Job summary
Reporting directly to the Deputy Head of DPO Services, the Privacy Officer is responsible for the development and delivery of privacy auditing reports from a variety of Trust applications and national applications, to provide assurance for the Trust Privacy Programme.
The Privacy Officer will also be developing and leading information security audits, looking at both physical and logical controls to support the provision of assurance evidence for the Data Security and Protection Toolkit, Cyber Essentials Plus, and other external audit requirements.
In addition, the Privacy Officer will have a pivotal role in supporting the investigation of data protection complaints and data protection incidents through the provision of bespoke privacy audit reports.
The post holder will also support the DPO Services Team and assist in the review of assurances required to support informational relationships between the Trust and third party organisations including other NHS organisations and third party suppliers of information processing.
This requires a highly motivated individual who can give informed and precise written advice based upon interpretation of relevant legislation and standards that support data protection.
A motivated and driven individual with experience of NHS Information Systems and support can develop this opportunity into a specialist expert career in data protection management.
Main duties of the job
The Privacy Officer will be responsible for fulfilment of the designated "Privacy Officer" role as required by NHS Digital the DSP Toolkit. The post-holder will service the Trust's complex and manifold informational relationships covering Joint Controllership of Data, Data Processing and as a Data Controller that utilises nationally provided information systems.
The role will be Trust facing, working with key operational and clinical staff to ensure that the audit systems are configured to meet the Trust's needs, the Trust Data Protection Console is updated, with regular privacy reports and to ensure escalation with senior management and Human Resources where there has been a data breach or an abuse of authorised access or any other privacy related issue generated through regular monitoring and investigation of auditing systems and password control systems.
About us
At Imperial College Healthcare you can achieve extraordinary things with extraordinary people, working with leading clinicians pushing boundaries in patient care. Become part of a vibrant team living our values - expert, kind, collaborative and aspirational. You'll get an experience like no other and will fast forward your career.
Benefits include career development, flexible working and wellbeing, staff recognition scheme. Make use of optional benefits including Cycle to work, car lease schemes, season ticket loan or membership options for onsite leisure facilities.
We are committed to equal opportunities and improving the working lives of our staff and will consider applications to work flexibly, part-time or job share.
Job description
Job responsibilities
The full job description provides an overview of the key tasks and responsibilities of the role and the person specification outlines the qualifications, skills, experience and knowledge required. For both overviews please view the Job Description attachment with the job advert
Job description
Job responsibilities
The full job description provides an overview of the key tasks and responsibilities of the role and the person specification outlines the qualifications, skills, experience and knowledge required. For both overviews please view the Job Description attachment with the job advert
Person Specification
Education/ Qualifications
Essential
- Educated to Degree level or demonstrable and relevant equivalent experience
- Specialist information management / reporting qualification or demonstrable experience - complemented by evidence of practical application
Desirable
- On-going professional development in project management field
- PRINCE Project management Qualification in ITIL Service Management, Change Management.
Experience
Essential
- Understanding of the GDPR and the Trust informational relationships as both a data controller and data processor with other organisations
- Understanding of the role of the Information Commissioner (ICO)
- Understanding the role of the Head of DPO Services, ICHT Data Protection Officer
- Understanding of third party controller - processor relationships using governance compliance
- Experience of using either a Project risk log, operational risk register or corporate risk register
Desirable
- Understanding of ONE TRUST or similar Data Protection Management Console
- Knowledge of Cerner Millenium functionality
- Knowledge of ESR, Active Directory
- Experience of using a call management system such as LANDesk
- Experience of using the Information Governance Toolkit
Skills/Knowledge/Abilities
Essential
- Able to work with minimum supervision, taking considered decisions to prioritise the work in accordance with agreed priorities with stakeholders and management
- Able to interpret and advise on data protection requirements such as data protection impact assessment in support of the Head / Deputy of DPO Services
- Able to communicate project progress/issues to all levels of the Trust, both verbally and in written reports, as well as to external third parties.
- Excellent ability to communicate verbally and in writing to audiences at all levels. Comfortable in presenting complex ideas to large mixed audiences, with ability to effectively present to a live audience of 200 or more, for training purposes.
Person Specification
Education/ Qualifications
Essential
- Educated to Degree level or demonstrable and relevant equivalent experience
- Specialist information management / reporting qualification or demonstrable experience - complemented by evidence of practical application
Desirable
- On-going professional development in project management field
- PRINCE Project management Qualification in ITIL Service Management, Change Management.
Experience
Essential
- Understanding of the GDPR and the Trust informational relationships as both a data controller and data processor with other organisations
- Understanding of the role of the Information Commissioner (ICO)
- Understanding the role of the Head of DPO Services, ICHT Data Protection Officer
- Understanding of third party controller - processor relationships using governance compliance
- Experience of using either a Project risk log, operational risk register or corporate risk register
Desirable
- Understanding of ONE TRUST or similar Data Protection Management Console
- Knowledge of Cerner Millenium functionality
- Knowledge of ESR, Active Directory
- Experience of using a call management system such as LANDesk
- Experience of using the Information Governance Toolkit
Skills/Knowledge/Abilities
Essential
- Able to work with minimum supervision, taking considered decisions to prioritise the work in accordance with agreed priorities with stakeholders and management
- Able to interpret and advise on data protection requirements such as data protection impact assessment in support of the Head / Deputy of DPO Services
- Able to communicate project progress/issues to all levels of the Trust, both verbally and in written reports, as well as to external third parties.
- Excellent ability to communicate verbally and in writing to audiences at all levels. Comfortable in presenting complex ideas to large mixed audiences, with ability to effectively present to a live audience of 200 or more, for training purposes.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
