Torchora
Back to Home

Key Responsibilities and Required Skills for Information Officer

💰 $ - $

Information ManagementRecords ManagementData GovernanceKnowledge ManagementCompliance

🎯 Role Definition

The Information Officer is a strategic and operational leader responsible for designing, implementing, and maintaining the organization's information governance and records management framework. This role ensures that digital and physical information assets are discoverable, secure, compliant with legal and regulatory obligations, and aligned with business objectives. The Information Officer partners with IT, legal, compliance, business units, and external stakeholders to drive data privacy, retention schedules, Freedom of Information (FOI) requests, and knowledge management initiatives that reduce risk and improve decision-making across the enterprise.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Records Coordinator / Records Clerk with demonstrated process knowledge and exposure to retention schedules
  • Knowledge Management Specialist or Analyst supporting content lifecycle and user adoption
  • Data/Information Analyst or Compliance Officer with experience in privacy and regulatory reporting

Advancement To:

  • Head of Information Management / Director of Records and Information
  • Data Governance Lead / Director of Data & Information Governance
  • Chief Information Governance Officer or senior compliance/privacy leadership roles

Lateral Moves:

  • Data Governance Manager
  • Information Security or Privacy Officer
  • Compliance Manager or Legal Operations Specialist

Core Responsibilities

Primary Functions

  • Develop, document, and maintain a comprehensive information governance program that includes policies, standards, retention schedules, metadata frameworks, and roles & responsibilities to ensure consistent information handling across the organization.
  • Lead the creation and enforcement of records management policies and retention schedules that meet legal, regulatory, and operational requirements, and maintain defensible records lifecycle practices for both physical and digital records.
  • Design and implement document and content management solutions (e.g., SharePoint, ECM systems) to centralize repositories, improve searchability, enable versioning, and enforce access controls aligned with business needs and security policies.
  • Serve as the subject matter expert for Freedom of Information (FOI), Subject Access Requests (SAR), eDiscovery, and other legal disclosure processes; coordinate timely and auditable responses with legal, IT, and business stakeholders.
  • Coordinate cross-functional efforts to classify information using taxonomy and metadata best practices, ensuring discoverability, provenance tracking, and consistent tagging for analytics and compliance.
  • Oversee information risk assessments and remediation plans, working with Information Security and Risk teams to address vulnerabilities, enforce encryption, access controls, and ensure secure disposal and destruction processes.
  • Establish metrics and KPIs (e.g., records disposition rates, FOI turnaround time, policy compliance scores) and produce regular reports and dashboards for senior leadership to demonstrate program performance and ROI.
  • Lead change management and user adoption programs for new information systems, including stakeholder engagement, training programs, FAQs, job aids, and helpdesk escalation paths to drive behavioral change and compliance.
  • Provide strategic input to digital transformation initiatives by evaluating content migration, archiving strategies, legacy system decommissioning, and continuous improvement of information architecture and system interoperability.
  • Manage and prioritize information management projects, including budgeting, vendor selection, contract negotiation, and vendor performance oversight for service providers (scanning vendors, archival services, ECM consultants).
  • Implement and maintain data protection and privacy controls in collaboration with Privacy and Legal teams to ensure compliance with GDPR, CCPA, HIPAA (where applicable), and other jurisdictional regulations, including privacy-by-design principles.
  • Coordinate records audits, internal reviews, and external inspections; prepare audit evidence, implement audit recommendations, and maintain documentation to demonstrate regulatory compliance and business continuity readiness.
  • Develop and deliver organization-wide training and awareness programs on records handling, privacy obligations, secure information sharing, retention and disposition, and acceptable use policies tailored to role-based needs.
  • Manage the lifecycle of sensitive content and custodian communications during legal holds and eDiscovery processes, ensuring chain-of-custody, defensible preservation, and timely release or redaction as required.
  • Serve as a liaison between business units and IT to translate business requirements into technical specifications for information systems, integrations, metadata schemas, and automation of classification and retention rules.
  • Maintain and evolve taxonomy, controlled vocabularies, and search optimization strategies to improve knowledge discovery, reduce duplication, and support content reuse across teams and knowledge bases.
  • Design and operate archival and records retrieval services, including digitization programs, indexing and retrieval protocols, and long-term preservation strategies for high-value historical and compliance records.
  • Lead investigations and remedial responses for information incidents (e.g., data leaks, unauthorized access), coordinate with security incident response teams, document lessons learned, and update policies to mitigate recurrence.
  • Consult on procurement and contract language related to information handling, data processing agreements, service level agreements (SLAs), and third-party compliance obligations, ensuring contracts reflect retention and security requirements.
  • Champion continuous improvement initiatives by benchmarking practices against standards (ISO 15489, ISO 27001), participating in industry forums, and incorporating emerging best practices such as information lifecycle automation and AI-assisted classification.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis.
  • Contribute to the organization's data strategy and roadmap.
  • Collaborate with business units to translate data needs into engineering requirements.
  • Participate in sprint planning and agile ceremonies within the data engineering team.

Required Skills & Competencies

Hard Skills (Technical)

  • Information Governance: Proven ability to design and operationalize governance frameworks, policies, and retention schedules that align with enterprise risk and compliance requirements.
  • Records Management Systems: Hands-on experience implementing and administering ECM/CMS platforms (SharePoint Online, Alfresco, OpenText, Documentum) including migrations and integration projects.
  • Legal & Regulatory Compliance: Knowledge of FOI/SAR processes, GDPR, CCPA, HIPAA (as applicable), and regulatory retention obligations with demonstrated track record responding to legal holds and audits.
  • Metadata & Taxonomy Design: Experience creating and maintaining metadata schemas, controlled vocabularies, taxonomies, and search optimization to improve discoverability and analytics.
  • eDiscovery & Legal Support: Practical experience coordinating eDiscovery workflows, custodial collections, legal holds, and redaction tools to support litigation and regulatory inquiries.
  • Information Security Fundamentals: Familiarity with access control models, encryption, secure disposal methods, and collaboration with InfoSec to mitigate information risk.
  • Records Lifecycle & Archiving: Expertise in records classification, digitization programs, archival standards, long-term preservation, and defensible disposal practices.
  • Data Privacy & Protection: Ability to implement privacy-by-design controls, perform DPIAs, and operationalize consent and data subject rights handling.
  • Vendor & Contract Management: Competence in procuring and managing third-party vendors, drafting data processing agreements, and enforcing SLAs related to information services.
  • Reporting & Analytics: Ability to define KPIs, build dashboards, and present measurable outcomes using reporting tools (Power BI, Tableau, or similar) to demonstrate program value.

Soft Skills

  • Strategic Thinking: Ability to translate high-level business goals into a pragmatic information management roadmap and measurable outcomes.
  • Stakeholder Engagement: Strong interpersonal skills to influence senior leaders, partner with IT, legal, compliance, and drive cross-functional initiatives.
  • Communication & Training: Clear presenter and facilitator who can create training materials, run workshops, and produce executive-level briefings on information risks and opportunities.
  • Project Management: Proven capacity to lead complex projects with competing priorities, timelines, and budget constraints using Agile or Waterfall approaches.
  • Attention to Detail: Meticulous orientation for policy drafting, retention schedule accuracy, and audit evidence preparation.
  • Change Management: Skilled at building adoption strategies, managing resistance, and embedding new processes into business-as-usual operations.
  • Analytical & Problem-Solving: Able to analyze workflows, identify root causes of information risks, and design pragmatic, compliant solutions.
  • Confidentiality & Ethics: Demonstrates a high degree of integrity and discretion when handling sensitive or confidential information.
  • Cross-Cultural Collaboration: Comfortable working within diverse, distributed teams and tailoring approaches by region or legal jurisdiction.
  • Time & Prioritization: Strong prioritization skills to manage urgent compliance tasks (e.g., FOI deadlines) alongside long-term programs.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in Information Science, Library Science, Records Management, Information Systems, Public Administration, Law, or related field.

Preferred Education:

  • Master's degree in Library & Information Science (MLIS), Records and Information Management, Information Governance, or an MBA with concentration in information systems or compliance.

Relevant Fields of Study:

  • Library & Information Science
  • Records and Information Management
  • Information Systems / Computer Science
  • Data Governance / Data Management
  • Law, Public Policy, or Compliance

Experience Requirements

Typical Experience Range: 3 - 8 years in records management, information governance, knowledge management, compliance, or related roles.

Preferred:

  • 5+ years of progressive experience leading information governance or records programs in medium-to-large organizations or regulated industries.
  • Experience delivering cross-functional programs, system implementations (ECM, DM), and managing FOI/eDiscovery workflows.
  • Professional certifications such as Certified Records Manager (CRM), IGP (Information Governance Professional), CIPP (Certified Information Privacy Professional), or relevant ISO/industry certifications are highly desirable.
Explore More Careers