Deputy Head of Information Security & DPO
Posted a month ago
- Nottingham, Nottinghamshire
- Any
- External
- Expires In 2 months
This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
Detailed job description and main responsibilities
Please refer to the job description and person specification attached to the advert for the full details of the vacancy.
In addition to the brief list above you must familiarise yourself with the full job description and person specification attached to this advert prior to applying.
Person specification
Commitment to Trust Values and Behaviours
Essential criteria
Must be able to demonstrate behaviours consistent with the Trust's "We are here for you" behavioural standards
Training & Qualifications
Essential criteria
Educated to master degree level or equivalent experience
Completed Data Protection Officer practitioner, or equivalent, training
Evidence of and continuing professional development
Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public acting organisation
Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. (Specific expert Data Protection and / Freedom of Information legislation practitioner) (Specialist knowledge in relation to Data Protection and Security) (Data / Information Security / Cyber Security Qualification
Expert knowledge of the Data Protection Act and Freedom of Information Legislation
Must be willing to participate in any relevant training to develop skills required to carry out duties
Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information)
Desirable criteria
Data Security / Information Security Qualification
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Certified Ethical Hacker (CEH)
ISO27001 Lead Auditor Certification
Formal management/leadership training/qualification
Service Improvement training / qualification
Experience
Essential criteria
Significant operational management experience in leading a team in a highly demanding and complex organisation as a leader
Extensive experience in a similar position or in a senior information governance role within the NHS
Experience of the NHS Data Security & Protection Toolkit
Comprehensive knowledge of information governance, data protection legislation / best practice
Experience of leading the development and/or implementation of an information governance framework within a complex, multi-site organisation
Strong track record of successful delivery of performance standards in a challenging environment
Experience of working collaboratively with a range of professional groups to achieve improved outcomes
Able to develop strategies to meet objectives and workload demand
Extensive experience of managing and developing a team, including delegation and overseeing duties
Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
Considerable in depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc.
Highly developed knowledge and understanding if Data / Cyber / Information Security requirements within an NHS environment
Expert knowledge of Data Protection Act (DPA) 2018 (UK GDPR) /, Freedom of Information Act (FOIA) 2000, Access to Health Records Act (ATHR) 1990, Network & Information Systems (MIS) Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation
Expert level of experience managing Data Protection enquiries and issues
Knowledge of Data / Security / Cyber Security Frameworks
Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC)
Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above
Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation
Knowledge, experience and practical applications of Auditing techniques desktop and onsite where required in relation to post.
Desirable criteria
Highly developed knowledge of working with patient based clinical information systems
Specialist knowledge of NHS and statutory polices and regulations including UK GDPR, Data Protection Bill, Caldicott Principals
Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies
Knowledge of Acute Hospital Services and the way in which data is used Experience of working in a support role
Experience of working in the National Health Service
Experience of working in an Data Protection / Information Governance department
Senior level role within an NHS service / department / division
Experience of working with National organisations such as the Local Authorities, Department of Health (DoH)
Experience Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC)
Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001
Experience of managing a demanding and expanding service creatively and efficient in an agile manner
Awareness of corporate and records management requirements
Reporting to the Information Commissioner's Office (ICO) / Ombudsman.
Communication and relationship skills
Essential criteria
Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels
Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies.
Effective interpersonal and communications skills with the ability to produce clear concise communications
Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff
Able to develop, establish and maintain positive relationships with others both internal and external to the organisation
Ability to work with and influence senior colleagues including negotiation and persuasion skills
Ability to foster and maintain positive working and service relationships
Ability to compile and initiate audits and present findings
Expert level of experience managing Data Protection enquiries and issues
Experience of writing policies and procedures
Excellent presentation and training skills
Experience of delivering presentations to large and diverse groups
Desirable criteria
Experience in collaboration to deliver objectives
Self- motivated and able to encourage others at all levels including senior management
Analytical and Judgement skills
Essential criteria
Competent IT skills in order to collect and interpret data, present reports and compile simple presentations
Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
Ability to operate to a variety of levels within the organisation and also external agencies
Flexible approach to meet the conflicting demands of the job
Effective time management skills in order to meet deadlines
Ability to communicate at all levels, both written and verbally, with internal and external customers
Ability to prioritise own workload autonomously
Accuracy and attention to detail
Ability to maintain confidentiality
Ability to demonstrate tact and diplomacy
Ability to work under pressure and to tight deadlines with changing priorities
Ability to conduct audits and exercise judgement
Ability to use professional judgement and advise others on best practice, national guidelines and legislation
Ability to recognise own and others development needs and find appropriate solutions
Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs
Values differences; regards people as individuals and appreciates the value of diversity in the workplace
Planning and organisation skills
Essential criteria
Leadership / Supervisory / Line Management skills
Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example
Ability to operate to a variety of levels within the organisation and also external agencies
Self-motivated and ability to motivate others
Ability to recognise own and others development needs and find appropriate solutions
Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate
Able to work under pressure, dealing with peaks and troughs in workload
Positive attitude to dealing with change; flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches
Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously
Has a strong degree of personal integrity; able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable
Ability to operate to a variety of levels within the organisation and also external agencies
Able to work on own initiative and as part of a team
Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately
Excellent administration skills including the ability to take minutes
Excellent planning and organisational skills
Physical skills
Essential criteria
Standard office environment requirements
Other requirements specific to the role
Essential criteria
Strong visible leadership and coaching style provided onsite and online
Ability and willingness to adopt an agile approach to work
Willingness and ability to travel between sites and to external meetings
Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at the NUH we will endeavour to turn your job into a career!
We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH.
Closing Dates: Please submit your application form as soon as possible to avoid disappointment; we reserve the right to close vacancies prior to the published closing date if we receive a sufficient number of completed application forms.
Communication: All communication related to your application will be via the email address you have provided. Please ensure you check your email account including your junk email regularly.
Easy read application: if you have a disability and find it difficult to complete our online application form, you can apply via our easy read application which you can find on the intranet
NUH are now able to offer application completion support and interview preparation support. Please follow the link to book onto our sessions: Support for NUH Job Applications
If you are aged 16 or 17 and applying for a role that is more than 20 hours a week, please be aware that you will be asked to commence an Apprenticeship within the Trust alongside your role, as long as there is a suitable apprenticeship standard available. This is in line with the current guidance in England that whilst young people under the age of 18 can leave school (on the last Friday in June) they must then do one of the following:
Stay in full-time education, for example at a college
Start an Apprenticeship
Spend 20 hours of more a week working or volunteering, while in part-time education or training
For more details visit; School leaving age - GOV.UK (www.gov.uk)
Salary: The quoted salary will be on a pro rata basis for part time workers.
Disability Confidence: All applicants who have declared a disability and who meet the essential criteria for the post will be shortlisted.
At Risk of redundancy: NHS employees within the East Midlands who are 'at risk' of redundancy will be given a preferential interview where they meet the essential criteria of the person specification.
International Recruitment: If you are applying for a role with us from outside of the UK then please read the guidance on applying for a health or social care job in the UK from abroad.
ID and Right to work checks: NUH authenticate ID and right to work documentation including passports and driving licenses through a system called Trust ID. NUH will scan your ID and right to work documentation in to the Trust ID system at your face to face ID appointment. The system will run a check against the key security features within your documentation. The system will provide us with an outcome of your check which will be stored securely on your personal file along with all other pre-employment check documentation.
Consent:
Transfer of information: If I have previous NHS service - I consent to the transfer of my Electronic Staff Record (ESR) data between this and other NHS Trusts. I also consent to the Occupational Health Department confidentially accessing my occupational health records from my current or previous employer in order to check the status of my vaccinations, immunisations s and screening tests as relevant to the post. I understand this is an automated process and the information will only be used for these purposes prior to me taking up the position at NUH.
Disclosure and Barring Service: Your post maybe subject to a DBS check which incur a cost dependent on the level of check required (£42.90 for enhanced and £22.90 for standard). I agree to reimburse Nottingham University Hospitals NHS Trust the cost of a Disclosure and Barring Service (DBS) check if it is required (by deduction from first month's pay). Should I decide to withdraw from my job offer, I agree to reimburse Nottingham University Hospitals NHS Trust the cost of the DBS check undertaken by cheque or other agreed method.
For more information about our organisation and the career opportunities available, please visit our website and/or follow us on Instagram, Twitter and Facebook
Employer certification / accreditation badges
Applicant requirements
The postholder will have access to vulnerable people in the course of their normal duties and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.
Documents to download
Deputy Head of Information Security & Data Protection Officer (PDF, 792.3KB)
Deputy Head of Information Security Person Spec (PDF, 384.6KB)
Structure - Data Protection Office (PDF, 70.5KB)
Mindful Employer (PDF, 242.5KB)
Equality and Diversity (PDF, 122.3KB)
Equal Opportunities (PDF, 57.4KB)
Disability Confidence Scheme (PDF, 51.0KB)
Rehabilitation of Ex Offenders (PDF, 106.0KB)
#J-18808-Ljbffr
Detailed job description and main responsibilities
Please refer to the job description and person specification attached to the advert for the full details of the vacancy.
In addition to the brief list above you must familiarise yourself with the full job description and person specification attached to this advert prior to applying.
Person specification
Commitment to Trust Values and Behaviours
Essential criteria
Must be able to demonstrate behaviours consistent with the Trust's "We are here for you" behavioural standards
Training & Qualifications
Essential criteria
Educated to master degree level or equivalent experience
Completed Data Protection Officer practitioner, or equivalent, training
Evidence of and continuing professional development
Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public acting organisation
Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. (Specific expert Data Protection and / Freedom of Information legislation practitioner) (Specialist knowledge in relation to Data Protection and Security) (Data / Information Security / Cyber Security Qualification
Expert knowledge of the Data Protection Act and Freedom of Information Legislation
Must be willing to participate in any relevant training to develop skills required to carry out duties
Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information)
Desirable criteria
Data Security / Information Security Qualification
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Certified Ethical Hacker (CEH)
ISO27001 Lead Auditor Certification
Formal management/leadership training/qualification
Service Improvement training / qualification
Experience
Essential criteria
Significant operational management experience in leading a team in a highly demanding and complex organisation as a leader
Extensive experience in a similar position or in a senior information governance role within the NHS
Experience of the NHS Data Security & Protection Toolkit
Comprehensive knowledge of information governance, data protection legislation / best practice
Experience of leading the development and/or implementation of an information governance framework within a complex, multi-site organisation
Strong track record of successful delivery of performance standards in a challenging environment
Experience of working collaboratively with a range of professional groups to achieve improved outcomes
Able to develop strategies to meet objectives and workload demand
Extensive experience of managing and developing a team, including delegation and overseeing duties
Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
Considerable in depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc.
Highly developed knowledge and understanding if Data / Cyber / Information Security requirements within an NHS environment
Expert knowledge of Data Protection Act (DPA) 2018 (UK GDPR) /, Freedom of Information Act (FOIA) 2000, Access to Health Records Act (ATHR) 1990, Network & Information Systems (MIS) Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation
Expert level of experience managing Data Protection enquiries and issues
Knowledge of Data / Security / Cyber Security Frameworks
Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC)
Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above
Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation
Knowledge, experience and practical applications of Auditing techniques desktop and onsite where required in relation to post.
Desirable criteria
Highly developed knowledge of working with patient based clinical information systems
Specialist knowledge of NHS and statutory polices and regulations including UK GDPR, Data Protection Bill, Caldicott Principals
Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies
Knowledge of Acute Hospital Services and the way in which data is used Experience of working in a support role
Experience of working in the National Health Service
Experience of working in an Data Protection / Information Governance department
Senior level role within an NHS service / department / division
Experience of working with National organisations such as the Local Authorities, Department of Health (DoH)
Experience Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC)
Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001
Experience of managing a demanding and expanding service creatively and efficient in an agile manner
Awareness of corporate and records management requirements
Reporting to the Information Commissioner's Office (ICO) / Ombudsman.
Communication and relationship skills
Essential criteria
Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels
Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies.
Effective interpersonal and communications skills with the ability to produce clear concise communications
Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff
Able to develop, establish and maintain positive relationships with others both internal and external to the organisation
Ability to work with and influence senior colleagues including negotiation and persuasion skills
Ability to foster and maintain positive working and service relationships
Ability to compile and initiate audits and present findings
Expert level of experience managing Data Protection enquiries and issues
Experience of writing policies and procedures
Excellent presentation and training skills
Experience of delivering presentations to large and diverse groups
Desirable criteria
Experience in collaboration to deliver objectives
Self- motivated and able to encourage others at all levels including senior management
Analytical and Judgement skills
Essential criteria
Competent IT skills in order to collect and interpret data, present reports and compile simple presentations
Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
Ability to operate to a variety of levels within the organisation and also external agencies
Flexible approach to meet the conflicting demands of the job
Effective time management skills in order to meet deadlines
Ability to communicate at all levels, both written and verbally, with internal and external customers
Ability to prioritise own workload autonomously
Accuracy and attention to detail
Ability to maintain confidentiality
Ability to demonstrate tact and diplomacy
Ability to work under pressure and to tight deadlines with changing priorities
Ability to conduct audits and exercise judgement
Ability to use professional judgement and advise others on best practice, national guidelines and legislation
Ability to recognise own and others development needs and find appropriate solutions
Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs
Values differences; regards people as individuals and appreciates the value of diversity in the workplace
Planning and organisation skills
Essential criteria
Leadership / Supervisory / Line Management skills
Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example
Ability to operate to a variety of levels within the organisation and also external agencies
Self-motivated and ability to motivate others
Ability to recognise own and others development needs and find appropriate solutions
Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate
Able to work under pressure, dealing with peaks and troughs in workload
Positive attitude to dealing with change; flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches
Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously
Has a strong degree of personal integrity; able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable
Ability to operate to a variety of levels within the organisation and also external agencies
Able to work on own initiative and as part of a team
Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately
Excellent administration skills including the ability to take minutes
Excellent planning and organisational skills
Physical skills
Essential criteria
Standard office environment requirements
Other requirements specific to the role
Essential criteria
Strong visible leadership and coaching style provided onsite and online
Ability and willingness to adopt an agile approach to work
Willingness and ability to travel between sites and to external meetings
Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at the NUH we will endeavour to turn your job into a career!
We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH.
Closing Dates: Please submit your application form as soon as possible to avoid disappointment; we reserve the right to close vacancies prior to the published closing date if we receive a sufficient number of completed application forms.
Communication: All communication related to your application will be via the email address you have provided. Please ensure you check your email account including your junk email regularly.
Easy read application: if you have a disability and find it difficult to complete our online application form, you can apply via our easy read application which you can find on the intranet
NUH are now able to offer application completion support and interview preparation support. Please follow the link to book onto our sessions: Support for NUH Job Applications
If you are aged 16 or 17 and applying for a role that is more than 20 hours a week, please be aware that you will be asked to commence an Apprenticeship within the Trust alongside your role, as long as there is a suitable apprenticeship standard available. This is in line with the current guidance in England that whilst young people under the age of 18 can leave school (on the last Friday in June) they must then do one of the following:
Stay in full-time education, for example at a college
Start an Apprenticeship
Spend 20 hours of more a week working or volunteering, while in part-time education or training
For more details visit; School leaving age - GOV.UK (www.gov.uk)
Salary: The quoted salary will be on a pro rata basis for part time workers.
Disability Confidence: All applicants who have declared a disability and who meet the essential criteria for the post will be shortlisted.
At Risk of redundancy: NHS employees within the East Midlands who are 'at risk' of redundancy will be given a preferential interview where they meet the essential criteria of the person specification.
International Recruitment: If you are applying for a role with us from outside of the UK then please read the guidance on applying for a health or social care job in the UK from abroad.
ID and Right to work checks: NUH authenticate ID and right to work documentation including passports and driving licenses through a system called Trust ID. NUH will scan your ID and right to work documentation in to the Trust ID system at your face to face ID appointment. The system will run a check against the key security features within your documentation. The system will provide us with an outcome of your check which will be stored securely on your personal file along with all other pre-employment check documentation.
Consent:
Transfer of information: If I have previous NHS service - I consent to the transfer of my Electronic Staff Record (ESR) data between this and other NHS Trusts. I also consent to the Occupational Health Department confidentially accessing my occupational health records from my current or previous employer in order to check the status of my vaccinations, immunisations s and screening tests as relevant to the post. I understand this is an automated process and the information will only be used for these purposes prior to me taking up the position at NUH.
Disclosure and Barring Service: Your post maybe subject to a DBS check which incur a cost dependent on the level of check required (£42.90 for enhanced and £22.90 for standard). I agree to reimburse Nottingham University Hospitals NHS Trust the cost of a Disclosure and Barring Service (DBS) check if it is required (by deduction from first month's pay). Should I decide to withdraw from my job offer, I agree to reimburse Nottingham University Hospitals NHS Trust the cost of the DBS check undertaken by cheque or other agreed method.
For more information about our organisation and the career opportunities available, please visit our website and/or follow us on Instagram, Twitter and Facebook
Employer certification / accreditation badges
Applicant requirements
The postholder will have access to vulnerable people in the course of their normal duties and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.
Documents to download
Deputy Head of Information Security & Data Protection Officer (PDF, 792.3KB)
Deputy Head of Information Security Person Spec (PDF, 384.6KB)
Structure - Data Protection Office (PDF, 70.5KB)
Mindful Employer (PDF, 242.5KB)
Equality and Diversity (PDF, 122.3KB)
Equal Opportunities (PDF, 57.4KB)
Disability Confidence Scheme (PDF, 51.0KB)
Rehabilitation of Ex Offenders (PDF, 106.0KB)
#J-18808-Ljbffr
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
