Data Protection & Security Manager

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Detailed job description and main responsibilities

Please refer to the job description and person specification attached to the advert for the full details of the vacancy.

Person specification

Commitment to Trust Values and Behaviours

Essential criteria

• Must be able to demonstrate behaviours consistent with the Trust's behavioural standards

Training & Qualifications

Essential criteria

• Significant post graduate level education in relevant field or able to demonstrate considerable experience and competencies within Data Protection & Security
• Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public facing organisation
• Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. - Specific expert Data Protection and / Freedom of Information legislation practitioner - Specialist knowledge in relation to Data Protection and Security - Data / Information Security / Cyber Security Qualification
• Experience of Microsoft packages including Word, Excel, PowerPoint, Outlook.
• An understanding of the Data Protection Act / UK GDPR, Freedom of Information and Access to Health Records Legislation
• Must be willing to participate in any relevant training to develop skills required to carry out duties
• Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information)

Desirable criteria

• Educated to a master level with a degree or equivalent experience and competencies or extensive relevant senior experience
• Data Protection Act Practitioner Certification / Qualification
• Data Security / Information Security Qualification
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Ethical Hacker (CEH)
• ISO27001 Lead Auditor Certification

Experience

Essential criteria

• Experience of staff management including PDP, recruitment, disciplinary and capability etc.
• Supervisory / Line Management skills
• Considerable in-depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc.
• Highly developed knowledge and understanding of Data / Cyber / Information Security requirements within an NHS environment
• Expert knowledge of Data Protection Act 2018 / relevant legislation, Freedom of Information Act 2000, Access to Health Records Act 1990, Network & Information Systems Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation
• Knowledge of Data Protection & Security / Cyber Security Frameworks
• Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC)
• Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above
• Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation
• Knowledge, experience and practical applications of auditing techniques desktop and onsite where required in relation to post
• Experience of delivering presentations to large and diverse groups
• Ability to work with and influence senior colleagues including negotiation and persuasion skills
• Ability to recognise own and others development needs and find appropriate solutions
• Self-motivated and ability to motivate others.
• Ability to foster and maintain positive working and service relationships
• Experience of writing policies and procedures
• Expert level of experience managing Data Protection enquiries and issues

Desirable criteria

• Highly developed knowledge of working with patient based clinical information systems
• Specialist knowledge of NHS and statutory polices and regulations including, Data Protection Act (UK GDPR), Caldicott Principals
• Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies
• Knowledge of Acute Hospital Services and the way in which data is used
• Experience of working in a support role
• Experience of working in the National Health Service
• Experience of working in an Data Protection / Information Governance department.
• Senior level role within an NHS service / department / division
• Experience of working with National organisations such as the Local Authorities, Department of Health (DoH), Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC).
• Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001
• Experience of managing a demanding and expanding service creatively and efficiently in an agile manner.
• Awareness of corporate and records management requirements
• Reporting to the Information Commissioner's Office (ICO) / Ombudsman

Communication and Relationship skills

Essential criteria

• Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels
• Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies.
• Effective interpersonal and communications skills with the ability to produce clear concise communications
• Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff
• Able to develop, establish and maintain positive relationships with others both internal and external to the organisation
• Excellent presentation/ training skills

Desirable criteria

• Experience in collaboration to deliver objectives
• Self- motivated and able to encourage others at all levels including senior management

Analytical and Judgement skills

Essential criteria

• Competent IT skills in order to collect and interpret data, present reports and compile simple presentations
• Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner
• Ability to operate to a variety of levels within the organisation and also external agencies
• Flexible approach to meet the conflicting demands of the job
• Effective time management skills in order to meet deadlines
• Ability to communicate at all levels, both written and verbally, with internal and external customers
• Ability to prioritise own workload autonomously
• Accuracy and attention to detail
• Ability to maintain confidentiality
• Ability to demonstrate tact and diplomacy
• Ability to work under pressure and to tight deadlines with changing priorities
• Ability to conduct audits and exercise judgement
• Ability to compile and initiate audits and present findings
• Ability to use professional judgement and advise others on best practice, national guidelines and legislation
• Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately
• Able to work on own initiative and as part of a team
• Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs
• Values differences; regards people as individuals and appreciates the value of diversity in the workplace

Planning and organisation skills

Essential criteria

• Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example
• Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate
• Able to work under pressure, dealing with peaks and troughs in workload
• Positive attitude to dealing with change; flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches
• Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously
• Has a strong degree of personal integrity; able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable
• Ability to operate to a variety of levels within the organisation and also external agencies
• Excellent planning and organisational skills

Physical skills

Essential criteria

• Standard office environment requirements

Other requirements specific to the role (e.g. be able to work shifts/on call)

Essential criteria

• Strong visible leadership and coaching style provided onsite and online
• Ability and willingness to adopt an agile approach to work
• Willingness and ability to travel between sites and to external meetings

Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at the NUH we will endeavour to turn your job into a career!

We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH.

Applicants are kindly requested to refrain from using AI at any stage during the recruitment process.

Closing Dates: Please submit your application form as soon as possible to avoid disappointment; we reserve the right to close vacancies prior to the published closing date if we receive a sufficient number of completed application forms.

Communication: All communication related to your application will be via the email address you have provided. Please ensure you check your email account including your junk email regularly.

Easy read application: if you have a disability and find it difficult to complete our online application form, you can apply via our easy read application which you can find on the intranet https://www.nuh.nhs.uk/easy-read-job-application

NUH are now able to offer application completion support and interview preparation support. Please follow the link to book onto our sessions: Support for NUH Job Applications

If you are aged 16 or 17 and applying for a role that is more than 20 hours a week, please be aware that you will be asked to commence an Apprenticeship within the Trust alongside your role, as long as there is a suitable apprenticeship standard available. This is in line with the current guidance in England that whilst young people under the age of 18 can leave school (on the last Friday in June) they must then do one of the following:

• Stay in full-time education, for example at a college
• Start an Apprenticeship
• Spend 20 hours of more a week working or volunteering, while in part-time education or training

For more details visit; School leaving age - GOV.UK (www.gov.uk)

Salary: The quoted salary will be on a pro rata basis for part time workers.

Disability Confidence: All applicants who have declared a disability and who meet the essential criteria for the post will be shortlisted.

At Risk of redundancy: NHS employees within the East Midlands who are 'at risk' of redundancy will be given a preferential interview where they meet the essential criteria of the person specification.

International Recruitment: If you are applying for a role with us from outside of the UK then please read the guidance on applying for a health or social care job in the UK from abroad.

ID and Right to work checks: NUH authenticate ID and right to work documentation including passports and driving licenses through a system called Trust ID. NUH will scan your ID and right to work documentation in to the Trust ID system at your face to face ID appointment. The system will run a check against the key security features within your documentation. The system will provide us with an outcome of your check which will be stored securely on your personal file along with all other pre-employment check documentation.

Consent:

• Transfer of information: If I have previous NHS service - I consent to the transfer of my Electronic Staff Record (ESR) data between this and other NHS Trusts. I also consent to the Occupational Health Department confidentially accessing my occupational health records from my current or previous employer in order to check the status of my vaccinations, immunisations s and screening tests as relevant to the post. I understand this is an automated process and the information will only be used for these purposes prior to me taking up the position at NUH.
• Disclosure and Barring Service: Your post maybe subject to a DBS check which incur a cost dependent on the level of check required (£42.90 for enhanced and £22.90 for standard). I agree to reimburse Nottingham University Hospitals NHS Trust the cost of a Disclosure and Barring Service (DBS) check if it is required (by deduction from first month's pay). Should I decide to withdraw from my job offer, I agree to reimburse Nottingham University Hospitals NHS Trust the cost of the DBS check undertaken by cheque or other agreed method.
• For more information about our organisation and the career opportunities available, please visit our website and/or follow us on Instagram, Twitter and Facebook

Employer certification / accreditation badges

Applicant requirements

The postholder will have access to vulnerable people in the course of their normal duties and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.

Documents to download

• Job Description (PDF, 832.3KB)
• Person Spec - Data Protection & Security Manager (PDF, 376.6KB)
• Structure - Data Protection Office (PDF, 70.5KB)
• Mindful Employer (PDF, 242.5KB)
• Equality and Diversity (PDF, 122.3KB)
• Equal Opportunities (PDF, 57.4KB)
• Disability Confidence Scheme (PDF, 51.0KB)
• Rehabilitation of Ex Offenders (PDF, 106.0KB)