Job summary Are you looking to make a difference and use your leadership and coaching skills? Then we want to hear from you as we have an excellent opportunity for you. We need experts in Data Protection and Security to help the Trust deliver an excellent Data Protection Office service. You probably know the NHS is one of the largest employers in the UK and EU and it needs you. In return this role can offer you a fantastic opportunity for you to learn, grow and develop whilst being supported by experienced leaders within this field. We've recently undertaken a full workforce change across the Data Protection Office service and are seeking strong, visible and competent leaders who can use their knowledge, skills and abilities to coach a team of staff to learn, develop and grow to achieve shared service wide objectives. In addition to the brief list below you must familiarise yourself with the full job description and person specification attached to this advert prior to applying. The post holder will be an experienced leader and specialist in relation to data protection, security, confidentiality, line management, service delivery and records managements. Responsible for the day to day management of the Data Protection Office / service. Main duties of the job Lead and promote data protection and security awareness and provide advice and guidance to the Trust, Employee's and Management in relation to the organisation achieving compliance with Data Protection Legislation. Provide Information Governance support in relation to commercial, informatics, and research projects. Provide first line support for all data protection and security enquiries. Including commercial, data analytics and research to the Trust. Such as contracts and procurement process and due diligence, ISA, DPA, DPIAs and DTAC. Work with managers, Heads of Service and Directors of operations to identify any new working practices required and to support the change programme to implement these utilising a Privacy by Design process. Ensure Continuous Professional Development (CPD) of self and supervisee's. Provide expert advice to the Trust in relation to relevant Information Security / Cyber Security frameworks such as ISO27001 compliance but not limited too. Keeping themselves up to date with relevant frameworks. The post requires a mix of on-site and home working to suit the needs of our service. Typically, one or two days a week depending on the service needs. The service has an agile working approach and planned meeting schedules so the entire service can plan accordingly their home and work life balance accordingly. About us With over 20,000 staff, we are one of the biggest employers in the city with a central role in supporting the health and wellbeing of our local population. We play a leading role in research, education and innovation. Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at NUH we will endeavour to turn your job into a career We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH. Date posted 17 March 2025 Pay scheme Agenda for change Band Band 7 Salary £46,148 to £52,809 a year per annum Contract Permanent Working pattern Full-time, Flexible working, Home or remote working Reference number 164-6021640-2 Job locations City and Queen's Medical Centre Hospital Campus Hucknall Road Nottingham NG5 1PB Job description Job responsibilities Please refer to the job description and person specification attached to the advert for the full details of the vacancy. Job description Job responsibilities Please refer to the job description and person specification attached to the advert for the full details of the vacancy. Person Specification Commitment to Trust Values and Behaviours Essential Must be able to demonstrate behaviours consistent with the Trust's behavioural standards Training & Qualifications Essential Significant post graduate level education in relevant field or able to demonstrate considerable experience and competencies within Data Protection & Security Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public facing organisation Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. - Specific expert Data Protection and / Freedom of Information legislation practitioner - Specialist knowledge in relation to Data Protection and Security - Data / Information Security / Cyber Security Qualification Experience of Microsoft packages including Word, Excel, PowerPoint, Outlook. An understanding of the Data Protection Act / UK GDPR, Freedom of Information and Access to Health Records Legislation Must be willing to participate in any relevant training to develop skills required to carry out duties Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information) Desirable Educated to a master level with a degree or equivalent experience and competencies or extensive relevant senior experience Data Protection Act Practitioner Certification / Qualification Data Security / Information Security Qualification Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Certified Ethical Hacker (CEH) ISO27001 Lead Auditor Certification Experience Essential Experience of staff management including PDP, recruitment, disciplinary and capability etc. Supervisory / Line Management skills Considerable in-depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc. Highly developed knowledge and understanding of Data / Cyber / Information Security requirements within an NHS environment Expert knowledge of Data Protection Act 2018 / relevant legislation, Freedom of Information Act 2000, Access to Health Records Act 1990, Network & Information Systems Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation Knowledge of Data Protection & Security / Cyber Security Frameworks Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC) Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation Knowledge, experience and practical applications of auditing techniques desktop and onsite where required in relation to post Experience of delivering presentations to large and diverse groups Ability to work with and influence senior colleagues including negotiation and persuasion skills Ability to recognise own and others development needs and find appropriate solutions Self-motivated and ability to motivate others. Ability to foster and maintain positive working and service relationships Experience of writing policies and procedures Expert level of experience managing Data Protection enquiries and issues Desirable Highly developed knowledge of working with patient based clinical information systems Specialist knowledge of NHS and statutory polices and regulations including, Data Protection Act (UK GDPR), Caldicott Principals Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies Knowledge of Acute Hospital Services and the way in which data is used Experience of working in a support role Experience of working in the National Health Service Experience of working in an Data Protection / Information Governance department. Senior level role within an NHS service / department / division Experience of working with National organisations such as the Local Authorities, Department of Health (DoH), Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC). Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001 Experience of managing a demanding and expanding service creatively and efficiently in an agile manner. Awareness of corporate and records management requirements Reporting to the Information Commissioner's Office (ICO) / Ombudsman Communication and Relationship skills Essential Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies. Effective interpersonal and communications skills with the ability to produce clear concise communications Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff Able to develop, establish and maintain positive relationships with others both internal and external to the organisation Excellent presentation/ training skills Desirable Experience in collaboration to deliver objectives Self- motivated and able to encourage others at all levels including senior management Analytical and Judgement skills Essential Competent IT skills in order to collect and interpret data, present reports and compile simple presentations Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner Ability to operate to a variety of levels within the organisation and also external agencies Flexible approach to meet the conflicting demands of the job Effective time management skills in order to meet deadlines Ability to communicate at all levels, both written and verbally, with internal and external customers Ability to prioritise own workload autonomously Accuracy and attention to detail Ability to maintain confidentiality Ability to demonstrate tact and diplomacy Ability to work under pressure and to tight deadlines with changing priorities Ability to conduct audits and exercise judgement Ability to compile and initiate audits and present findings Ability to use professional judgement and advise others on best practice, national guidelines and legislation Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately Able to work on own initiative and as part of a team Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs Values differences; regards people as individuals and appreciates the value of diversity in the workplace Planning and organisation skills Essential Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate Able to work under pressure, dealing with peaks and troughs in workload Positive attitude to dealing with change; flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously Has a strong degree of personal integrity; able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable Ability to operate to a variety of levels within the organisation and also external agencies Excellent planning and organisational skills Physical skills Essential Standard office environment requirements Other requirements specific to the role (e.g. be able to work shifts/on call) Essential Strong visible leadership and coaching style provided onsite and online Ability and willingness to adopt an agile approach to work Willingness and ability to travel between sites and to external meetings Person Specification Commitment to Trust Values and Behaviours Essential Must be able to demonstrate behaviours consistent with the Trust's behavioural standards Training & Qualifications Essential Significant post graduate level education in relevant field or able to demonstrate considerable experience and competencies within Data Protection & Security Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public facing organisation Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. - Specific expert Data Protection and / Freedom of Information legislation practitioner - Specialist knowledge in relation to Data Protection and Security - Data / Information Security / Cyber Security Qualification Experience of Microsoft packages including Word, Excel, PowerPoint, Outlook. An understanding of the Data Protection Act / UK GDPR, Freedom of Information and Access to Health Records Legislation Must be willing to participate in any relevant training to develop skills required to carry out duties Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information) Desirable Educated to a master level with a degree or equivalent experience and competencies or extensive relevant senior experience Data Protection Act Practitioner Certification / Qualification Data Security / Information Security Qualification Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Certified Ethical Hacker (CEH) ISO27001 Lead Auditor Certification Experience Essential Experience of staff management including PDP, recruitment, disciplinary and capability etc. Supervisory / Line Management skills Considerable in-depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements; Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc. Highly developed knowledge and understanding of Data / Cyber / Information Security requirements within an NHS environment Expert knowledge of Data Protection Act 2018 / relevant legislation, Freedom of Information Act 2000, Access to Health Records Act 1990, Network & Information Systems Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation Knowledge of Data Protection & Security / Cyber Security Frameworks Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC) Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation Knowledge, experience and practical applications of auditing techniques desktop and onsite where required in relation to post Experience of delivering presentations to large and diverse groups Ability to work with and influence senior colleagues including negotiation and persuasion skills Ability to recognise own and others development needs and find appropriate solutions Self-motivated and ability to motivate others. Ability to foster and maintain positive working and service relationships Experience of writing policies and procedures Expert level of experience managing Data Protection enquiries and issues Desirable Highly developed knowledge of working with patient based clinical information systems Specialist knowledge of NHS and statutory polices and regulations including, Data Protection Act (UK GDPR), Caldicott Principals Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies Knowledge of Acute Hospital Services and the way in which data is used Experience of working in a support role Experience of working in the National Health Service Experience of working in an Data Protection / Information Governance department. Senior level role within an NHS service / department / division Experience of working with National organisations such as the Local Authorities, Department of Health (DoH), Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC). Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001 Experience of managing a demanding and expanding service creatively and efficiently in an agile manner. Awareness of corporate and records management requirements Reporting to the Information Commissioner's Office (ICO) / Ombudsman Communication and Relationship skills Essential Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies. Effective interpersonal and communications skills with the ability to produce clear concise communications Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff Able to develop, establish and maintain positive relationships with others both internal and external to the organisation Excellent presentation/ training skills Desirable Experience in collaboration to deliver objectives Self- motivated and able to encourage others at all levels including senior management Analytical and Judgement skills Essential Competent IT skills in order to collect and interpret data, present reports and compile simple presentations Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate; pre-empting problems and working to solve them in an appropriate manner Ability to operate to a variety of levels within the organisation and also external agencies Flexible approach to meet the conflicting demands of the job Effective time management skills in order to meet deadlines Ability to communicate at all levels, both written and verbally, with internal and external customers Ability to prioritise own workload autonomously Accuracy and attention to detail Ability to maintain confidentiality Ability to demonstrate tact and diplomacy Ability to work under pressure and to tight deadlines with changing priorities Ability to conduct audits and exercise judgement Ability to compile and initiate audits and present findings Ability to use professional judgement and advise others on best practice, national guidelines and legislation Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately Able to work on own initiative and as part of a team Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs Values differences; regards people as individuals and appreciates the value of diversity in the workplace Planning and organisation skills Essential Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate Able to work under pressure, dealing with peaks and troughs in workload Positive attitude to dealing with change; flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously Has a strong degree of personal integrity; able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable Ability to operate to a variety of levels within the organisation and also external agencies Excellent planning and organisational skills Physical skills Essential Standard office environment requirements Other requirements specific to the role (e.g. be able to work shifts/on call) Essential Strong visible leadership and coaching style provided onsite and online Ability and willingness to adopt an agile approach to work Willingness and ability to travel between sites and to external meetings Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Certificate of Sponsorship Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab). From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab). Additional information Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Certificate of Sponsorship Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab). From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab). Employer details Employer name Nottingham University Hospitals NHS Trusts Address City and Queen's Medical Centre Hospital Campus Hucknall Road Nottingham NG5 1PB Employer's website https://www.nuh.nhs.uk/ (Opens in a new tab)