Head of Information Governance and Cyber Security

Norfolk and Norwich University Hospital

Information:

This job is now closed

Job summary

Digital Health provides an expert information technology and telecommunications service covering all aspects of information processing to support operational and performance management and service improvement. The Department provides the Trust with a coherent digital strategy and secure, robust, reliable responsive, cost effective and customer driven digital services and systems. It also identifies opportunities for streamlining business processes and to enable data sharing and collaboration, both internally and externally, by the use or replacement of technology. In addition, it provides tools to enable business units to achieve their goals, facilitating a first-class quality of care to patients.

Now is a really exciting time to join the Norfolk & Norwich University Hospital, as we and the other two acute hospitals in Norfolk and Waveney we are working on our biggest digital programme to date: introducing an Electronic Patient Record (EPR) system. This programme is a key enabler of our transformation strategies for Acute Clinical Services across all sites. This is not simply a digital programme; this is one of the biggest pieces of clinical and operational transformation in the Norfolk and Waveney, set across 3 acute trusts. You will play a part in bringing the EPR to life and beyond, as we learn together about how to use it to its full advantage over the years to come.

Main duties of the job

The successful applicant will drive the strategic development and transformation of the information governance and cyber security agenda and will be responsible for developing and implementing a fit for purpose information governance and cyber assurance framework that takes account of best practice from national policy, the Data Security and Protection Toolkit (DSPT), Cyber Assurance Framework and internal recommendations to complex information governance and cyber security challenges.

The post holder will create and implement the Trust's Information Governance and Cyber Security Strategy with responsibility and accountability for the development, implementation and delivery of the Trust's annual Information Governance and Cyber Security work programme, incorporating information quality assurance, records management, data protection, information/cyber security and Freedom of Information and develop good information governance and cyber security practices across the organisation.

The post holder will also be delegated from the Chief Digital Information Officer (CDIO) to act in the statutory role of the Data Protection Officer (DPO) as defined under the EU General Data Protection Regulation (GDPR) 2016 with the objective of overseeing the requirements set out in EU General Data Protection Regulation.

About us

Join us at the Norfolk and Norwich University Hospital and be part of a workforce of over 10,000 staff!

The NNUH is one of the largest NHS trusts in the UK, providing first-class acute care for around one million people, living in Norfolk and surrounding areas. We are a teaching and research hospital, at the forefront of innovation, home to state-of-the-art facilities, such as the Quadram Institute. We are pleased to work closely with the University of East Anglia, providing teaching opportunities for our staff and placement opportunities for their students. We attract some of the best and leading professionals from across the country and are proud that our workforce represents 94 countries from across the world.

We are a friendly, collaborative hospital, working with local services and home to N&N Hospitals Charity

We can offer you the full range of NHS benefits/discounts and in addition:

  • Flexible working hours
  • Fast Track Staff Physiotherapy Service
  • Multi Faith prayer room
  • Discounted gym memberships
  • Excellent pension scheme and annual leave entitlement
  • Wagestream - access up to 40% of your pay as you earn it
  • Free Park & Ride service direct to NNUH site
  • Free 24-hours confidential counselling support
  • On-site Nursery
  • On-site cafes offering staff discounts
  • Support in career development
  • Flexible staff bank
  • Salary Sacrifice schemes including lease cars, Cycle to Work scheme and home electronics

Date posted

27 August 2024

Pay scheme

Agenda for change

Band

Band 8b

Salary

£58,972 to £68,525 a year per annum, pro rata

Contract

Permanent

Working pattern

Full-time, Part-time, Flexible working, Home or remote working, Compressed hours

Reference number

234-24-C1127

Job locations

Norfolk & Norwich University Hospital

Colney Lane

Norwich

NR4 7UY


Job description

Job responsibilities

  • To create and implement the Trusts Information Governance and Cyber Security Strategy with responsibility and accountability for the development, implementation and delivery of the Trusts annual Information Governance and Cyber Security work programme, incorporating information quality assurance, records management, data protection, information/cyber security and Freedom of Information and develop good information governance and cyber security practices across the organisation.
  • Provide specialist knowledge and support to the SIRO, Caldicott Guardian, Information Asset Owners, Department Heads, and Directors relating to the application of Information Governance and Cyber Security principles and processes relating to the security, integrity and confidentiality of patient and staff information.
  • Act as the subject matter expert in data protection law and advise the Trust Management Board, the Board of Directors, Chairman, Caldicott Guardian, SIRO and the Executive Directors on data protection issues as and when necessary.
  • Supporting the SIRO and Caldicott Guardian, and their deputies, to enable informed decision making in relation to all areas of Data Security and Protection Toolkit, Cyber Assurance Framework, Freedom of Information and Data Protection Act (DPA).
  • Act as the contact point for the Information Commissioners Office (ICO). This should include collating information which may be required by the ICO in the course of any investigation or enforcement action.
  • Responsible for leading the development and implementation of mechanisms to monitor compliance against national IG & cyber standards and the requirements of UK Data Protection laws and other external performance assessments. Also to develop and design effective monitoring of KPIs and metrics.
  • Responsible for receiving, interpreting and communicating highly complex information regarding developments in national IG and cyber legislation, policy and best practice and ensuring this is embedded within the Trust.
  • Convey highly complex and contentious IG/cyber related information, which may often be perceived to be a barrier to operational practice, to a wide range of audiences who may have limited knowledge of the subject matter.
  • Act as an ambassador for Digital Health, Cyber and Information Governance service by developing and maintaining excellent working relationships with users across the organisation to deliver a high quality service and to achieve local requirements and national targets.
  • Represent the Trust at organisational and national information governance & cyber groups to determine, influence and implement national and local policies, protocols and procedures.

Please refer to the Job Description for the full specification of responsibilities and requirements for this post.

Job description

Job responsibilities

  • To create and implement the Trusts Information Governance and Cyber Security Strategy with responsibility and accountability for the development, implementation and delivery of the Trusts annual Information Governance and Cyber Security work programme, incorporating information quality assurance, records management, data protection, information/cyber security and Freedom of Information and develop good information governance and cyber security practices across the organisation.
  • Provide specialist knowledge and support to the SIRO, Caldicott Guardian, Information Asset Owners, Department Heads, and Directors relating to the application of Information Governance and Cyber Security principles and processes relating to the security, integrity and confidentiality of patient and staff information.
  • Act as the subject matter expert in data protection law and advise the Trust Management Board, the Board of Directors, Chairman, Caldicott Guardian, SIRO and the Executive Directors on data protection issues as and when necessary.
  • Supporting the SIRO and Caldicott Guardian, and their deputies, to enable informed decision making in relation to all areas of Data Security and Protection Toolkit, Cyber Assurance Framework, Freedom of Information and Data Protection Act (DPA).
  • Act as the contact point for the Information Commissioners Office (ICO). This should include collating information which may be required by the ICO in the course of any investigation or enforcement action.
  • Responsible for leading the development and implementation of mechanisms to monitor compliance against national IG & cyber standards and the requirements of UK Data Protection laws and other external performance assessments. Also to develop and design effective monitoring of KPIs and metrics.
  • Responsible for receiving, interpreting and communicating highly complex information regarding developments in national IG and cyber legislation, policy and best practice and ensuring this is embedded within the Trust.
  • Convey highly complex and contentious IG/cyber related information, which may often be perceived to be a barrier to operational practice, to a wide range of audiences who may have limited knowledge of the subject matter.
  • Act as an ambassador for Digital Health, Cyber and Information Governance service by developing and maintaining excellent working relationships with users across the organisation to deliver a high quality service and to achieve local requirements and national targets.
  • Represent the Trust at organisational and national information governance & cyber groups to determine, influence and implement national and local policies, protocols and procedures.

Please refer to the Job Description for the full specification of responsibilities and requirements for this post.

Person Specification

Qualifications

Essential

  • Educated to Masters Degree level with in-depth specialised knowledge acquired through training and relevant experience.
  • ISEB Certificate in Information Risk Management
  • ISEB Certificate in Information Security Management Principles

Experience

Essential

  • Extensive experience in a senior Information Management role, specifically incorporating experience in the field of Information Governance, Cyber Security and Data Protection
  • Experience of working across organisational boundaries in the development of information governance services.

Skills

Essential

  • Highest level of communication skills, written and verbal. Should include the ability to overcome significant barriers with the highest level of interpersonal skills when providing and receiving highly sensitive complex information.
  • Ability to carry out audits regarding Trust performance relating to Information Governance together with complex analysis of results in order to develop reports.

Attitude, aptitude

Essential

  • Effective role model, demonstrating NNUH's PRIDE values of People focussed, Respect, Integrity, Dedication and Excellence
  • Demonstrates understanding and commitment to Equality, Diversity and Inclusion
  • Flexibility in approach to work - ability to take on unscheduled tasks.
Person Specification

Qualifications

Essential

  • Educated to Masters Degree level with in-depth specialised knowledge acquired through training and relevant experience.
  • ISEB Certificate in Information Risk Management
  • ISEB Certificate in Information Security Management Principles

Experience

Essential

  • Extensive experience in a senior Information Management role, specifically incorporating experience in the field of Information Governance, Cyber Security and Data Protection
  • Experience of working across organisational boundaries in the development of information governance services.

Skills

Essential

  • Highest level of communication skills, written and verbal. Should include the ability to overcome significant barriers with the highest level of interpersonal skills when providing and receiving highly sensitive complex information.
  • Ability to carry out audits regarding Trust performance relating to Information Governance together with complex analysis of results in order to develop reports.

Attitude, aptitude

Essential

  • Effective role model, demonstrating NNUH's PRIDE values of People focussed, Respect, Integrity, Dedication and Excellence
  • Demonstrates understanding and commitment to Equality, Diversity and Inclusion
  • Flexibility in approach to work - ability to take on unscheduled tasks.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Norfolk and Norwich University Hospital

Address

Norfolk & Norwich University Hospital

Colney Lane

Norwich

NR4 7UY


Employer's website

https://teamnnuh.co.uk/ (Opens in a new tab)


Employer details

Employer name

Norfolk and Norwich University Hospital

Address

Norfolk & Norwich University Hospital

Colney Lane

Norwich

NR4 7UY


Employer's website

https://teamnnuh.co.uk/ (Opens in a new tab)


For questions about the job, contact:

Associate Director of Digital Health

Ben Everitt

ben.everitt@nnuh.nhs.uk

01603645599

Date posted

27 August 2024

Pay scheme

Agenda for change

Band

Band 8b

Salary

£58,972 to £68,525 a year per annum, pro rata

Contract

Permanent

Working pattern

Full-time, Part-time, Flexible working, Home or remote working, Compressed hours

Reference number

234-24-C1127

Job locations

Norfolk & Norwich University Hospital

Colney Lane

Norwich

NR4 7UY


Supporting documents

Privacy notice

Norfolk and Norwich University Hospital's privacy notice (opens in a new tab)