Deputy Head of Information Security & DPO

Job description

Job responsibilities

Please refer to the job description and person specification attached to the advert for the full details of the vacancy.

In addition to the brief list above you must familiarise yourself with the full job description and person specification attached to this advert prior to applying.

Person Specification

Commitment to Trust Values and Behaviours

• Must be able to demonstrate behaviours consistent with the Trust's "We are here for you" behavioural standards

Training & Qualifications

• Educated to master degree level or equivalent experience
• Completed Data Protection Officer practitioner, or equivalent, training
• Evidence of and continuing professional development
• Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public acting organisation
• Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. (Specific expert Data Protection and / Freedom of Information legislation practitioner) (Specialist knowledge in relation to Data Protection and Security) (Data / Information Security / Cyber Security Qualification
• Expert knowledge of the Data Protection Act and Freedom of Information Legislation
• Must be willing to participate in any relevant training to develop skills required to carry out duties
• Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information)

• Data Security / Information Security Qualification
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Ethical Hacker (CEH)
• ISO27001 Lead Auditor Certification
• Formal management/leadership training/qualification
• Service Improvement training / qualification

Experience

• Significant operational management experience in leading a team in a highly demanding and complex organisation as a leader
• Extensive experience in a similar position or in a senior information governance role within the NHS
• Experience of the NHS Data Security & Protection Toolkit
• Comprehensive knowledge of information governance, data protection legislation / best practice
• Experience of leading the development and/or implementation of an information governance framework within a complex, multi-site organisation
• Strong track record of successful delivery of performance standards in a challenging environment
• Experience of working collaboratively with a range of professional groups to achieve improved outcomes
• Able to develop strategies to meet objectives and workload demand
• Extensive experience of managing and developing a team, including delegation and overseeing duties
• Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
• Considerable in depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc.
• Highly developed knowledge and understanding if Data / Cyber / Information Security requirements within an NHS environment
• Expert knowledge of Data Protection Act (DPA) 2018 (UK GDPR) /, Freedom of Information Act (FOIA) 2000, Access to Health Records Act (ATHR) 1990, Network & Information Systems (MIS) Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation
• Expert level of experience managing Data Protection enquiries and issues
• Knowledge of Data / Security / Cyber Security Frameworks
• Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC)
• Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above
• Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation
• Knowledge, experience and practical applications of Auditing techniques desktop and onsite where required in relation to post.

• Highly developed knowledge of working with patient based clinical information systems
• Specialist knowledge of NHS and statutory polices and regulations including UK GDPR, Data Protection Bill, Caldicott Principals
• Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies
• Knowledge of Acute Hospital Services and the way in which data is used Experience of working in a support role
• Experience of working in the National Health Service
• Experience of working in an Data Protection / Information Governance department
• Senior level role within an NHS service / department / division
• Experience of working with National organisations such as the Local Authorities, Department of Health (DoH)
• Experience Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC)
• Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001
• Experience of managing a demanding and expanding service creatively and efficient in an agile manner
• Awareness of corporate and records management requirements
• Reporting to the Information Commissioner's Office (ICO) / Ombudsman.

Communication and relationship skills

• Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels
• Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies.
• Effective interpersonal and communications skills with the ability to produce clear concise communications
• Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff
• Able to develop, establish and maintain positive relationships with others both internal and external to the organisation
• Ability to work with and influence senior colleagues including negotiation and persuasion skills
• Ability to foster and maintain positive working and service relationships
• Ability to compile and initiate audits and present findings
• Expert level of experience managing Data Protection enquiries and issues
• Experience of writing policies and procedures
• Excellent presentation and training skills
• Experience of delivering presentations to large and diverse groups

• Experience in collaboration to deliver objectives
• Self- motivated and able to encourage others at all levels including senior management

Analytical and Judgement skills

• Competent IT skills in order to collect and interpret data, present reports and compile simple presentations
• Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
• Ability to operate to a variety of levels within the organisation and also external agencies
• Flexible approach to meet the conflicting demands of the job
• Effective time management skills in order to meet deadlines
• Ability to communicate at all levels, both written and verbally, with internal and external customers
• Ability to prioritise own workload autonomously
• Accuracy and attention to detail
• Ability to maintain confidentiality
• Ability to demonstrate tact and diplomacy
• Ability to work under pressure and to tight deadlines with changing priorities
• Ability to conduct audits and exercise judgement
• Ability to use professional judgement and advise others on best practice, national guidelines and legislation
• Ability to recognise own and others development needs and find appropriate solutions
• Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs
• Values differences; regards people as individuals and appreciates the value of diversity in the workplace

Planning and organisation skills

• Leadership / Supervisory / Line Management skills
• Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
• Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example
• Ability to operate to a variety of levels within the organisation and also external agencies
• Self-motivated and ability to motivate others
• Ability to recognise own and others development needs and find appropriate solutions
• Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate
• Able to work under pressure, dealing with peaks and troughs in workload
• Positive attitude to dealing with change; flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches
• Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously
• Has a strong degree of personal integrity; able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable
• Ability to operate to a variety of levels within the organisation and also external agencies
• Able to work on own initiative and as part of a team
• Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately
• Excellent administration skills including the ability to take minutes
• Excellent planning and organisational skills

Physical skills

• Standard office environment requirements

Other requirements specific to the role

• Strong visible leadership and coaching style provided onsite and online
• Ability and willingness to adopt an agile approach to work
• Willingness and ability to travel between sites and to external meetings

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.

Employer details

Employer name

Nottingham University Hospitals NHS Trusts

Address

City & Queens Medical Centre Hospitals

Hucknall Road

Nottingham

NG5 1PB

https://www.nuh.nhs.uk/