Job summary
NUPAS is recruiting for a Head of IT, Data & Information Governance
to lead the organisations digital infrastructure, information security and
data governance framework. This role provides strategic and operational
oversight of all IT systems, cyber security, and information governance
processes, ensuring that the organisation maintains secure, resilient and
compliant digital services that support safe and effective patient care.
This is an opportunity to play a key role in supporting one of the
leading organisations providing reproductive healthcare services. It is
essential that the postholder shares our commitment to patient-centred care and
the right to choose, demonstrating professionalism, integrity and alignment
with our organisational values in all aspects of their work.
This advert will close early if there are a lot of
applicants, so we encourage you to apply early.
Main duties of the job
The postholder will be responsible for ensuring compliance with UK data
protection legislation, NHS digital security requirements, and the regulatory
expectations of healthcare providers delivering NHS-funded services. This
includes oversight of the organisations annual submission to the Data Security
and Protection Toolkit, maintaining strong cyber security practices, and
ensuring that confidential patient and organisational data is managed lawfully
and securely.
Working closely with the Senior Leadership Team, the role will provide
assurance to the organisation that robust systems, policies and controls are in
place to protect information assets, support operational resilience, and
maintain compliance with regulatory standards set by bodies including the Care
Quality Commission, NHS England, the Department of Health and Social Care and
the Information Commissioner's Office.
The role requires a highly organised and proactive individual who can
manage digital systems, cyber risks and governance requirements within a
regulated healthcare environment. The successful candidate will bring strong
technical knowledge alongside an ability to translate complex digital and
regulatory requirements into practical processes that support safe clinical
operations, organisational transparency and effective governance.
About us
NUPAS is one of the leading organisations supporting women's
reproductive choices.
Pro-choice is a must.
The post holder will have a duty to ensure that the
principles of patient, carer and public involvement and engagement are adhered
to in line with Section 11 of The Health and Social Care Act 2012 for Improving
Patient Experience.
NUPAS is committed to safeguarding and safeguarding
children, young people and vulnerable adults is everyone's responsibility. DBS
checks are standard on all prospective employees, the level of this check will
be determined by the job type.
All staff are required to adhere to the principles of
patient centred care as detailed in the NICE Quality Standard for Patient
Experience and to treat patients with dignity, kindness, compassion, courtesy,
respect, understanding and honesty.
The post holder will, in support of the NUPAS values, ensure
that everyone is treated as an individual, and will acknowledge and value
difference in order to treat everyone fairly.
Job description
Job responsibilities
IT Strategy and Infrastructure
Lead the development and implementation of the
organisations IT and digital strategy.
Lead digital transformation initiatives, ensuring technology
supports strategic growth, service redesign and improved patient experience.
Oversee the management, performance and security of all IT
systems, infrastructure and networks.
Ensure digital systems support safe clinical practice and
operational delivery.
Manage relationships with IT suppliers, system providers and
external technology partners.
Ensure robust IT business continuity and disaster recovery
arrangements are in place.
Cyber Security and Information Security
Develop and maintain the organisations cyber security
framework and risk controls.
Ensure systems and infrastructure meet NHS digital security
standards.
Monitor and respond to cyber threats, vulnerabilities and
incidents.
Maintain secure system access controls and audit logs across
organisational systems.
Information Governance
Act as the Organisations Senior Information Risk Owner
(SIRO)
Lead the organisations Information Governance framework,
policies and procedures.
Ensure compliance with UK GDPR and the Data Protection Act
2018.
Oversee responses to Subject Access Requests and other data
rights requests.
Ensure staff receive appropriate training on
confidentiality, data protection and information security.
Work with the Organisations Caldicott Guardian to ensure the
organisation adheres to the Caldicott principles
Regulatory Compliance
Ensure the organisation maintains compliance with the Data
Security and Protection Toolkit.
Support compliance with governance requirements of the Care
Quality Commission including Regulation 17 Good Governance.
Ensure the organisation meets data protection requirements
set by the Information Commissioners Office.
Maintain accurate records and documentation to demonstrate
regulatory compliance and support inspections and audits.
Governance and Risk Management
Maintain the organisations information risk register.
Provide assurance reports to the Senior Leadership Team and
Board regarding cyber security, information governance and IT risks.
Support internal and external audits relating to information
security and digital systems.
Operational Support
Manage the IT team
Provide technical oversight of organisational systems
supporting clinical and administrative services.
Ensure digital solutions support service efficiency, quality
improvement and patient safety.
Promote best practice in the management and secure use of
digital systems across the organisation.
Job description
Job responsibilities
IT Strategy and Infrastructure
Lead the development and implementation of the
organisations IT and digital strategy.
Lead digital transformation initiatives, ensuring technology
supports strategic growth, service redesign and improved patient experience.
Oversee the management, performance and security of all IT
systems, infrastructure and networks.
Ensure digital systems support safe clinical practice and
operational delivery.
Manage relationships with IT suppliers, system providers and
external technology partners.
Ensure robust IT business continuity and disaster recovery
arrangements are in place.
Cyber Security and Information Security
Develop and maintain the organisations cyber security
framework and risk controls.
Ensure systems and infrastructure meet NHS digital security
standards.
Monitor and respond to cyber threats, vulnerabilities and
incidents.
Maintain secure system access controls and audit logs across
organisational systems.
Information Governance
Act as the Organisations Senior Information Risk Owner
(SIRO)
Lead the organisations Information Governance framework,
policies and procedures.
Ensure compliance with UK GDPR and the Data Protection Act
2018.
Oversee responses to Subject Access Requests and other data
rights requests.
Ensure staff receive appropriate training on
confidentiality, data protection and information security.
Work with the Organisations Caldicott Guardian to ensure the
organisation adheres to the Caldicott principles
Regulatory Compliance
Ensure the organisation maintains compliance with the Data
Security and Protection Toolkit.
Support compliance with governance requirements of the Care
Quality Commission including Regulation 17 Good Governance.
Ensure the organisation meets data protection requirements
set by the Information Commissioners Office.
Maintain accurate records and documentation to demonstrate
regulatory compliance and support inspections and audits.
Governance and Risk Management
Maintain the organisations information risk register.
Provide assurance reports to the Senior Leadership Team and
Board regarding cyber security, information governance and IT risks.
Support internal and external audits relating to information
security and digital systems.
Operational Support
Manage the IT team
Provide technical oversight of organisational systems
supporting clinical and administrative services.
Ensure digital solutions support service efficiency, quality
improvement and patient safety.
Promote best practice in the management and secure use of
digital systems across the organisation.
Person Specification
Experience
Essential
- Experience managing IT systems, infrastructure or digital services.
- Experience managing people.
- Knowledge of information governance, data protection and cyber security principles.
- Understanding of UK GDPR and the Data Protection Act 2018.
- Experience working within a regulated or compliance-driven environment.
- Strong organisational skills with the ability to manage multiple priorities.
- Ability to communicate complex technical issues clearly to non-technical stakeholders.
- Ability to develop policies, procedures and governance frameworks.
Desirable
- Experience working within healthcare or NHS-funded services.
- Experience managing the Data Security and Protection Toolkit submission.
- Knowledge of regulatory requirements of the Care Quality Commission.
- Information governance or cyber security qualifications (such as CISM, CIPP/E or equivalent).
- IT service management experience (e.g. ITIL).
Person Specification
Experience
Essential
- Experience managing IT systems, infrastructure or digital services.
- Experience managing people.
- Knowledge of information governance, data protection and cyber security principles.
- Understanding of UK GDPR and the Data Protection Act 2018.
- Experience working within a regulated or compliance-driven environment.
- Strong organisational skills with the ability to manage multiple priorities.
- Ability to communicate complex technical issues clearly to non-technical stakeholders.
- Ability to develop policies, procedures and governance frameworks.
Desirable
- Experience working within healthcare or NHS-funded services.
- Experience managing the Data Security and Protection Toolkit submission.
- Knowledge of regulatory requirements of the Care Quality Commission.
- Information governance or cyber security qualifications (such as CISM, CIPP/E or equivalent).
- IT service management experience (e.g. ITIL).
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
