Job summary
We are recruiting for a Head of Information Governance and Security who shares our vision to be trusted to provide consistently outstanding care and exemplary service to our patients
The post holder will be responsible as the designated specialist on information security and IT Governance including GDPR for East & North Herts NHS Trust (ENH) and provide an expert specialist advice service, in accordance with national, regional and local IG and cyber security policies.
In addition, the post holder will be expected to work with and have access to Chief Executive Officers and Senior Managers should a significant security breach occur.
To be a member of the Information governance steering group and provide expertise and support for the cyber security improvement plans identified through the Data Security Protection Toolkit.
To provide this support by making an expert assessment of current IT security controls and make proposals to develop technical and managerial measures to improve IT security.
Our Values are Include, Respect and Improve. It is important that you understand and refer to our values during your recruitment process and beyond!
Main duties of the job
To lead and ensure the timely completion of the annual Data Security and Protection Toolkit, and take the lead on specific measures, in order to gain internal authorisation prior to submission in line with the national deadlines.
To identify risks across the Trust in relation to information governance, ensure actions taken to mitigate the risks and escalated as appropriate and maintain an Information Governance Risk Register.
Interpret the legislation and national guidance in relation to Information Governance and make recommendations to ensure that the Trust meets the requirements.
To liaise with key stakeholders across all Trust sites and undertake a review of the Trust's Information data mapping and then develop and implement a year on year improvement plan that takes into account the current and future needs of the Trust.
Develop an expert knowledge of legislation relating to the Data Protection Act, GDPR, NHS Codes of Practice and legal obligations for data confidentiality, data security, and related topics and use this to inform the Trust business processes.
To identify areas in which ENH is inadequately covered by IT security policies and procedures and, in consultation with Digital leads, Data Protection Officer (DPO) and industry expert Support senior managers in presenting these to the relevant Boards or other approval bodies.
To report progress, issues, risk and assurance to the CIO/SIRO and to the Trust Board through the agreed governance structure.
About us
At East and North Hertfordshire NHS Trust, we are proud of the range of general & specialist services we provide & our 6,000 or so dedicated staff ensure our patients get the best care. Our ability to be flexible & innovative in the way in which we work and deliver our services to our catchment has never been more important than it is now.
We run the following hospitals:
- The Lister Hospital, Stevenage
- New Queen Elizabeth II (New QEII), Welwyn Garden City
- Hertford County, Hertford
- Mount Vernon Cancer Centre (MVCC), Northwood
We have ambitious plans to become an outstanding, patient-led Trust where dedicated staff provide high-quality, compassionate care to our patients. We continue to undergo significant transformation; our staff & patients are at the heart of delivering this ambitious agenda.
We understand that finding and starting a new job is an important life decision. If you need reasonable adjustments for a disability, or a life event, such as menopause - so that we can consider your application fairly & to get the best out of you during the selection process, please let us know.
We are committed to a positive work life balance for our employees. Employees are entitled to seek to work flexible working patterns & we are committed to listen and consider all requests. Such requests, of course, have to be made & considered formally, & will need to be balanced against service needs, but our starting point will always be to find ways to support making them happen.
Job description
Job responsibilities
Please see the attached Job Description and Person Specification applicant pack for further detailed information regarding this role.
Job description
Job responsibilities
Please see the attached Job Description and Person Specification applicant pack for further detailed information regarding this role.
Person Specification
Qualifications/ Training
Essential
- ITIL v3 Service Management Qualification (Foundation)
- Degree or equivalent qualification
- NHS relevant management qualification (eg Inspirational leaders course, Kings Fund Management course
- CISSP qualified, or equivalent Information Security qualification Management qualification or significant relevant experience
Desirable
- ITIL v3 Qualification ( Manager)
- Evidence of continuous professional development
Previous Experience & Skills
Essential
- Understanding of ISO27001
- Detailed knowledge of security, governance, implementation for both on premise & cloud- based technologies
- Knowledge and understanding of Freedom of Information Act (2000)
- Knowledge and understanding of Data Protection Act/General Data Protection Regulations (2018) including GDPR
- Demonstrable knowledge of Information Governance best practice
- Experience of providing specialist advice in relation to IG matters.
- Experience of drafting policies
- Detailed knowledge of IG legislation and regulation
- The Job Holder must be capable of problem solving in different Business scenarios.
- Ability to deal with Representatives at all levels internally within the Trust and with clients and gain credibility and trust
- Ability to build relationships at all business levels and to ensure any escalations is managed through to resolution.
- Understanding of the different operational requirements of the various sectors which make up the health community
- Working with multi-functional professionals IT experience gained in both and Acute and Community setting. Background in a commercial organisation Demonstrable experience in Stakeholder Management within an IT environment covering both Project and Operational Activity.
- Proven experience of applying methods and techniques for reporting progress and financial compliance against an agreed plan and business objectives to a range of senior managers including directors and the Senior Responsible Officer.
- Proven leadership experience managing and motivating a multi discipline team
- Able to demonstrate a professional and credible image within IT and to the Business
- Proven experience of building and maintaining strong relationships both with clients and within the team
Desirable
- IT experience gained in both and Acute and Community setting.
- Background in a commercial organisation
- Demonstrable experience in Stakeholder Management within an IT environment covering both Project and Operational Activity
- Demonstrable experience of involvement in the creation of IT Strategic Direction and roadmap
Knowledge
Essential
- Effective decision maker
- Excellent Change Manager
- Excellent Risk Manager
- Assertive not abrasive
- Time Management
- Excellent analytical and judgement skills
- Influencing
- Customer focused
- Professional approach with staff and customers
- Action oriented with a desire to ensure customer satisfaction
- A strong planning ethos
- Proactive and enthusiastic with the ability to work under own initiative
- Professionalism
- Ability to operate effectively in a pressurised environment
Other Requirements
Essential
- Experience and evidence of engagement around the equality, diversity and inclusion agenda.
- Able to actively support the development of a culture that recognises and promotes equality, values diversity, and actively leads by example in deploying these qualities
- Understands the impact on equality, diversity and inclusion issues in all aspects of service delivery and planning
- Role model our Trust values every day
Person Specification
Qualifications/ Training
Essential
- ITIL v3 Service Management Qualification (Foundation)
- Degree or equivalent qualification
- NHS relevant management qualification (eg Inspirational leaders course, Kings Fund Management course
- CISSP qualified, or equivalent Information Security qualification Management qualification or significant relevant experience
Desirable
- ITIL v3 Qualification ( Manager)
- Evidence of continuous professional development
Previous Experience & Skills
Essential
- Understanding of ISO27001
- Detailed knowledge of security, governance, implementation for both on premise & cloud- based technologies
- Knowledge and understanding of Freedom of Information Act (2000)
- Knowledge and understanding of Data Protection Act/General Data Protection Regulations (2018) including GDPR
- Demonstrable knowledge of Information Governance best practice
- Experience of providing specialist advice in relation to IG matters.
- Experience of drafting policies
- Detailed knowledge of IG legislation and regulation
- The Job Holder must be capable of problem solving in different Business scenarios.
- Ability to deal with Representatives at all levels internally within the Trust and with clients and gain credibility and trust
- Ability to build relationships at all business levels and to ensure any escalations is managed through to resolution.
- Understanding of the different operational requirements of the various sectors which make up the health community
- Working with multi-functional professionals IT experience gained in both and Acute and Community setting. Background in a commercial organisation Demonstrable experience in Stakeholder Management within an IT environment covering both Project and Operational Activity.
- Proven experience of applying methods and techniques for reporting progress and financial compliance against an agreed plan and business objectives to a range of senior managers including directors and the Senior Responsible Officer.
- Proven leadership experience managing and motivating a multi discipline team
- Able to demonstrate a professional and credible image within IT and to the Business
- Proven experience of building and maintaining strong relationships both with clients and within the team
Desirable
- IT experience gained in both and Acute and Community setting.
- Background in a commercial organisation
- Demonstrable experience in Stakeholder Management within an IT environment covering both Project and Operational Activity
- Demonstrable experience of involvement in the creation of IT Strategic Direction and roadmap
Knowledge
Essential
- Effective decision maker
- Excellent Change Manager
- Excellent Risk Manager
- Assertive not abrasive
- Time Management
- Excellent analytical and judgement skills
- Influencing
- Customer focused
- Professional approach with staff and customers
- Action oriented with a desire to ensure customer satisfaction
- A strong planning ethos
- Proactive and enthusiastic with the ability to work under own initiative
- Professionalism
- Ability to operate effectively in a pressurised environment
Other Requirements
Essential
- Experience and evidence of engagement around the equality, diversity and inclusion agenda.
- Able to actively support the development of a culture that recognises and promotes equality, values diversity, and actively leads by example in deploying these qualities
- Understands the impact on equality, diversity and inclusion issues in all aspects of service delivery and planning
- Role model our Trust values every day
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).