Employer: Nottingham University Hospitals NHS Trust
Location: Nottingham, Nottinghamshire, United Kingdom
Job Type: Full-time, Permanent
Salary: £46,148 – £52,809 per year
Visa Sponsorship: Available

Job Summary

Nottingham University Hospitals NHS Trust is seeking an experienced leader and specialist in Data Protection & Security to manage the Data Protection Office service. The role requires strong leadership and coaching skills to support a newly restructured team in achieving service-wide objectives.

As one of the largest employers in the UK and EU, the NHS offers significant opportunities for learning, development, and career progression. The ideal candidate will be responsible for data protection, security, confidentiality, records management, and service delivery within the Trust.

Main Duties & Responsibilities

  • Lead and promote data protection and security awareness across the organisation.
  • Provide expert advice on Data Protection Legislation, Information Governance, and Cyber Security frameworks (e.g., ISO27001).
  • Offer first-line support for all data protection and security inquiries, including commercial, analytics, and research-related concerns.
  • Support the development and implementation of privacy-by-design processes.
  • Work closely with managers, Heads of Service, and Directors of Operations to ensure compliance with data protection laws.
  • Manage data breaches, security incidents, and regulatory reporting to relevant authorities.
  • Lead audit procedures, including desktop and onsite audits.
  • Participate in contract reviews, service level agreements, and procurement due diligence.
  • Provide coaching and training to staff members.
  • Maintain Continuous Professional Development (CPD) for self and team.
  • Work in an agile and flexible environment, with a mix of on-site and remote working.

Person Specification

Essential Qualifications & Training

  • Significant postgraduate education in Data Protection & Security OR equivalent experience.
  • Strong understanding of Data Protection Act (UK GDPR), Freedom of Information Act, and Access to Health Records Legislation.
  • Relevant Data Protection, Cyber Security, and Information Technology qualifications.
  • Knowledge of Microsoft Office Suite (Word, Excel, PowerPoint, Outlook).
  • Willingness to undertake ongoing training and professional development.

Desirable Qualifications

  • Master’s degree or equivalent experience in Data Protection & Security.
  • Data Protection Act Practitioner Certification.
  • Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH), or ISO27001 Lead Auditor Certification.

Essential Experience & Skills

  • Experience in staff management, including performance reviews and recruitment.
  • In-depth knowledge of NHS Information Governance requirements.
  • Strong understanding of Data Protection, Cyber Security, and relevant legislative frameworks.
  • Experience managing Data Protection & Security contracts, agreements, and procurement processes.
  • Ability to conduct and manage audits.
  • Strong communication, negotiation, and persuasion skills.
  • Experience providing training to staff on data security and governance.
  • Proven ability to write policies and procedures.

Desirable Experience

  • Experience working with NHS patient-based clinical information systems.
  • Knowledge of Caldicott Principles, NHS statutory policies, and national guidelines.
  • Experience collaborating with government agencies such as NHS England, Local Authorities, and the National Cyber Security Centre (NCSC).
  • Awareness of Cyber Essentials Plus, ISO 27001, and the Cyber Assessment Framework.

Key Competencies

  • Excellent verbal and written communication skills.
  • Strong analytical and judgment skills to assess compliance issues.
  • Ability to work independently and prioritise workload effectively.
  • Highly organised, with strong time management and multitasking abilities.
  • Strong leadership and team management skills with a coaching-style approach.
  • Ability to build and maintain positive relationships internally and externally.
  • High level of professionalism, confidentiality, and integrity.

Other Requirements

  • Ability to work on-site and remotely, depending on service needs.
  • Willingness to travel between sites and external meetings as required.

Disclosure and Barring Service (DBS) Check

This role requires a Disclosure and Barring Service (DBS) check, as it falls under the Rehabilitation of Offenders Act (Exceptions Order) 1975.

Certificate of Sponsorship

  • Applications are welcome from job seekers requiring Skilled Worker visa sponsorship.
  • Skilled Worker applicants must provide criminal record certificates from countries where they have resided for 12 months or more in the past 10 years.
  • Adult dependants (over 18 years old) are also subject to this requirement.

For more details, visit the UK Visas and Immigration website.

Closing Date: 17 April 2025


Discover more from MUZZLECAREERS

Subscribe to get the latest posts sent to your email.

Leave a Reply