Data Protection & Security Manager
- NHS
- Full Time
- Nottingham
- 46148.00 - 52809.00 a year
Job Description
Job summary
Are you looking to make a difference and use your leadership and coaching skills? Then we want to hear from you as we have an excellent opportunity for you. We need experts in Data Protection and Security to help the Trust deliver an excellent Data Protection Office service.
You probably know the NHS is one of the largest employers in the UK and EU and it needs you. In return this role can offer you a fantastic opportunity for you to learn, grow and develop whilst being supported by experienced leaders within this field.
We've recently undertaken a full workforce change across the Data Protection Office service and are seeking strong, visible and competent leaders who can use their knowledge, skills and abilities to coach a team of staff to learn, develop and grow to achieve shared service wide objectives.
In addition to the brief list below you must familiarise yourself with the full job description and person specification attached to this advert prior to applying.
The post holder will be an experienced leader and specialist in relation to data protection, security, confidentiality, line management, service delivery and records managements. Responsible for the day to day management of the Data Protection Office / service.
Main duties of the job
Lead and promote data protection and security awareness and provide advice and guidance to the Trust, Employee's and Management in relation to the organisation achieving compliance with Data Protection Legislation. Provide Information Governance support in relation to commercial, informatics, and research projects.
Provide first line support for all data protection and security enquiries. Including commercial, data analytics and research to the Trust. Such as contracts and procurement process and due diligence, ISA, DPA, DPIAs and DTAC.
Work with managers, Heads of Service and Directors of operations to identify any new working practices required and to support the change programme to implement these utilising a Privacy by Design process.
Ensure Continuous Professional Development (CPD) of self and supervisee's.
Provide expert advice to the Trust in relation to relevant Information Security / Cyber Security frameworks such as ISO27001 compliance but not limited too. Keeping themselves up to date with relevant frameworks.
The post requires a mix of on-site and home working to suit the needs of our service. Typically, one or two days a week depending on the service needs. The service has an agile working approach and planned meeting schedules so the entire service can plan accordingly their home and work life balance accordingly.
About us
With over 20,000 staff, we are one of the biggest employers in the city with a central role in supporting the health and wellbeing of our local population. We play a leading role in research, education and innovation.
Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at NUH we will endeavour to turn your job into a career!
We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH.
Job responsibilities
Please refer to the job description and person specification attached to the advert for the full details of the vacancy.
Person Specification
Commitment to Trust Values and Behaviours
Essential
- Must be able to demonstrate behaviours consistent with the Trust's behavioural standards
Training & Qualifications
Essential
- Significant post graduate level education in relevant field or able to demonstrate considerable experience and competencies within Data Protection & Security
- Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public facing organisation
- Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. - Specific expert Data Protection and / Freedom of Information legislation practitioner - Specialist knowledge in relation to Data Protection and Security - Data / Information Security / Cyber Security Qualification
- Experience of Microsoft packages including Word, Excel, PowerPoint, Outlook.
- An understanding of the Data Protection Act / UK GDPR, Freedom of Information and Access to Health Records Legislation
- Must be willing to participate in any relevant training to develop skills required to carry out duties
- Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information)
Desirable
- Educated to a master level with a degree or equivalent experience and competencies or extensive relevant senior experience
- Data Protection Act Practitioner Certification / Qualification
- Data Security / Information Security Qualification
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Ethical Hacker (CEH)
- ISO27001 Lead Auditor Certification
Experience
Essential
- Experience of staff management including PDP, recruitment, disciplinary and capability etc.
- Supervisory / Line Management skills
- Considerable in-depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc.
- Highly developed knowledge and understanding of Data / Cyber / Information Security requirements within an NHS environment
- Expert knowledge of Data Protection Act 2018 / relevant legislation, Freedom of Information Act 2000, Access to Health Records Act 1990, Network & Information Systems Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation
- Knowledge of Data Protection & Security / Cyber Security Frameworks
- Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC)
- Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above
- Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation
- Knowledge, experience and practical applications of auditing techniques desktop and onsite where required in relation to post
- Experience of delivering presentations to large and diverse groups
- Ability to work with and influence senior colleagues including negotiation and persuasion skills
- Ability to recognise own and others development needs and find appropriate solutions
- Self-motivated and ability to motivate others.
- Ability to foster and maintain positive working and service relationships
- Experience of writing policies and procedures
- Expert level of experience managing Data Protection enquiries and issues
Desirable
- Highly developed knowledge of working with patient based clinical information systems
- Specialist knowledge of NHS and statutory polices and regulations including, Data Protection Act (UK GDPR), Caldicott Principals
- Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies
- Knowledge of Acute Hospital Services and the way in which data is used
- Experience of working in a support role
- Experience of working in the National Health Service
- Experience of working in an Data Protection / Information Governance department.
- Senior level role within an NHS service / department / division
- Experience of working with National organisations such as the Local Authorities, Department of Health (DoH), Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC).
- Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001
- Experience of managing a demanding and expanding service creatively and efficiently in an agile manner.
- Awareness of corporate and records management requirements
- Reporting to the Information Commissioner's Office (ICO) / Ombudsman
Communication and Relationship skills
Essential
- Excellent verbal and written communication skills and the ability to communicate specialist / ...
