Warning
Mae'r hysbyseb swydd hon wedi dod i ben ac mae'r ceisiadau wedi cau.
Head of Information Security & Data Protection Officer
| Dyddiad hysbysebu: | 28 Mai 2025 |
|---|---|
| Cyflog: | £62,215.00 i £72,293.00 bob blwyddyn |
| Gwybodaeth ychwanegol am y cyflog: | £62215.00 - £72293.00 a year |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 11 Mehefin 2025 |
| Lleoliad: | Bulwell, NG6 8WR |
| Cwmni: | NHS Jobs |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: | B9826-PGCI-6294 |
Crynodeb
Job Purpose Leading an Information Security & Records Management team, the postholder will work closely with CityCares Senior Information Risk Owners, Caldicott Guardians and key Information Management and Cyber Security colleagues to provide a high-quality Information Security, Records Management and Data Protection Service to CityCares Directorates. The postholder will assist the Senior Management Team in providing vital support and assurance on CityCares current and proposed future developments with data protection legislation including the UK General Data Protection Regulation, Data Protection Act, Records Management Legislation and good practice, providing expert advise to all levels of the organisation. The postholder will ensure robust systems of assurance are in place for Information Security / Information Governance, Data Protection and Records Management and provide strategic leadership by advising Senior Management on the priorities and risks for Information, Cyber and Records Management in line with legislative requirements and best practice. The postholder will lead on CityCares submission of the Data Security and Protection Toolkit submission. The postholder will also fulfil the statutory role of Data Protection Officer under current data protection legislation to ensure compliance with GDPR, in which the role will be accountable to the Director of Finance and Corporate Services / Senior Information Risk Owner. Dimensions The postholder will provide strategic leadership to a range of Information Security, Data Protection and Records Management programmes, working with Digital, Information Technology, Cyber Security and other specialists to deliver an agreed set of best practices and operational considerations for CityCare. The postholder will provide assistance to the Senior Leadership Team, Managers and Project Leads to ensure standards of confidentiality, security, integrity and availability of the organisations personal and corporate data is effectively managed, including the development of strategies, policies and standard operating procedures. The postholder will provide expert advice to Senior Management and all employees on matters relating to Information Security, Data Protection and Records Management and related legislation including the Data Protection Act, GDPR, PECR, FOIA, Access to Information, Records Management Code of Practice, Common Law Duty of Confidentiality etc. Key Responsibilities Data Protection Officer: To undertake the statutory / legislative role of Data Protection Officer. To inform and advise the organisation and its employees of their obligations under the UK General Data Protection Regulation, and other national data protection legislation. To advise the organisation on all aspects of the General Data Protection Regulation in an independent and autonomous manner. To be the named contact point and to work with the Regulatory Authority (Information Commissioners Office (ICO)), seeking advice where necessary, escalating information risks and supporting in full with any ICO Lead enquiries. To develop effective relationships and ensure the organisation is involved in local, regional and national networking opportunities. Provide specific support to the Senior Information Risk Owner, Caldicott Guardian and their deputies, and to relevant teams and individuals. Ensure Data Protection Impact Assessments are carried out and become embedded whilst identifying high risk processing where mitigating actions are insufficient to reduce the risk to an acceptable level and where proactive escalation and support from the ICO is required. Initiate investigations into complaints about breaches of the Data Protection Act/GDPR and undertake reporting/remedial action as required. Assist with complaints in relation to data protection and release of information especially where Commissioners and National Inquiries are involved. Ensure serious information breaches are reported in line with the GDPR requirements in terms of timescales and overseeing bodies, involving and keeping updated the Information Commissioners Office as necessary. Undertake highly complex information risk analysis and management, particularly of Personal Identifiable Data (PID) and via data flows. Information Security, Records Management and Cyber Security: To provide day to day line management for the Information Security and Records Management team. To provide strategic direction, advice and guidance on the diverse range of topics and issues that constitutes Information Security across CityCare. Responsible for ensuring the Data Security and Protection Toolkit (DSPT) returns are completed for CityCare, relevant to a Community Provider organisation. Generating assurance and supporting Managers/Service Leads to comply with the requirements of the DSPT standards, implementing remedial measures and developments identified during the management of the DSPT. To facilitate information security compliance with ISO 27000 series in line with the standards within the DSPT. To be responsible for coordinating all standards relating to Records Management within the DSPT. To facilitate effective risk management, with links to the organisational risk register. To advise on any changes required to maintain organisational compliance with Information Security, Data Protection and Records Management procedures, supporting Managers to implement action plans and have accountability for providing assurance to Board, Sub-Committees and Groups regarding compliance. To analyse complex information to present in a clear format to different levels of staff, including the interpretation of law and best practice into localised guidance. Develop and support the implementation of effective policies and procedures in accordance with legislation, in anticipation of change and in response to requests from the Health Community. To support Management to embed these policies into everyday practice. To develop, design and provide awareness raising for all levels of staff, and appropriate training, including for specialist roles such as Access to Records, Information Asset Owners and Information Asset Administrators, in response to CityCares requirements and the changing Information Security/Governance agenda and in accordance with legislation. To maintain the Information Asset Register / Data Flow Mapping on behalf of the organisation, and work with Information Asset Owners and Information Asset Administrators to fulfill their roles. To support the Subject Access Request (SAR) process where a request is contentious/complex, providing expert advice and guidance as required. To undertake data breach assessments, monitor Information Security incident forms and investigate breaches in security and confidentiality liaising closely with the SIRO and Caldicott Guardian. To lead on any complex serious incidents relating to data breaches and information risks, including where appropriate reporting to other DPOs, Regulators (ICO) and Authorities (i.e. Police etc.). Support the CityCare internal and external audit processes (including the Commissioning for Quality and Innovation (CQUIN) monitoring), as well as managing a number of high-level analytical projects, to include the development of robust systems to audit and monitor adherence to existing policies and protocols specific to corporate records management and DSPT requirements. To map data and information flows within and external to the organisation to build assurance of processes and controls and identify opportunities for continuous improvement. Ensure robustness and development of Information/Data Sharing Agreements and Information/Inter Transfer Agreements at CityCare, including awareness raising and governance processes. To liaise with external organisations to develop and regularly review appropriate data sharing protocols/agreements and arrangements across organisational boundaries, and facilitate integrated working between Health and Social Care, and other Partners. To work closely with Nottinghamshire Health Informatics Service in the implementation of cyber security strategies, guidance and policies at CityCare, whilst representing CityCare at the relevant Cyber Security Partnership Meetings. To support the development of Data Protection Impact Assessments as required, in conjunction with the role of Data Protection Officer. To maintain relationships with members of the public and internal / external stakeholders whilst ensuring that queries are dealt with confidentiality and sensitively, effectively and of high standard, whilst using own judgement to decide on the course of action. To ensure CityCares Privacy Notice is kept up to date and compliant with UK GDPR. To provide expert support and specialist advice and guidance to all levels of the organisation on the appropriate legislation and best practice in relation to all areas of records management, information security and data protection. To develop, implement and monitor the effectives of the audit plan of the Information Security, Data Protection and Records Management Service, reporting any findings to the relevant Committees and escalating concerns to the Director of Finance & Corporate Services (SIRO) and/or Caldicott Guardian as required. To lead on the systems and processes needed to assure the Board that the organisation has effective systems for clinical and corporate information management in place, including but not limited to, effective governance of clinical and corporate records, policies, and documents.