Go back
South London and Maudsley NHS Foundation Trust

Privacy and Risk officer

The closing date is 15 December 2025

Apply for this job

Job summary

The post-holder will be an enthusiastic, self-motivated, innovative professional with good understanding of patient confidentiality, privacy, data security, social media and digital health and social care services.

The key objective of this role will be to provide assistance to the service with regards to the changes impacted by GDPR and to support the new requirements of Data Security and Protection Toolkit.

The post holder will be required to assist the Privacy Manager by providing Data Protection Impact Assessments and assurance for existing and upcoming service, application, system developments across the Trust in key partnerships.

Career Progression pathways and development opportunities:

We are committed to get the very best out of our staff and support staff in their career aspirations. We have career pathways available, where you will be able to develop your skills and build on your experience to progress into other roles across different specialties. For this role, we offer career pathways to Senior manager roles within the IG and the wider team. In addition, we offer ongoing training and development in conjunction with the BCS membership.

Main duties of the job

The post holder will be expected to assess current and upcoming developments including service design, technical and innovative digital developments and applications for privacy impact and compliance with national information governance standards.

The post holder will provide administrative support to the Information Security Committee.

The post holder will undertake tasks required to maintain compliance with the Information Asset Register whilst supporting the overall information governance operation program led by the Deputy IG Lead.

The post holder will be required to undertake surveys and assessments of staff and public learning needs as well as stakeholder engagement support,

The post holder will act as a communication champion for the IG Team and support close links with local and regional stakeholder groups.

Flexible working:

As one of the few Trusts in London we are proud to offer flexible working as part of our new ways of working, and we are happy to talk flexible working at the interview stage. In this role you will be able to work Monday to Friday in the time frames from 8am to 6pm, giving you the very best of good work life balance.

About us

The Role sits within the Information Governance function, which forms part of the Digital Services team.

Information governance (IG) provides a framework to bring together all the legal rules, guidance and best practice that apply to the handling and security of information.

IG is about setting a high standard for the handling of information through a robust IT security assurance and complying with the law and national standards.

We ensure a high standard of information handling across the Trust, covering information security, data protection, freedom of information and privacy.

About our locations:

Maudsley Hospital (headquarters)

Our Trust headquarters is located at Denmark Hill less than 5 minutes from the train station (zone 2) and is within walking distance from the beautiful green spaces of Ruskin park and the vibrant high-street that offers great shopping opportunities and with a wide range restaurants.

Details

Date posted

01 December 2025

Pay scheme

Agenda for change

Band

Band 5

Salary

£37,259 to £45,356 a year per annum inclusive of HCAS

Contract

Permanent

Working pattern

Full-time

Reference number

334-NCL-7626902-MU

Job locations

Maudsley

London

SE5 8AZ


Job description

Job responsibilities

The post holder will be expected to demonstrate independent working skills with minimum supervision with confidence and expertise to advise on issues that relate to data privacy, information assets, assurance, good social media and digital health app governance.

Assist with privacy design, impact and outcomes of existing and upcoming services, applications, systems and polices across the Trust and in key partnerships.

Assist with privacy enhancing techniques to maximise utilisation of healthcare and corporate data for service provision, improvements, audit, research and corporate governance whilst mitigating any impact on patient and public privacy

Co-ordinate, negotiate and influence design of existing and upcoming services, applications, system developments across the Trust

Assist with Data Protection Impact Assessments and to ensure delivery of the agreed actions through liaison with the stakeholders in order to gain public and patient Trust.

Assist the Privacy Manager to ensure that the Trust meets the highest standards of privacy in the implementation of existing and upcoming services, application, system and policy development across the Trust

To produce reports for the Team and Digital Services

To provide administrative support for the cyber programme and the Information Security Committee

Act in an advisory role on best practice on privacy in line with health and social care standards.

Undertake work to support the IG Team with the GDPR implementation plan

Support the Deputy IG Lead with the Data Protection Standards

Support the Information Governance Management team, the Data Protection Officer, Caldicott Guardian and the Chief Information Officer for the successful delivery of the Information Governance Action Plan.

To support the customer focused and service user centred service model and culture

Job description

Job responsibilities

The post holder will be expected to demonstrate independent working skills with minimum supervision with confidence and expertise to advise on issues that relate to data privacy, information assets, assurance, good social media and digital health app governance.

Assist with privacy design, impact and outcomes of existing and upcoming services, applications, systems and polices across the Trust and in key partnerships.

Assist with privacy enhancing techniques to maximise utilisation of healthcare and corporate data for service provision, improvements, audit, research and corporate governance whilst mitigating any impact on patient and public privacy

Co-ordinate, negotiate and influence design of existing and upcoming services, applications, system developments across the Trust

Assist with Data Protection Impact Assessments and to ensure delivery of the agreed actions through liaison with the stakeholders in order to gain public and patient Trust.

Assist the Privacy Manager to ensure that the Trust meets the highest standards of privacy in the implementation of existing and upcoming services, application, system and policy development across the Trust

To produce reports for the Team and Digital Services

To provide administrative support for the cyber programme and the Information Security Committee

Act in an advisory role on best practice on privacy in line with health and social care standards.

Undertake work to support the IG Team with the GDPR implementation plan

Support the Deputy IG Lead with the Data Protection Standards

Support the Information Governance Management team, the Data Protection Officer, Caldicott Guardian and the Chief Information Officer for the successful delivery of the Information Governance Action Plan.

To support the customer focused and service user centred service model and culture

Person Specification

Qualifications

Essential

  • Educated at least to degree level or equivalent professional qualifications

Desirable

  • Member of a professional body (BCS)
  • Prince 2 trained at Foundation or Practitioner level
  • ITIL Service Management Foundation
  • Professional IT qualification (MCP / MCSE / A+)

Knowledge and Skills

Essential

  • Experience of working in an ICT/ patient information, confidentiality, information governance, environment - customer service provision field
  • Evidence of professional development
  • Knowledge, good understanding and experience of applications of the Data Protection Act (2018), General Data Protection Regulation (GDPR) and the Freedom of Information Act (2000)
  • Specialist knowledge, good understanding and experience of applications of the national information governance and privacy standards set by the HSCIC
  • Knowledge and good understanding of the Data Security Standards
  • Good understanding of risks to privacy and experience of completing Data Protection Impact Assessments
  • Experience of risk assessment and mitigation
  • Experience of senior management assistance and diary management
  • Experience of dealing with a broad range of complex activities with adequate planning and organisational skills
  • Experience of working and engaging with a variety of senior staff
  • Track record of successful project management
  • Track record of workshop, seminar, conference planning
  • Knowledge of equalities and how these may impact in supervisory situations
  • Knowledge of Mental health services and awareness of mental health issues
  • Experience of multi-professional and multi-agency collaboration
  • Ability to work to achieve agreed objectives independently working within broad organisational and departmental policies
  • Ability to act as a specialist in own area
  • Ability to handle highly complex and sensitive information for communication with staff at all levels, including senior managers,
  • Ability to apply analytical skills to resolve complex issues and return with solutions that are clear and easy to understand
  • Ability to gain commitment from staff in a variety of settings to becoming stakeholders and / or active participants in Projects and assessments
  • A logical and sensible approach to problem solving
  • Have the ability to organise and prioritise workload and be able to work under pressure dealing with complex issues
  • Negotiation, influencing and persuading skills.
  • Confident, pro-active and self-motivated in completing work to a high standard in conjunction with other staff
  • Excellent team skills and ability to work with members of own and other teams and departments at all levels of the organisation.

Desirable

  • Experience of service user involvement in a mental health environment
  • Experience of drafting Data processing agreements, data transfer agreements and non-disclosure agreements
Person Specification

Qualifications

Essential

  • Educated at least to degree level or equivalent professional qualifications

Desirable

  • Member of a professional body (BCS)
  • Prince 2 trained at Foundation or Practitioner level
  • ITIL Service Management Foundation
  • Professional IT qualification (MCP / MCSE / A+)

Knowledge and Skills

Essential

  • Experience of working in an ICT/ patient information, confidentiality, information governance, environment - customer service provision field
  • Evidence of professional development
  • Knowledge, good understanding and experience of applications of the Data Protection Act (2018), General Data Protection Regulation (GDPR) and the Freedom of Information Act (2000)
  • Specialist knowledge, good understanding and experience of applications of the national information governance and privacy standards set by the HSCIC
  • Knowledge and good understanding of the Data Security Standards
  • Good understanding of risks to privacy and experience of completing Data Protection Impact Assessments
  • Experience of risk assessment and mitigation
  • Experience of senior management assistance and diary management
  • Experience of dealing with a broad range of complex activities with adequate planning and organisational skills
  • Experience of working and engaging with a variety of senior staff
  • Track record of successful project management
  • Track record of workshop, seminar, conference planning
  • Knowledge of equalities and how these may impact in supervisory situations
  • Knowledge of Mental health services and awareness of mental health issues
  • Experience of multi-professional and multi-agency collaboration
  • Ability to work to achieve agreed objectives independently working within broad organisational and departmental policies
  • Ability to act as a specialist in own area
  • Ability to handle highly complex and sensitive information for communication with staff at all levels, including senior managers,
  • Ability to apply analytical skills to resolve complex issues and return with solutions that are clear and easy to understand
  • Ability to gain commitment from staff in a variety of settings to becoming stakeholders and / or active participants in Projects and assessments
  • A logical and sensible approach to problem solving
  • Have the ability to organise and prioritise workload and be able to work under pressure dealing with complex issues
  • Negotiation, influencing and persuading skills.
  • Confident, pro-active and self-motivated in completing work to a high standard in conjunction with other staff
  • Excellent team skills and ability to work with members of own and other teams and departments at all levels of the organisation.

Desirable

  • Experience of service user involvement in a mental health environment
  • Experience of drafting Data processing agreements, data transfer agreements and non-disclosure agreements

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

South London and Maudsley NHS Foundation Trust

Address

Maudsley

London

SE5 8AZ


Employer's website

https://www.slam.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

South London and Maudsley NHS Foundation Trust

Address

Maudsley

London

SE5 8AZ


Employer's website

https://www.slam.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Privacy and Risk Manager

Chris Howarth

christopher.howarth@slam.nhs.uk

Details

Date posted

01 December 2025

Pay scheme

Agenda for change

Band

Band 5

Salary

£37,259 to £45,356 a year per annum inclusive of HCAS

Contract

Permanent

Working pattern

Full-time

Reference number

334-NCL-7626902-MU

Job locations

Maudsley

London

SE5 8AZ


Supporting documents

Privacy notice

South London and Maudsley NHS Foundation Trust's privacy notice (opens in a new tab)