Go back
Kettering General Hospital NHS Foundation Trust

Data Security and Protection Team Leader

The closing date is 24 February 2026

Apply for this job

Job summary

An exciting opportunity has arisen at University Hospitals of Northamptonshire (UHN) for a proactive and passionate Data Security & Protection (DSP) Team Leader to join our dynamic and fast-paced Data, Security & Protection Team.This is a pivotal role supporting both Northampton General Hospital and Kettering General Hospital as part of our Group approach to ensuring we meet our legal, statutory and regulatory obligations relating to the security and protection of personal data.

As our DSP Team Leader, you will play a key part in completion of the Group's DSP Toolkits and managing the DSP Team to ensure all areas of the DSP Toolkit framework are delivered.

Main duties of the job

Key responsibilities include:

  • Leading the delivery of DSP workstreams and ensuring evidence is maintained for DSP Toolkit standards.
  • Managing, triaging, and supporting investigation of DSP incidents via Datix.
  • Delivering DSP training (classroom, small groups and virtual).
  • Overseeing the completion and quality of Data Protection Impact Assessments (DPIAs).
  • Supporting information sharing governance using the Information Sharing Gateway.
  • Raising awareness of data security issues across the Group and promoting best practice.
  • Acting as a key point of contact for colleagues seeking specialist DSP support.

About us

Please submit your application as soon as possible as we reserve the right to close adverts once we have received sufficient applications

Kettering General Hospital NHS Foundation Trust is on an exciting journey with all of our divisions committed to doing things better, with more efficiency as we update, modernise, and advance. We have also entered a Group Model with neighbouring Northampton General Hospital NHS Trust and become University Hospitals of Northamptonshire (UHN). As part of this collaborative approach, there may be a requirement for you to work across both the Kettering and Northampton hospital sites, depending on the needs of the service.

Our Excellence Values

  • Compassion
  • Accountability
  • Respect
  • Integrity
  • Courage

We want to recruit the best people to deliver our services across UHN and help to unleash everyone's full potential.

UHN encourages applications from people who identify from all protected groups. We understand that we need to work with colleagues from diverse backgrounds and make sure the environment they work in is inclusive and collaborative.

We recognise the valuable contribution that the Armed Forces community make to our organisation. We have signed the Armed Forces Covenant and achieved Silver Award under the Armed Forces Employer Recognition Scheme.

We have active Networks that promote and support colleagues from all backgrounds. This ensures everyone feels supported and has a sense of belonging working for UHN.

Details

Date posted

10 February 2026

Pay scheme

Agenda for change

Band

Band 6

Salary

£38,682 to £46,580 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

264-7707683-COR

Job locations

Kettering General Hospital

Rothwell Road

Kettering

NN16 8UZ


Job description

Job responsibilities

The post holder will be the Data Security & ProtectionTeam Leader. In particular, the post holder will:

  • act as the expert source of advice andexpertisein DSP for theGroup;

  • supportthe development for clinical administration functions within the organisation identifyinginformation governance risks and issues and providing recommendations for change

  • increase the profileof Data Security and Protectionwithin the organisation andactively supporta culture change so that staff are aware of their responsibilities and duties towards confidentiality,integrityand availability of information;

  • ensure processes are in place formonitoringthe secure disposal of IT and hardware assets;

  • initiate and plan aprogramme of workthat ensures theGroupcomplies withthe requirements of the Data Security & Protection Toolkit;

  • completion of the annual Data Security & Protection Toolkit submission and the collation of supporting evidencewhich is analysed and updated to ensure compliance;

  • lead a range of audits which will check compliance with the DSP toolkit, research and development and incident management activities, developing improved systems and processes for data quality, data security and protection, dataintegrityand availability.

  • work in partnership with theGroupsCyber SecurityLeadto ensure that all Cyber related toolkit assertions are met within the NHSD deadlineand any gaps in assurance are identified with a plan in place for compliance

  • implement andmaintaincompliancewith relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998;

  • investigate and resolveinformation securityissues andprocessesforsystems which are process personal and/or trust sensitive data.

  • Implement the DSP training strategy forthe delivery of the Trusts IG training needs, ensuring that theGroupmeets the NHSD target for mandatory training, working in partnership with the Trusts Learning & Development service

  • Deliver information governance trainingif and whennecessary

  • Implement policies and propose changes toGroupDSP policies asappropriate,conductingmonitoring compliance with those policies and protocolsand ensuring they are compliant with Data Protection Act and GDPR legislation

  • conduct data protectionimpact assessments (DPIA) where necessary and ensure theGroupadheres to thedataprivacy by designand default asset outin Article 25 GDPR

  • act as theUHNinformation security expert to ensure any identified risks are communicated to the Head of Technology and Head of Clinical Systems to enable new systems to be implemented safely

  • assign DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads

  • ensure that allGroupDPIAs, Assets, Flows and third parties are appropriately recorded on the Information Sharing Gateway and signed off by the relevantDPO and SIROs

  • Be an escalation point for the DSP analysts to ensure DPIAs are in line with GDPR legislation, redesigning systems,processesand procedures to meet the Data Security by Design and Defaultcriteria

  • communicate complex information to a range of audiences and be able to influence and persuade staff of the importance of excellent DSP standards

  • Lead the collationofrelevant reports and information for complianceand performancereporting, inspections and internal assuranceensuring presentations articulate statistical,analyticaland complex reportingto Groupand Boardmandated meetings

  • Coordinate the Data Governance Group and Information Governance Group meetings, ensuring relevant reports, minutes actions and decisions are recorded, delegating tasks to the DSP administrator as appropriate

  • Attend group,Trustand project meetings to provide expert Data Security and Protection advice and guidance to enable the effective adoption of expectations and policy

  • Coordinate reported incidents on Datix to ensure they are appropriately managed and actions are taken

  • Escalate incidents to the relevant DPO when they meet the criteria for a Serious Incident / reportable to the ICO

  • Manage the DSP Toolkit Incident reporting mechanism, ensuring all SeriousIncidentsare reported with 72 hours

  • Provide IG input,advice, guidance forResearch&Developmentprogrammes

  • Deputise for the DSPManagerwhenrequired

  • Ensure that the Information Sharing Gatewayis administeredasappropriateinrespect ofmaintainingsignificant assurance status across the group, being the lead and expert for use of the ISG, proposing recommendations for improvements to the national system for process,analyticsand reporting.

  • coordinatethe effective investigation ofany and allIG related incidents, working with the relevant manager in whose service the incident occurred, where necessary, to ensureappropriate actionhas been taken in relation to the incident;

  • To speak to staff,patientsand family members on the telephone as an escalation point for the DSP analyst,demonstratingunderstanding,compassionand knowledge in difficult,challengingand emotional circumstances.

  • attendserious investigation panels anddraftreports to the CCG which give assurance that due diligence has been carried outregardingall serious incidents

  • ensure that a root cause analysis is performed on all serious incidents with relevant actions recorded, and acted upon to ensure such incidents do not re-occur

  • work with the complaints team and directly with members of the public to communicate appropriatelyregardingany DSP grievances and queries

  • maintaintheGroupInformation Asset register and data flow maps and, also, whereappropriate, provide training to Information Asset Owners and Administrators

  • be afirstpoint of contact for Data Subjectswith regard toall issues related to processing of their personal data and to the exercise of their rights underthe UK GDPR

  • tomaintaintheirspecialistknowledgein Data Protection Law and UK GDPR

  • update the Internet and Intranet pages for DSPasappropriate, ensuring it is up to date with pertinent adviceandguidance,includingapplicable FAQs and relevant legislation

Workforce

The Data Security & ProtectionTeam Leaderwill have line management responsibility for theDSP Team, ensuring that all staff have annual performance reviews, objectives andappraisalsin line withthe Groupobjectives, ensuringthey have the equipment necessary to fulfil their roles and the HR management tools are managed effectively.They will be an active role in recruitment,inductionand local training.

  • Ensure anadequate skill mix andthat the office is appropriately managed

  • To provide specialised training,adviceand guidance to DSPTeam members as and whenrequired

  • To manage the team in ensuring all members adhere to Trust Values and lead by example

  • ToleadDSPTeam recruitment;

  • Toensure thee-rostering systemis signed off on a weekly basis

  • To carry out appraisals, team performancemanagementand disciplinary processes

  • To be the lead contact for HR queries relating to the team

Job description

Job responsibilities

The post holder will be the Data Security & ProtectionTeam Leader. In particular, the post holder will:

  • act as the expert source of advice andexpertisein DSP for theGroup;

  • supportthe development for clinical administration functions within the organisation identifyinginformation governance risks and issues and providing recommendations for change

  • increase the profileof Data Security and Protectionwithin the organisation andactively supporta culture change so that staff are aware of their responsibilities and duties towards confidentiality,integrityand availability of information;

  • ensure processes are in place formonitoringthe secure disposal of IT and hardware assets;

  • initiate and plan aprogramme of workthat ensures theGroupcomplies withthe requirements of the Data Security & Protection Toolkit;

  • completion of the annual Data Security & Protection Toolkit submission and the collation of supporting evidencewhich is analysed and updated to ensure compliance;

  • lead a range of audits which will check compliance with the DSP toolkit, research and development and incident management activities, developing improved systems and processes for data quality, data security and protection, dataintegrityand availability.

  • work in partnership with theGroupsCyber SecurityLeadto ensure that all Cyber related toolkit assertions are met within the NHSD deadlineand any gaps in assurance are identified with a plan in place for compliance

  • implement andmaintaincompliancewith relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998;

  • investigate and resolveinformation securityissues andprocessesforsystems which are process personal and/or trust sensitive data.

  • Implement the DSP training strategy forthe delivery of the Trusts IG training needs, ensuring that theGroupmeets the NHSD target for mandatory training, working in partnership with the Trusts Learning & Development service

  • Deliver information governance trainingif and whennecessary

  • Implement policies and propose changes toGroupDSP policies asappropriate,conductingmonitoring compliance with those policies and protocolsand ensuring they are compliant with Data Protection Act and GDPR legislation

  • conduct data protectionimpact assessments (DPIA) where necessary and ensure theGroupadheres to thedataprivacy by designand default asset outin Article 25 GDPR

  • act as theUHNinformation security expert to ensure any identified risks are communicated to the Head of Technology and Head of Clinical Systems to enable new systems to be implemented safely

  • assign DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads

  • ensure that allGroupDPIAs, Assets, Flows and third parties are appropriately recorded on the Information Sharing Gateway and signed off by the relevantDPO and SIROs

  • Be an escalation point for the DSP analysts to ensure DPIAs are in line with GDPR legislation, redesigning systems,processesand procedures to meet the Data Security by Design and Defaultcriteria

  • communicate complex information to a range of audiences and be able to influence and persuade staff of the importance of excellent DSP standards

  • Lead the collationofrelevant reports and information for complianceand performancereporting, inspections and internal assuranceensuring presentations articulate statistical,analyticaland complex reportingto Groupand Boardmandated meetings

  • Coordinate the Data Governance Group and Information Governance Group meetings, ensuring relevant reports, minutes actions and decisions are recorded, delegating tasks to the DSP administrator as appropriate

  • Attend group,Trustand project meetings to provide expert Data Security and Protection advice and guidance to enable the effective adoption of expectations and policy

  • Coordinate reported incidents on Datix to ensure they are appropriately managed and actions are taken

  • Escalate incidents to the relevant DPO when they meet the criteria for a Serious Incident / reportable to the ICO

  • Manage the DSP Toolkit Incident reporting mechanism, ensuring all SeriousIncidentsare reported with 72 hours

  • Provide IG input,advice, guidance forResearch&Developmentprogrammes

  • Deputise for the DSPManagerwhenrequired

  • Ensure that the Information Sharing Gatewayis administeredasappropriateinrespect ofmaintainingsignificant assurance status across the group, being the lead and expert for use of the ISG, proposing recommendations for improvements to the national system for process,analyticsand reporting.

  • coordinatethe effective investigation ofany and allIG related incidents, working with the relevant manager in whose service the incident occurred, where necessary, to ensureappropriate actionhas been taken in relation to the incident;

  • To speak to staff,patientsand family members on the telephone as an escalation point for the DSP analyst,demonstratingunderstanding,compassionand knowledge in difficult,challengingand emotional circumstances.

  • attendserious investigation panels anddraftreports to the CCG which give assurance that due diligence has been carried outregardingall serious incidents

  • ensure that a root cause analysis is performed on all serious incidents with relevant actions recorded, and acted upon to ensure such incidents do not re-occur

  • work with the complaints team and directly with members of the public to communicate appropriatelyregardingany DSP grievances and queries

  • maintaintheGroupInformation Asset register and data flow maps and, also, whereappropriate, provide training to Information Asset Owners and Administrators

  • be afirstpoint of contact for Data Subjectswith regard toall issues related to processing of their personal data and to the exercise of their rights underthe UK GDPR

  • tomaintaintheirspecialistknowledgein Data Protection Law and UK GDPR

  • update the Internet and Intranet pages for DSPasappropriate, ensuring it is up to date with pertinent adviceandguidance,includingapplicable FAQs and relevant legislation

Workforce

The Data Security & ProtectionTeam Leaderwill have line management responsibility for theDSP Team, ensuring that all staff have annual performance reviews, objectives andappraisalsin line withthe Groupobjectives, ensuringthey have the equipment necessary to fulfil their roles and the HR management tools are managed effectively.They will be an active role in recruitment,inductionand local training.

  • Ensure anadequate skill mix andthat the office is appropriately managed

  • To provide specialised training,adviceand guidance to DSPTeam members as and whenrequired

  • To manage the team in ensuring all members adhere to Trust Values and lead by example

  • ToleadDSPTeam recruitment;

  • Toensure thee-rostering systemis signed off on a weekly basis

  • To carry out appraisals, team performancemanagementand disciplinary processes

  • To be the lead contact for HR queries relating to the team

Person Specification

Education, Training & Qualifications

Essential

  • Educated to Degree level or equivalent level of education, training or experience.
  • Significant experience in IG/DSP related activities across a Health and Care setting, or to have significant experience of working at a senior level in a public sector body
  • Practitioner Qualification on Data Protection Act or the General Data Protection Regulation

Desirable

  • ISO 17024- accredited GDPR Foundation and Practitioner certificate or evidence of further education in the application of ISO/IEC 27002:2013 and other associated standards.
  • Evidence of continuing professional development.

Knowledge & Experience

Essential

  • Working knowledge and understanding of the Data Security and Protection toolkit
  • Substantial experience of practical implementation of the Data Protection Act
  • Experience of working within NHS or similar large multi-disciplinary organisation in a similar role.
  • Experience of staff / team leadership
  • Experience of delivering awareness and training programmes for staff at ranging levels

Desirable

  • Experience of working with internal and external auditors
  • Experience of working with or supporting the implementation of security systems

Skills

Essential

  • Developed interpersonal skills within groups and on a one-to-one basis
  • Ability to mentor, teach and coach
  • Ability to analyse and interpret situations where there are conflicting legal / ethical standards and service requirements, and develop an appropriate and justified response on behalf of the Trust.
  • Ability to solve problems and use initiative to secure desired outcomes
  • Ability to prioritise between competing demands and allocate resources accordingly
  • Ability to manage time effectively and efficiently

Desirable

  • Proven ability to undertake communication campaigns
  • Negotiating and influencing skills

Key Competencies/ Personal Qualities & Attributes

Essential

  • Passionate and committed to bring our Dedicated to Excellence values to life, improving the way we work with each other, particularly focusing on empowerment, equality diversity and inclusion of our staff, patients and service users
  • High level of drive and determination
  • Self-motivated to work on own initiative.
  • Developed attention to detail and accuracy

Desirable

  • Must be able to understand the needs of patients and deal with all contacts in a sensitive manner
Person Specification

Education, Training & Qualifications

Essential

  • Educated to Degree level or equivalent level of education, training or experience.
  • Significant experience in IG/DSP related activities across a Health and Care setting, or to have significant experience of working at a senior level in a public sector body
  • Practitioner Qualification on Data Protection Act or the General Data Protection Regulation

Desirable

  • ISO 17024- accredited GDPR Foundation and Practitioner certificate or evidence of further education in the application of ISO/IEC 27002:2013 and other associated standards.
  • Evidence of continuing professional development.

Knowledge & Experience

Essential

  • Working knowledge and understanding of the Data Security and Protection toolkit
  • Substantial experience of practical implementation of the Data Protection Act
  • Experience of working within NHS or similar large multi-disciplinary organisation in a similar role.
  • Experience of staff / team leadership
  • Experience of delivering awareness and training programmes for staff at ranging levels

Desirable

  • Experience of working with internal and external auditors
  • Experience of working with or supporting the implementation of security systems

Skills

Essential

  • Developed interpersonal skills within groups and on a one-to-one basis
  • Ability to mentor, teach and coach
  • Ability to analyse and interpret situations where there are conflicting legal / ethical standards and service requirements, and develop an appropriate and justified response on behalf of the Trust.
  • Ability to solve problems and use initiative to secure desired outcomes
  • Ability to prioritise between competing demands and allocate resources accordingly
  • Ability to manage time effectively and efficiently

Desirable

  • Proven ability to undertake communication campaigns
  • Negotiating and influencing skills

Key Competencies/ Personal Qualities & Attributes

Essential

  • Passionate and committed to bring our Dedicated to Excellence values to life, improving the way we work with each other, particularly focusing on empowerment, equality diversity and inclusion of our staff, patients and service users
  • High level of drive and determination
  • Self-motivated to work on own initiative.
  • Developed attention to detail and accuracy

Desirable

  • Must be able to understand the needs of patients and deal with all contacts in a sensitive manner

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Kettering General Hospital NHS Foundation Trust

Address

Kettering General Hospital

Rothwell Road

Kettering

NN16 8UZ


Employer's website

https://www.kgh.nhs.uk/working-for-us (Opens in a new tab)

Employer details

Employer name

Kettering General Hospital NHS Foundation Trust

Address

Kettering General Hospital

Rothwell Road

Kettering

NN16 8UZ


Employer's website

https://www.kgh.nhs.uk/working-for-us (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Data Security and Protection

Sally Berrill

sally.berrill@nhs.net

Details

Date posted

10 February 2026

Pay scheme

Agenda for change

Band

Band 6

Salary

£38,682 to £46,580 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

264-7707683-COR

Job locations

Kettering General Hospital

Rothwell Road

Kettering

NN16 8UZ


Supporting documents

Privacy notice

Kettering General Hospital NHS Foundation Trust's privacy notice (opens in a new tab)