Role Profile
Job Description
Job Title
Senior Information Governance and Risk Advisor
Directorate or Region
South Asia
Department /
Country
India
Pay Band
Band 8 /E
Delhi
Location of post
Member of Regional
Management Team
Duration of job
Reports to
indefinite
Purpose of Job:
Support the British Council’s reputation by providing professional consultancy and
business assurance in the field of information management, particularly:




Information Governance (including Data Protection, Intellectual Property)
Information Security (including IT Security)
Information Risk Management
Records Management
Context and Environment:
Reports into the Regional Leadership Team and receives direct line management from a
member of that team, this role also has a dotted reporting line into the Information
Governance and Risk Management Team based within the British Council’s Global
Information Services Department.
With functional leadership and direction provided by the Information Governance and Risk
Management (IGRM) Team, the Senior Information Governance and Risk Advisor will
support the Regional Director and Country Directors in their roles as Information Asset
Owners, providing regional oversight of information risks that apply to those assets and
advising on strategies to effectively manage those risks.
Assists the Regional Leadership Team in the production and implementation of regional
Information Governance and Risk operating plans in response to the priorities in the
region.
Acts as regional consultant on all matters relating to Information Governance, Information
Risk Management, Information Security and Records Management. Ensuring that
regional activities and projects are aware of and meet British Council Global policies,
Minimum Standards, procedures, UK and local legislation relating to the field of
information management to enable the appropriate, secure and effective management of
information and records.
1 of 5
IGRM Management Team January 2015
Main Duties and Responsibilities:
Information Governance: Provide consultancy advice to enable compliance with the
British Council’s Information Security and Privacy Global Policy Statement and related
Minimum Standards.
Utilising IGRM tools and frameworks to deliver information governance in
countries/regions, in consultation with IGRM adapting these to suit local requirements
whilst maintaining Minimum Standards.
Support in the implementation of information and records management initiatives from the
IGRM Team, Global Information Services and the Intellectual Property Manager. Provide
regional input/feedback on such initiatives to enable continuous improvement.
Contribute to regional/country projects and operations to help ensure that personal data
and other sensitive information and important records are managed effectively in line with
Minimum Standards and aim to increase the use of British Council information Assets for
appropriate business purposes.
Oversee the maintenance of the knowledge base for Information Governance related laws
for countries within the region.
Information Security: In addition to the Information Governance tasks above:
Help ensure that Information Security Incidents are reported in line with defined
requirements, promoting lines of reporting within region/country; escalate suspected or
actual failure to follow reporting requirements.
Information Risk Management: Work alongside local resources assist Information Asset
Owners in the preparation and submission of their information governance and risk
management reporting requirements.
Regional support and co-ordination of the annual Country Information Assurance Maturity
Assessments for countries within region. Identify areas of non-compliance and ways to
improve country performance against the requirements of the Maturity Model.
Contribute to third party assurance activities under direction and with assistance from the
IGRM Team.
Country Information Assurance Maturity Model Assessments and Internal Audit
support
Co-ordinate Country Information Assurance Maturity Model Assessment Returns, providing
a quality assurance function in relation to the Assessment returns provided to the IGRM
Team. Identify areas of non-compliance and ways to improve country performance against
the requirements of the Maturity Model.
Assist country preparations for internal audits and other assurance reviews, supporting the
delivery of action plans to address Information Management recommendations from these
audits.
2 of 5
IGRM Management Team January 2015
Records Management: Provide consultancy advice to enable compliance with the British
Council’s Records Management Global Policy Statement and related Minimum Standards,
including supporting the implementation of record appraisal, retention and disposal in the
region.
Business Continuity and Disaster Recovery: Provide consultancy on information
related matters that impact on Business Continuity and Disaster recovery plans. Assist
regional and country staff in the development of such plans to enable the continued
availability of information, protection of sensitive information and the effective management
of vital records.
Training education and awareness: Using materials developed by the IGRM team and
Intellectual Property Manager maintain, improve and disseminate knowledge of Information
Governance and Risk Management throughout the region including briefing Regional
Management Teams, Country Directors and other key staff on Information Asset Owner
responsibilities.
Work with local IT staff to improve their understanding of Information Security, Information
Governance and Records Management Minimum Standards and requirements.
Help identify information governance and risk management training needs requirements
and feedback to Information Asset Owners/IGRM as necessary.
Professional development and participation: Keep updated professionally in the
Information Governance specialism and related areas (including country specific
legislation, best practice, advisories and case law); take an active role in IGRA networking
events and forums, providing peer support and review for other Regional Information
Governance and Risk Colleagues, maintaining links to the IGRM Team.
Key Relationships:
Internal: Regional Director, Country Directors, members of Regional and Country Senior
Leadership Teams, IGRM Team and IGRA Network Managers, Head of Records &
Archives, Global Information Services Service Delivery Managers, Regional and SBU
Business Partners and other internal stakeholders.
External: Section Heads of like-minded organisations and other corporate stakeholders
and customers, Third Party Suppliers, Delivery Partners, Local Legal Advisors and
Country Data Protection/Information Security Regulatory Bodies.
Special Requirements:
Some unsocial hours, weekend work and travel may be required.
Please specify any passport and/or The candidate should have a legal right to work in
nationality requirement
India
Reference and Background Verification Checks as
per British Council India HR policy
3 of 5
IGRM Management Team January 2015
Person Specification
Behaviours, Skills Essential
and Knowledge
Assessment
stage
Behaviours
 Working together (more demanding): Ensuring
that others benefit as well as me.
 Creating Shared Purpose (most demanding):
Inspiring others to want to take a specific role as
part of a shared purpose.
 Making it happen (most demanding): Achieving
stretching results when faced by change,
uncertainty or major obstacles.
 Shaping the future (most demanding):
Changing the nature of what we do and the
benefits we gain by thinking and planning with
creativity.
 Connecting with others (more demanding):
Actively appreciating the needs and concerns of
myself and others.
 Being Accountable (more demanding): Putting
the needs of the team or BC ahead of my own
Interview on
first four only
Skills and
Knowledge
Communication and Influencing (Level 2):
Short listing
& Interview
Relates communications to circumstances
Displays good listening, writing and speaking skills,
setting out logical arguments clearly and adapting
language and form of communication to meet the
needs of different people/audiences.
Managing risk (level 3):
Develops the culture
Develops the culture, has track record of analysing
potential risks, promoting risk awareness, and
holding others to account for their practices.
Managing accounts and partnerships (Level 2):
Works with stakeholders and partners
Communicates regularly with diverse stakeholders,
customers and/or partners to build mutual understanding
and trust.
Experience
4 of 5
 Experience of records management, data
protection,
information/IT
Security,
or
risk/compliance work.
 Experience of creating effective networks of
IGRM Management Team January 2015
Short listing
& Interview
stakeholders with strong reputation and
credibility in the sector of IKM and
Communications.
 Experience of working with Data Protection laws
across this region or internationally.
Qualifications
 A qualification relating to an Information
Governance Area (for example: Certified
International Privacy Professional qualification
(CIPP), Records Management Post Graduate
qualification, IT Security qualification (e.g. ISEB
in Information Security Management Principles,
CISSP or CISM), information risk management
qualification (e.g. CRISC)) or equivalent
experience.
Short listing
The British Council is committed to a policy of equal opportunity and the
development of positive policies to promote equal opportunity in employment.
Submitted by
5 of 5
Head
of
Information
Governance & Privacy
IGRM Management Team January 2015
Date
5 February 2015