Find More Than 10K+
United Kingdom Jobs

Job description

Kettering General Hospital is currently seeking a Band 7 Data Security and Protection Manager to join our Data, Security and Protection Team at University Hospitals of Northamptonshire. The team is key to ensuring that both Kettering General Hospital and Northampton General Hospital (The Group) are able to meet its legal obligations relating to personal data.

You will be outgoing and proactive with a passion for all things data security! You will be highly experienced and have excellent knowledge of the Data Protection Act, General Data Protection Regulation, Freedom of Information Act and Access to Health Records Act.

You will use your expert knowledge of the UK GDPR and the Data Protection Act 2018 in order to translate this into meaningful guidance for colleagues. Experience of managing, processing and leading our approach for subject access requests and freedom of information act is essential.

Previous NHS experience including knowledge of the Data Security Protection Toolkit would be extremely advantageous. We are keen to find an enthusiastic individual, who is proactive, articulate, organised and communicative, with excellent management skills.

The Data Security & Protection Manager will be responsible for maintaining the highest levels of Data Security & Protection by acting as the expert source of advice and expertise in Information Governance for the Group and for ensuring that systems and process are in place to ensure compliance with all statutory and regulatory requirements relating to Data Security & Protection and Information Governance. The DSP Manager will have specific line management responsibility for the Request for Information Team which has key responsibilities across UHN for all requests for information received across the group, including Freedom of Information and Data Subject Access Requests. As a senior role within the Data Security and Protection Team for UHN the DSP Manager will be an autonomous practitioner and a subject matter expert for the organisation.

You will be joining a supportive and dedicated team with the opportunity to grow and develop your knowledge and skills. The team is hard working and knowledgeable who work with enthusiasm and dedication to get the job done. It is a busy and sometimes stressful environment which we enjoy and thrive upon to achieve the best for our service users.

University Hospitals of Northamptonshire NHS Group is made up of Northampton General Hospital NHS Trust and Kettering General NHS Foundation Trust. Both hospitals are separate hospitals/employers with hospital board and leadership. We share a group executive team leading on a shared vision, mission, priorities, strategies and Dedicated to Excellence Values.

Our Excellence Values

Compassion
Accountability
Respect
Integrity
Courage

We want to recruit the best people to deliver our services across the University Hospitals of Northamptonshire and help to unleash everyone’s full potential. As an organisation, we value how we communicate and promote our vacancies to all communities.

The Hospital Group encourages applications from people who identify from all protected groups, especially those from BAME, Disabled and LGBTQ+ backgrounds as these are underrepresented in our hospitals.

We understand that we need to work with colleagues from diverse backgrounds and make sure the environment they work in is inclusive and collaborative.

We have active Networks that promote and support colleagues from all backgrounds. This ensures everyone feels supported and has a sense of belonging working for Kettering and Northampton General Hospitals.

Data Security & Protection
The post holder will be the Data Security & Protection (DSP) and Information Governance (IG) Manager for UHN with specific responsibility for Requests for Information. In particular, the post holder will:

• act as the expert source of advice and expertise in DSP for the Group;

work in partnership with the Groups Cyber Security Lead to ensure that all Cyber related toolkit assertions are met within the NHSD deadline

• ensure the Group is compliant with DSP relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the UK General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998, Freedom of Information Act 2000, Access to Health Records Act 1990;
• ensure the group is compliant with Article 15 of GDPR, Right of access by the data subject and be the senior escalation point for Data Subject Access Requests (DSARs)
• have expert knowledge of the Freedom of Information Act to ensure that all requests are responded to within the rules of the Act and approve requests in advance disclosures
• carry out internal reviews in line with section 45 Code of Practice for FOI make decisions for outcomes
• be the point of contact for the Information Commissioners Office (ICO) in respect of FOI and DSARs for the Group and manage any Decision or Enforcement Notices received from the ICO
• update, develop and implement relevant Group RFI policies, leading on monitoring compliance with those policies and protocols, undertaking complex audits as required
• be the escalation point for any and all FOI and DSAR final decisions on disclosures from the Group
• sign off all Group FOI requests in advance of disclosure
• conduct all information security due diligence for processes and/or systems which are intended to process personal and/or trust sensitive data.
• communicate with Board members and relevant Executives across the Group on highly complex and sensitive DSARs and FOIs, that could not be resolved by the team
• act as the UHN information governance expert to ensure any identified risks are appropriately managed on the Group risk registers
• communicate complex information to a range of audiences and be able to influence and persuade staff at all levels of the importance of excellent DSP standards
• attend, communicate and collaborate with external information governance groups at a local and regional level
• responsible for IG related advice, guidance and oversight for R&D programmes
• be responsible for a delegated non pay budget to ensure the team is effectively resourced
• be responsible for the planning and performance of the team, ensuring appropriate prioritisation of tasks
• lead on the short, medium and long-term planning to ensure that compliance is achieved
• ensure a long term vision is in place for the development, focus and potential of the team, recognising the need for improvements and make recommendations which are followed through and implemented to provide efficiencies and benefits where possible
• monitor the effective investigation of any and all IG related incidents, working with the relevant manager in whose service the incident occurred, where necessary, to investigate and ensure appropriate action has been taken in relation to the incident;
• attend serious investigation panels and draft reports to the ICB which give assurance that due diligence has been carried out regarding all serious incidents
• ensure that a root cause analysis is performed on all serious incidents with relevant actions recorded, and acted upon to ensure such incidents do not re-occur
• work with the complaints team and directly with members of the public to communicate appropriately regarding any DSP grievances and queries, providing support and advice as required
• manage the Information Sharing Gateway to ensure the Group has an up-to-date Information Asset register and data flow maps and, also, where appropriate, provide training to Information Asset Owners and Administrators
• manage the Trust Risk register with all DSP risks, ensuring they articulate cause, consequence and control and are managed effectively
• implement the DSP strategy in making Trust wide improvements to data security and protection processes through awareness, key meetings, training and communications, being proactive and building key contacts across the organisation
• be a point of contact for Data Subjects with regard to all issues related to processing of their personal data and to the exercise of their rights under the UK GDPR
• to maintain his or her expert knowledge in Data Protection Law and UK GDPR
• have due regard in the performance of these tasks for the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing personal data
• the role shall be bound by secrecy or confidentiality concerning the performance of these tasks and shall raise any possible conflicts of interests when carrying out their duties
• day to day responsibility for the management of data protection and security systems.
• Deputise for the Deputy Head of DSP when required
• Provide expert advice and guidance to the DSP Team in the absence of the Deputy Head of DSP

Workforce
The Data Security & Protection Manager will have line management responsibility for the Request for Information Lead and RFI Team, carrying out the full range of management responsibilities, ensuring that all staff have annual performance reviews, objectives and personal development plans in line with the Trust objectives, dealing with staff performance and disciplinary issues and ensuring that team members maximise their potential. Plan and prepare for any long term absence, or vacancies within the team to ensure the service is maintaining its statutory responsibilities, appointing bank staff and signing off additional resource as and when necessary.

Partnerships
The post holder will develop and maintain good working relationships with all Board members, including Executive Directors, and in particular the Caldicott Guardian and SIRO. The post holder will also develop good working relationships will staff across the organisation, in order to provide expert advice on Data Security & Protection matters.

The post holder will be able to communicate effectively and authoritatively with members of the Board, including the drafting of briefing notes and producing assurance reports and present at relevant meetings.