Data Security and Protection Team Leader
| Posting date: | 10 February 2026 |
|---|---|
| Salary: | £38,682.00 to £46,580.00 per year |
| Additional salary information: | £38682.00 - £46580.00 a year |
| Hours: | Full time |
| Closing date: | 24 February 2026 |
| Location: | Kettering, NN16 8UZ |
| Company: | NHS Jobs |
| Job type: | Permanent |
| Job reference: | C9264-26-0079 |
Summary
The post holder will be the Data Security & ProtectionTeam Leader. In particular, the post holder will: act as the expert source of advice andexpertisein DSP for theGroup; supportthe development for clinical administration functions within the organisation identifyinginformation governance risks and issues and providing recommendations for change increase the profileof Data Security and Protectionwithin the organisation andactively supporta culture change so that staff are aware of their responsibilities and duties towards confidentiality,integrityand availability of information; ensure processes are in place formonitoringthe secure disposal of IT and hardware assets; initiate and plan aprogramme of workthat ensures theGroupcomplies withthe requirements of the Data Security & Protection Toolkit; completion of the annual Data Security & Protection Toolkit submission and the collation of supporting evidencewhich is analysed and updated to ensure compliance; lead a range of audits which will check compliance with the DSP toolkit, research and development and incident management activities, developing improved systems and processes for data quality, data security and protection, dataintegrityand availability. work in partnership with theGroupsCyber SecurityLeadto ensure that all Cyber related toolkit assertions are met within the NHSD deadlineand any gaps in assurance are identified with a plan in place for compliance implement andmaintaincompliancewith relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998; investigate and resolveinformation securityissues andprocessesforsystems which are process personal and/or trust sensitive data. Implement the DSP training strategy forthe delivery of the Trusts IG training needs, ensuring that theGroupmeets the NHSD target for mandatory training, working in partnership with the Trusts Learning & Development service Deliver information governance trainingif and whennecessary Implement policies and propose changes toGroupDSP policies asappropriate,conductingmonitoring compliance with those policies and protocolsand ensuring they are compliant with Data Protection Act and GDPR legislation conduct data protectionimpact assessments (DPIA) where necessary and ensure theGroupadheres to thedataprivacy by designand default asset outin Article 25 GDPR act as theUHNinformation security expert to ensure any identified risks are communicated to the Head of Technology and Head of Clinical Systems to enable new systems to be implemented safely assign DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads ensure that allGroupDPIAs, Assets, Flows and third parties are appropriately recorded on the Information Sharing Gateway and signed off by the relevantDPO and SIROs Be an escalation point for the DSP analysts to ensure DPIAs are in line with GDPR legislation, redesigning systems,processesand procedures to meet the Data Security by Design and Defaultcriteria communicate complex information to a range of audiences and be able to influence and persuade staff of the importance of excellent DSP standards Lead the collationofrelevant reports and information for complianceand performancereporting, inspections and internal assuranceensuring presentations articulate statistical,analyticaland complex reportingto Groupand Boardmandated meetings Coordinate the Data Governance Group and Information Governance Group meetings, ensuring relevant reports, minutes actions and decisions are recorded, delegating tasks to the DSP administrator as appropriate Attend group,Trustand project meetings to provide expert Data Security and Protection advice and guidance to enable the effective adoption of expectations and policy Coordinate reported incidents on Datix to ensure they are appropriately managed and actions are taken Escalate incidents to the relevant DPO when they meet the criteria for a Serious Incident / reportable to the ICO Manage the DSP Toolkit Incident reporting mechanism, ensuring all SeriousIncidentsare reported with 72 hours Provide IG input,advice, guidance forResearch&Developmentprogrammes Deputise for the DSPManagerwhenrequired Ensure that the Information Sharing Gatewayis administeredasappropriateinrespect ofmaintainingsignificant assurance status across the group, being the lead and expert for use of the ISG, proposing recommendations for improvements to the national system for process,analyticsand reporting. coordinatethe effective investigation ofany and allIG related incidents, working with the relevant manager in whose service the incident occurred, where necessary, to ensureappropriate actionhas been taken in relation to the incident; To speak to staff,patientsand family members on the telephone as an escalation point for the DSP analyst,demonstratingunderstanding,compassionand knowledge in difficult,challengingand emotional circumstances. attendserious investigation panels anddraftreports to the CCG which give assurance that due diligence has been carried outregardingall serious incidents ensure that a root cause analysis is performed on all serious incidents with relevant actions recorded, and acted upon to ensure such incidents do not re-occur work with the complaints team and directly with members of the public to communicate appropriatelyregardingany DSP grievances and queries maintaintheGroupInformation Asset register and data flow maps and, also, whereappropriate, provide training to Information Asset Owners and Administrators be afirstpoint of contact for Data Subjectswith regard toall issues related to processing of their personal data and to the exercise of their rights underthe UK GDPR tomaintaintheirspecialistknowledgein Data Protection Law and UK GDPR update the Internet and Intranet pages for DSPasappropriate, ensuring it is up to date with pertinent adviceandguidance,includingapplicable FAQs and relevant legislation Workforce The Data Security & ProtectionTeam Leaderwill have line management responsibility for theDSP Team, ensuring that all staff have annual performance reviews, objectives andappraisalsin line withthe Groupobjectives, ensuringthey have the equipment necessary to fulfil their roles and the HR management tools are managed effectively.They will be an active role in recruitment,inductionand local training. Ensure anadequate skill mix andthat the office is appropriately managed To provide specialised training,adviceand guidance to DSPTeam members as and whenrequired To manage the team in ensuring all members adhere to Trust Values and lead by example ToleadDSPTeam recruitment; Toensure thee-rostering systemis signed off on a weekly basis To carry out appraisals, team performancemanagementand disciplinary processes To be the lead contact for HR queries relating to the team