for the ICO and data subjects.
• Manage FOI and Subject Access Request (SAR) processes, ensuring timely and compliant responses.
• Oversee the publication scheme, retention schedules, and governance documentation.
• Investigate information security or data protection incidents and lead improvement activity following breaches.
• Work closely with IT to ensure technical information security controls align with policy and regulatory requirements.
• Deliver organisation-wide IG/IS training, including both general awareness and specialist sessions.
• Conduct internal audits, monitor compliance activity, and support statutory reporting to the ICO.
• Collaborate with external and internal stakeholders including internal audit, senior leadership committees, and partner regulators.
• Lead on information-sharing agreements and memorandums of understanding.

Skills & Experience Required

Essential

• Recognised data protection qualification (e.g., CIPP/E, CIPM, BCS DPO Certification).
• Expert knowledge of GDPR, information governance, and data protection legislation.
• Demonstrable experience managing FOI and Subject Access Requests (SARs).
• Significant experience advising senior leaders and committees on IG/DPA matters.
• Strong knowledge of records management principles, retention schedules, and compliance frameworks.
• Experience designing and delivering IG/IS training to diverse audiences.
• Excellent written and verbal communication skills, including report writing for senior stakeholders.
• Ability to interpret complex regulatory requirements and assess organisational impact.

Desirable

• Experience in a regulatory, health, or professional services environment.
• Understanding of the pharmacy or wider healthcare sector.

Who This Role Would Suit

• Someone with strong hands-on GDPR and FOI experience who enjoys applying practical compliance expertise.
• A confident communicator who can operate independently as an organisational DPO and provide authoritative advice at senior levels.
• A proactive professional with excellent attention to detail and a commitment to strengthening governance, information security, and assurance processes.
• An individual who thrives in a role with both strategic responsibility and operational delivery.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk