# Data Security and Protection Team Leader > NHS job listing from Job Clerk for Kettering General Hospital NHS Foundation Trust. ## Canonical URLs - **HTML:** https://www.jobclerk.com/job/data-security-and-protection-team-leader/a81b7670-e0af-4cd8-94b8-97ad76577fea - **Markdown:** https://www.jobclerk.com/job/data-security-and-protection-team-leader/a81b7670-e0af-4cd8-94b8-97ad76577fea.md ## Summary - **Status:** Live - **Employer:** Kettering General Hospital NHS Foundation Trust - **Town:** Kettering - **Region:** Midlands - **Country:** England - **Profession:** Administrative and IT - **Grade:** Band 6 - **Salary:** £39,959 - £48,117 per annum pro rata - **Contract type:** Permanent - **Employment type:** Full time, Part time, Flexible working, 37.5 hours per week - **Closing date:** 2026-06-14T23:59:00.000Z - **Posted:** 2026-05-31T18:02:31.763Z - **Source information URL:** https://www.healthjobsuk.com/job/UK/Northamptonshire/Kettering/Kettering_General_Hospital_NHS_Foundation_Trust/Data_Security_Protection_Information_Governance/Data_Security_Protection_Information_Governance-v8047143 - **Application URL:** https://apps.trac.jobs/job-advert/8047143?ShowJobAdvert=&feedid=9002 - **Employer website:** https://www.kgh.nhs.uk ## Job Content ### Job overview An exciting opportunity has arisen at University Hospitals of Northamptonshire (UHN) for a proactive and passionate Data Security & Protection (DSP) Team Leader to join our dynamic and fast‑paced Data, Security & Protection Team. This is a pivotal role supporting both Northampton General Hospital and Kettering General Hospital as part of our Group approach to ensuring we meet our legal, statutory and regulatory obligations relating to the security and protection of personal data. As our DSP Team Leader, you will play a key part in completion of the Group’s DSP Toolkits and managing the DSP Team to ensure all areas of the DSP Toolkit framework are delivered. ### Main duties of the job Key responsibilities include: - Leading the delivery of DSP workstreams and ensuring evidence is maintained for DSP Toolkit standards. - Managing, triaging, and supporting investigation of DSP incidents via Datix. - Delivering DSP training (classroom, small groups and virtual). - Overseeing the completion and quality of Data Protection Impact Assessments (DPIAs). - Supporting information sharing governance using the Information Sharing Gateway. - Raising awareness of data security issues across the Group and promoting best practice. - Acting as a key point of contact for colleagues seeking specialist DSP support. ### Detailed job description and main responsibilities The post holder will be the Data Security & Protection Team Leader. In particular, the post holder will: - act as the expert source of advice and expertise in DSP for the Group; - support the development for clinical administration functions within the organisation – identifying information governance risks and issues and providing recommendations for change - increase the profile of Data Security and Protection within the organisation and actively support a “culture change” so that staff are aware of their responsibilities and duties towards confidentiality, integrity and availability of information; - ensure processes are in place for monitoring the secure disposal of IT and hardware assets; - initiate and plan a programme of work that ensures the Group complies with the requirements of the Data Security & Protection Toolkit; - completion of the annual Data Security & Protection Toolkit submission and the collation of supporting evidence which is analysed and updated to ensure compliance; - lead a range of audits which will check compliance with the DSP toolkit, research and development and incident management activities, developing improved systems and processes for data quality, data security and protection, data integrity and availability. - work in partnership with the Groups Cyber Security Lead to ensure that all Cyber related toolkit assertions are met within the NHSD deadline and any gaps in assurance are identified with a plan in place for compliance - implement and maintain compliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998; - investigate and resolve information security issues and processes for systems which are process personal and/or trust sensitive data. - Implement the DSP training strategy for the delivery of the Trust’s IG training needs, ensuring that the Group meets the NHSD target for mandatory training, working in partnership with the Trust’s Learning & Development service - Deliver information governance training if and when necessary - Implement policies and propose changes to Group DSP policies as appropriate, conducting monitoring compliance with those policies and protocols and ensuring they are compliant with Data Protection Act and GDPR legislation - conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR - act as the UHN information security expert to ensure any identified risks are communicated to the Head of Technology and Head of Clinical Systems to enable new systems to be implemented safely - assign DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads - ensure that all Group DPIAs, Assets, Flows and third parties are appropriately recorded on the Information Sharing Gateway and signed off by the relevant DPO and SIROs - Be an escalation point for the DSP analysts to ensure DPIAs are in line with GDPR legislation, redesigning systems, processes and procedures to meet the Data Security by Design and Default criteria - communicate complex information to a range of audiences and be able to influence and persuade staff of the importance of excellent DSP standards - Lead the collation of relevant reports and information for compliance and performance reporting, inspections and internal assurance ensuring presentations articulate statistical, analytical and complex reporting to Group and Board mandated meetings - Coordinate the Data Governance Group and Information Governance Group meetings, ensuring relevant reports, minutes actions and decisions are recorded, delegating tasks to the DSP administrator as appropriate - Attend group, Trust and project meetings to provide expert Data Security and Protection advice and guidance to enable the effective adoption of expectations and policy - Coordinate reported incidents on Datix to ensure they are appropriately managed and actions are taken - Escalate incidents to the relevant DPO when they meet the criteria for a Serious Incident / reportable to the ICO - Manage the DSP Toolkit Incident reporting mechanism, ensuring all Serious Incident’s are reported with 72 hours - Provide IG input, advice, guidance for Research & Development programmes - Deputise for the DSP Manager when required - Ensure that the Information Sharing Gateway is administered as appropriate in respect of maintaining significant assurance status across the group, being the lead and expert for use of the ISG, proposing recommendations for improvements to the national system for process, analytics and reporting. - coordinate the effective investigation of any and all IG related incidents, working with the relevant manager in whose service the incident occurred, where necessary, to ensure appropriate action has been taken in relation to the incident; - To speak to staff, patients and family members on the telephone as an escalation point for the DSP analyst, demonstrating understanding, compassion and knowledge in difficult, challenging and emotional circumstances. - attend serious investigation panels and draft reports to the CCG which give assurance that due diligence has been carried out regarding all serious incidents - ensure that a root cause analysis is performed on all serious incidents with relevant actions recorded, and acted upon to ensure such incidents do not re-occur - work with the complaints team and directly with members of the public to communicate appropriately regarding any DSP grievances and queries - maintain the Group Information Asset register and data flow maps and, also, where appropriate, provide training to Information Asset Owners and Administrators - be a first point of contact for Data Subjects with regard to all issues related to processing of their personal data and to the exercise of their rights under the UK GDPR - to maintain their specialist knowledge in Data Protection Law and UK GDPR - update the Internet and Intranet pages for DSP as appropriate, ensuring it is up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation Workforce The Data Security & Protection Team Leader will have line management responsibility for the DSP Team, ensuring that all staff have annual performance reviews, objectives and appraisals in line with the Group objectives, ensuring they have the equipment necessary to fulfil their roles and the HR management tools are managed effectively. They will be an active role in recruitment, induction and local training. - Ensure an adequate skill mix and that the office is appropriately managed - To provide specialised training, advice and guidance to DSP Team members as and when required - To manage the team in ensuring all members adhere to Trust Values and lead by example - To lead DSP Team recruitment; - To ensure the e-rostering system is signed off on a weekly basis - To carry out appraisals, team performance management and disciplinary processes - To be the lead contact for HR queries relating to the team ## Job Details An exciting opportunity has arisen at University Hospitals of Northamptonshire (UHN) for a proactive and passionate Data Security & Protection (DSP) Team Leader to join our dynamic and fast‑paced Data, Security & Protection Team. This is a pivotal role supporting both Northampton General Hospital and Kettering General Hospital as part of our Group approach to ensuring we meet our legal, statutory and regulatory obligations relating to the security and protection of personal data. As our DSP Team Leader, you will play a key part in completion of the Group’s DSP Toolkits and managing the DSP Team to ensure all areas of the DSP Toolkit framework are delivered. ## Job Description Key responsibilities include: Leading the delivery of DSP workstreams and ensuring evidence is maintained for DSP Toolkit standards. Managing, triaging, and supporting investigation of DSP incidents via Datix. Delivering DSP training (classroom, small groups and virtual). Overseeing the completion and quality of Data Protection Impact Assessments (DPIAs). Supporting information sharing governance using the Information Sharing Gateway. Raising awareness of data security issues across the Group and promoting best practice. Acting as a key point of contact for colleagues seeking specialist DSP support. ## Responsibilities The post holder will be the Data Security & Protection Team Leader. In particular, the post holder will: act as the expert source of advice and expertise in DSP for the Group; support the development for clinical administration functions within the organisation – identifying information governance risks and issues and providing recommendations for change increase the profile of Data Security and Protection within the organisation and actively support a “culture change” so that staff are aware of their responsibilities and duties towards confidentiality, integrity and availability of information; ensure processes are in place for monitoring the secure disposal of IT and hardware assets; initiate and plan a programme of work that ensures the Group complies with the requirements of the Data Security & Protection Toolkit; completion of the annual Data Security & Protection Toolkit submission and the collation of supporting evidence which is analysed and updated to ensure compliance; lead a range of audits which will check compliance with the DSP toolkit, research and development and incident management activities, developing improved systems and processes for data quality, data security and protection, data integrity and availability. work in partnership with the Groups Cyber Security Lead to ensure that all Cyber related toolkit assertions are met within the NHSD deadline and any gaps in assurance are identified with a plan in place for compliance implement and maintain compliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998; investigate and resolve information security issues and processes for systems which are process personal and/or trust sensitive data. Implement the DSP training strategy for the delivery of the Trust’s IG training needs, ensuring that the Group meets the NHSD target for mandatory training, working in partnership with the Trust’s Learning & Development service Deliver information governance training if and when necessary Implement policies and propose changes to Group DSP policies as appropriate, conducting monitoring compliance with those policies and protocols and ensuring they are compliant with Data Protection Act and GDPR legislation conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR act as the UHN information security expert to ensure any identified risks are communicated to the Head of Technology and Head of Clinical Systems to enable new systems to be implemented safely assign DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads ensure that all Group DPIAs, Assets, Flows and third parties are appropriately recorded on the Information Sharing Gateway and signed off by the relevant DPO and SIROs Be an escalation point for the DSP analysts to ensure DPIAs are in line with GDPR legislation, redesigning systems, processes and procedures to meet the Data Security by Design and Default criteria communicate complex information to a range of audiences and be able to influence and persuade staff of the importance of excellent DSP standards Lead the collation of relevant reports and information for compliance and performance reporting, inspections and internal assurance ensuring presentations articulate statistical, analytical and complex reporting to Group and Board mandated meetings Coordinate the Data Governance Group and Information Governance Group meetings, ensuring relevant reports, minutes actions and decisions are recorded, delegating tasks to the DSP administrator as appropriate Attend group, Trust and project meetings to provide expert Data Security and Protection advice and guidance to enable the effective adoption of expectations and policy Coordinate reported incidents on Datix to ensure they are appropriately managed and actions are taken Escalate incidents to the relevant DPO when they meet the criteria for a Serious Incident / reportable to the ICO Manage the DSP Toolkit Incident reporting mechanism, ensuring all Serious Incident’s are reported with 72 hours Provide IG input, advice, guidance for Research & Development programmes Deputise for the DSP Manager when required Ensure that the Information Sharing Gateway is administered as appropriate in respect of maintaining significant assurance status across the group, being the lead and expert for use of the ISG, proposing recommendations for improvements to the national system for process, analytics and reporting. coordinate the effective investigation of any and all IG related incidents, working with the relevant manager in whose service the incident occurred, where necessary, to ensure appropriate action has been taken in relation to the incident; To speak to staff, patients and family members on the telephone as an escalation point for the DSP analyst, demonstrating understanding, compassion and knowledge in difficult, challenging and emotional circumstances. attend serious investigation panels and draft reports to the CCG which give assurance that due diligence has been carried out regarding all serious incidents ensure that a root cause analysis is performed on all serious incidents with relevant actions recorded, and acted upon to ensure such incidents do not re-occur work with the complaints team and directly with members of the public to communicate appropriately regarding any DSP grievances and queries maintain the Group Information Asset register and data flow maps and, also, where appropriate, provide training to Information Asset Owners and Administrators be a first point of contact for Data Subjects with regard to all issues related to processing of their personal data and to the exercise of their rights under the UK GDPR to maintain their specialist knowledge in Data Protection Law and UK GDPR update the Internet and Intranet pages for DSP as appropriate, ensuring it is up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation Workforce The Data Security & Protection Team Leader will have line management responsibility for the DSP Team, ensuring that all staff have annual performance reviews, objectives and appraisals in line with the Group objectives, ensuring they have the equipment necessary to fulfil their roles and the HR management tools are managed effectively. They will be an active role in recruitment, induction and local training. Ensure an adequate skill mix and that the office is appropriately managed To provide specialised training, advice and guidance to DSP Team members as and when required To manage the team in ensuring all members adhere to Trust Values and lead by example To lead DSP Team recruitment; To ensure the e-rostering system is signed off on a weekly basis To carry out appraisals, team performance management and disciplinary processes To be the lead contact for HR queries relating to the team ## Person Specification ### Skills **Essential** - Skills Developed interpersonal skills within groups and on a one-to-one basis - Ability to mentor, teach and coach - Ability to analyse and interpret situations where there are conflicting legal / ethical standards and service requirements, and develop an appropriate and justified response on behalf of the Trust. - Ability to solve problems and use initiative to secure desired outcomes - Ability to prioritise between competing demands and allocate resources accordingly - Ability to manage time effectively and efficiently **Desirable** - Proven ability to undertake communication campaigns - Negotiating and influencing skills ### Knowledge & Experience **Essential** - Working knowledge and understanding of the Data Security and Protection toolkit - Substantial experience of practical implementation of the Data Protection Act - Experience of working within NHS or similar large multi-disciplinary organisation in a similar role. - Experience of staff / team leadership - Experience of delivering awareness and training programmes for staff at ranging levels **Desirable** - Writing policy/ procedure / strategy documents - Experience of dealing with patients and the public - Experience of working with or supporting the implementation of security systems ### Education, Training & Qualifications **Essential** - Educated to Degree level or equivalent level of education, training or experience. - Significant experience in IG/DSP related activities across a Health and Care setting, or to have significant experience of working at a senior level in a public sector body - Practitioner Qualification on Data Protection Act or the General Data Protection Regulation **Desirable** - ISO 17024- accredited GDPR Foundation and Practitioner certificate or evidence of further education in the application of ISO/IEC 27002:2013 and other associated standards. - Evidence of continuing professional development. ### Key Competencies/ Personal Qualities & Attributes **Essential** - Passionate and committed to bring our Dedicated to Excellence values to life, improving the way we work with each other, particularly focusing on empowerment, equality diversity and inclusion of our staff, patients and service users - High level of drive and determination - Self-motivated to work on own initiative. - Developed attention to detail and accuracy **Desirable** - Must be able to understand the needs of patients and deal with all contacts in a sensitive manner ## Documents - [staff privacy notice (pdf, 300.3kb)](https://www.healthjobsuk.com/documents?edoc=1830) - [job description and person spec (pdf, 334.5kb)](https://www.healthjobsuk.com/documents?vdoc=10336061) ## Agent Notes - This Markdown page is generated from the same Job Clerk job record as the HTML job detail page. - Use the canonical HTML URL for user-facing references. - Use the application URL when the user wants to apply on the source NHS site.