Skip to main content

Deputy Head of Information Security & DPO

Nottingham University Hospitals NHS Trust
£58,972 to £68,525 per annum
Closing date
2 Jun 2024

View more

Other Health Profession
Band 8B
Contract Type
Full Time
What's the offer?

Are you looking for an exciting challenge and an opportunity to make a real difference? Are you passionate about leadership and nurturing people? Are you experienced in the world of data protection and security?

At University Nottingham University Hospitals NHS Trust, we have a fantastic opportunity for you to become a Deputy to our Data Protection Officer within our exciting Information Governance team. Data Protection and Security / Information Governance is a requirement of every UK organisation ensuring that you are entering a career in an area of continued demand and expertise.

You probably know the NHS is one of the largest employers in the UK and EU and it needs you. In return this role can offer you a fantastic opportunity for you to learn, grow and develop whilst using your leadership abilities.

Main duties of the job

What's the role?

The Trust has recently undertaken a new workforce change, and adopted a new structure as set out within the job description. This role requires you to play a vital role in developing and delivering the service and achieving our new vision.

You will be the Deputy to the Data Protection Officer and work closely with people at all levels, joining at an exciting time where there is lots of change to deliver the Trusts strategy of People First. As well as our objective to Centralising, Standardising and Digitalising.

You will be dynamic, enthusiastic and approachable and the ability to be able to evidence success in a senior manager position within a complex health care environment is essential.

You'll take the lead on a number of key responsibilities including the below, as part of the Trust's new vision that is outlined within the job description:
  • Data Protection
    • (i.e. Data Protection Impact Assessments, Data Sharing / Processing Agreements and Information Asset Management)
  • Data Requests
    • (i.e. Subject Access Requests and Freedom of Information Requests and all types of disclosures)
  • Data Breaches
    • (i.e. Data incidents breaches of the Confidentiality, Integrity and Availability (CIA) triad of Information Assets)
  • Data Security
    • (i.e. NHS Data Security and Protection Toolkit / Regulatory compliance)

About us

With over 20,000 staff, we are one of the biggest employers in the city with a central role in supporting the health and wellbeing of our local population. We play a leading role in research, education and innovation.

Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at NUH we will endeavour to turn your job into a career!

We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH.

Job description

Job responsibilities

Please refer to the job description and person specification attached to the advert for the full details of the vacancy.

In addition to the brief list above you must familiarise yourself with the full job description and person specification attached to this advert prior to applying.

Person Specification

Commitment to Trust Values and Behaviours


  • Must be able to demonstrate behaviours consistent with the Trust's We are here for you behavioural standards

Training & Qualifications


  • Educated to master degree level or equivalent experience
  • Completed Data Protection Officer practitioner, or equivalent, training
  • Evidence of and continuing professional development
  • Experience and knowledge in Data Protection & Security and in interpretation and applications of legislation in a large public acting organisation
  • Relevant Data Protection, Cyber Security and Information Technology qualifications. i.e. (Specific expert Data Protection and / Freedom of Information legislation practitioner) (Specialist knowledge in relation to Data Protection and Security) (Data / Information Security / Cyber Security Qualification
  • Expert knowledge of the Data Protection Act and Freedom of Information Legislation
  • Must be willing to participate in any relevant training to develop skills required to carry out duties
  • Evidence of continuing professional development in relevant area (s) (Records Management, Data Retention, Data Protection, Handling Information)


  • Data Security / Information Security Qualification
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Ethical Hacker (CEH)
  • ISO27001 Lead Auditor Certification
  • Formal management/leadership training/qualification
  • Service Improvement training / qualification



  • Significant operational management experience in leading a team in a highly demanding and complex organisation as a leader
  • Extensive experience in a similar position or in a senior information governance role within the NHS
  • Experience of the NHS Data Security & Protection Toolkit
  • Comprehensive knowledge of information governance, data protection legislation / best practice
  • Experience of leading the development and/or implementation of an information governance framework within a complex, multi-site organisation
  • Strong track record of successful delivery of performance standards in a challenging environment
  • Experience of working collaboratively with a range of professional groups to achieve improved outcomes
  • Able to develop strategies to meet objectives and workload demand
  • Extensive experience of managing and developing a team, including delegation and overseeing duties
  • Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
  • Considerable in depth knowledge and experience of working within the Health and Social Care sector in relation to NHS Information Governance definitions and requirements Caldicott Guardian role, Senior Information Risk Owner role, Confidentiality, Integrity and Availability and Data Security & Protection Toolkit requirements etc.
  • Highly developed knowledge and understanding if Data / Cyber / Information Security requirements within an NHS environment
  • Expert knowledge of Data Protection Act (DPA) 2018 (UK GDPR) /, Freedom of Information Act (FOIA) 2000, Access to Health Records Act (ATHR) 1990, Network & Information Systems (MIS) Regulations 2018, Computer Misuse Act 1990 and any other relevant legislation
  • Expert level of experience managing Data Protection enquiries and issues
  • Knowledge of Data / Security / Cyber Security Frameworks
  • Knowledge and experience of supporting and completing all types of Contracts, Service Level Agreements (SLAs) and relevant Information Sharing / Data Processing Agreements alongside procurement due diligence requirements. Such as the Digital Technology Assessment Criteria (DATC)
  • Knowledge, experience and practical application of data privacy impact assessments as set out within legislation above
  • Knowledge, experience and practical applications of Data Breaches / Incidents in line with the Confidentiality, Integrity and Availability (CIA) Triad. As well as reporting to relevant commissioning bodies as set out within legislation
  • Knowledge, experience and practical applications of Auditing techniques desktop and onsite where required in relation to post.


  • Highly developed knowledge of working with patient based clinical information systems
  • Specialist knowledge of NHS and statutory polices and regulations including UK GDPR, Data Protection Bill, Caldicott Principals
  • Knowledge and understanding of the importance of confidentiality, Data Protection / Information Governance and security policies
  • Knowledge of Acute Hospital Services and the way in which data is used Experience of working in a support role
  • Experience of working in the National Health Service
  • Experience of working in an Data Protection / Information Governance department
  • Senior level role within an NHS service / department / division
  • Experience of working with National organisations such as the Local Authorities, Department of Health (DoH)
  • Experience Integrated Care Boards (ICB), NHS England and National Cyber Security Centre (NCSC)
  • Cyber Essentials Plus, Cyber Assessment Framework & ISO 27001
  • Experience of managing a demanding and expanding service creatively and efficient in an agile manner
  • Awareness of corporate and records management requirements
  • Reporting to the Information Commissioner's Office (ICO) / Ombudsman.

Communication and relationship skills


  • Excellent verbal and written communication skills and the ability to communicate specialist / complex issues effectively at all levels
  • Ability to analyse complex information requiring interpretation in order to meet the service requirement e.g., Staff data on training, skills and competencies.
  • Effective interpersonal and communications skills with the ability to produce clear concise communications
  • Ability to provide contentious information to staff groups and to communicate business sensitive information to internal staff
  • Able to develop, establish and maintain positive relationships with others both internal and external to the organisation
  • Ability to work with and influence senior colleagues including negotiation and persuasion skills
  • Ability to foster and maintain positive working and service relationships
  • Ability to compile and initiate audits and present findings
  • Expert level of experience managing Data Protection enquiries and issues
  • Experience of writing policies and procedures
  • Excellent presentation and training skills
  • Experience of delivering presentations to large and diverse groups


  • Experience in collaboration to deliver objectives
  • Self- motivated and able to encourage others at all levels including senior management

Analytical and Judgement skills


  • Competent IT skills in order to collect and interpret data, present reports and compile simple presentations
  • Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate pre-empting problems and working to solve them in an appropriate manner
  • Ability to operate to a variety of levels within the organisation and also external agencies
  • Flexible approach to meet the conflicting demands of the job
  • Effective time management skills in order to meet deadlines
  • Ability to communicate at all levels, both written and verbally, with internal and external customers
  • Ability to prioritise own workload autonomously
  • Accuracy and attention to detail
  • Ability to maintain confidentiality
  • Ability to demonstrate tact and diplomacy
  • Ability to work under pressure and to tight deadlines with changing priorities
  • Ability to conduct audits and exercise judgement
  • Ability to use professional judgement and advise others on best practice, national guidelines and legislation
  • Ability to recognise own and others development needs and find appropriate solutions
  • Sensitive to the needs of others and has an awareness and responsiveness to other people's feelings and needs
  • Values differences regards people as individuals and appreciates the value of diversity in the workplace

Planning and organisation skills


  • Leadership / Supervisory / Line Management skills
  • Ability to work without direct supervision, prioritising work and acting on own initiative where appropriate pre-empting problems and working to solve them in an appropriate manner
  • Ability to manage workloads of others and distribution throughout the service / team in a coaching style of leadership, leading by example
  • Ability to operate to a variety of levels within the organisation and also external agencies
  • Self-motivated and ability to motivate others
  • Ability to recognise own and others development needs and find appropriate solutions
  • Able to work as part of a team, co-operating to work together and in conjunction with others and willing to help and assist wherever possible and appropriate
  • Able to work under pressure, dealing with peaks and troughs in workload
  • Positive attitude to dealing with change flexible and adaptable, willing to change and accept change and to explore new ways of doing things and approaches
  • Highly motivated, reliable and resourceful with a proactive approach to problem solving and ability to work autonomously
  • Has a strong degree of personal integrity able to adhere to standards of conduct based on a sense of right and wrong and be dependable and reliable
  • Ability to operate to a variety of levels within the organisation and also external agencies
  • Able to work on own initiative and as part of a team
  • Ability to multi-task, deal with conflicting deadlines and prioritise workload appropriately
  • Excellent administration skills including the ability to take minutes
  • Excellent planning and organisational skills

Physical skills


  • Standard office environment requirements

Other requirements specific to the role


  • Strong visible leadership and coaching style provided onsite and online
  • Ability and willingness to adopt an agile approach to work
  • Willingness and ability to travel between sites and to external meetings

Employer details

Employer name

Nottingham University Hospitals NHS Trusts


City & Queens Medical Centre Hospitals

Hucknall Road



Any attachments will be accessible after you click to apply.


Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert