Job overview
We are seeking a dynamic, enthusiastic, and highly skilled individual to join our Information Governance team as the Deputy Head of Information Governance and Deputy Data Protection Officer (DPO). This is a senior position requiring excellent management and communication skills, as well as a strong background in healthcare information governance. The post holder will be instrumental in assisting the Head of Information Governance/DPO in developing and leading the Trust's Information Governance (IG) strategy and work programme. You will ensure the legal and ethical use of information throughout the organisation, providing assurance that all statutory and regulatory obligations are consistently met.
Main duties of the job
Key responsibilities include supporting the development and review of IG policies, ensuring compliance with relevant legislation like UK GDPR and DPA 2018, Data Usage and Access Act and assisting with risk management.
The role also involves supporting the management of information incidents and data breaches, providing expert IG advice, contributing to training and awareness programs, and ensuring Data Protection Impact Assessments (DPIAs) are conducted. The Deputy Head will also deputise for the Head of IG/DPO and lead the IG team.
Working for our organisation
Working for our organisation
At UHSussex, diversity is our strength, and we want you to feel included to help us always deliver Excellent Care Everywhere, as shown in our Outstanding for Caring CQC rating. Your uniqueness and experiences will be part of our creative and innovative community where everyone is encouraged to succeed. We have a range of staff networks to help break down barriers, and can offer a buddy to help new members settle in. We’re proud to be a Disability Confident Employer (Level 3) and a Veteran Aware Trust.
Candidate Pack
Detailed job description and main responsibilities
This role is eligible for visa sponsorship under the UK Visas & Immigration (UKVI) Skilled Worker route however sponsorship can only be provided where applicants meet the specific requirements set by UKVI, including the relevant skill and salary thresholds (£25000), and any role-specific criteria.
Provide expert advice, support, training and leadership on all aspects of information governance, and information security standards (e.g. DSPT-CAF, ISO27001) and records management.
As Deputy Head of Information Governance, support and contribute to the development of the Trust’s Risk Register, always ensuring best practice in the management of adverse events and the implementation of action plans whilst support staff and managers in developing information governance and records management systems.
Ensure that high quality information governance, asset management and records management training is provided to Trust staff in line with statutory requirements and targets.
Undertake training needs analysis to identify the information governance and records management training needs of the Trust, formulating a training plan to deliver appropriate and timely training.
Monitor and report on training statistics and outcomes against the training plan and training needs analysis, escalating areas of concern in line with Trust policy.
Proactively work with Senior Managers and other stakeholders to ensure that the Trust’s information governance and records management processes meet the business requirements of the organisation.
Establish and report against quality outcome benchmarks and trigger points, using these as an early warning system in relation to information governance and records management issues.
Undertake the lead role in ensuring information governance and records management data is collected, managed and reported accurately and appropriately both for internal and external recipients, liaising with the Information Management team as required.
Manage and co-ordinate the Information Governance Performance meeting and any other relevant meetings including preparing briefing papers and co-ordinating reports and policies for executive and Trust Board approval.
Provide qualitative and quantitative information with supporting narrative regarding information governance and records management as required.
To contribute to and inform the work and strategic direction of the Chief Strategy Officer Division.
To be responsible for the line management of staff in the Information Governance and subject access teams including ensuring regular appraisals for all staff, statutory and mandatory training compliance is maintained.
Person specification
Professional Registration
Essential criteria
1. Certificate in Data Protection
Desirable criteria
2. Post-graduate management qualification or Working with multi-disciplinary personnel
3. Experience with ISO 27001 and/or 27701
4. Data protection experience in Healthcare or the NHS
5. Experience of developing and reviewing agreements with third parties and partners, such as Data Controller-Processor and Information Sharing Agreements
Experience/ Qualifications
Essential criteria
6. Detailed knowledge and awareness of the specialist field of business management to Masters level or via equivalent focussed experience with expert knowledge in each area of role Significant experience within the areas of Information Governance, Business planning and business performance in a complex organisation with a range of reporting structures
7. Significant experience within the areas of Information Governance, business planning and business performance in a complex organisation with a range of reporting structures
8. Ability to produce highly complex spreadsheets using pivot tables and other devices
9. Sound knowledge of Data Protection Act, Network and Information Systems Regulation, Freedom of Information Act, Caldicott Principles and associated Acts of Parliament
10. Excellent written and verbal communication skills, at senior level through a variety of mediums
11. Ability to communicate complex & sensitive information to large groups of staff at all levels (Board level to junior staff) both internally and externally. Demonstrate flexibility to changing demands.
12. Excellent organisational, numeric and analytical skills
13. Ability to make sound political judgements and decisions involving highly complex facts
14. Ability to develop a range of plans for performance & service improvement across the Trust
15. Advanced knowledge of IT systems, to include Excel, Access, Word and PowerPoint
16. Ability to work under pressure, manage many work streams at the same time and prioritise, delegate and meet tight deadlines
17. Knowledge and understanding of NHS structure and organisation
18. Excellent presentational skills
Desirable criteria
19. Knowledge of IG for research innovation and developing technologies projects
20. A working knowledge of the NHS Data Security and Protection Toolkit and CAF Framework
21. Detailed knowledge of the principles of information risk management
22. Knowledge and appreciation of the interrelationship between privacy and information security.
23. Experience in managing change
24. PRINCE II Project Management qualification or equivalent
25. Ability to develop a range of plans for performance & service improvement across the Trust
26. Experience of developing and reviewing agreements with third parties and partners, such as Data Controller-Processor and Information Sharing Agreements
27. Experience with ISO 27001 and/or 27701
People Management and Development
Essential criteria
28. Demonstrable interpersonal, Leadership negotiation and influencing skills
29. Advanced communication and listening skills including the ability to communicate complex and technical information to all levels of staff within the Trust
30. Effective team leader able to delegate effectively, motivate and develop a team and maintain constructive working relationships
31. Able to work across professional team and organisational boundaries
Desirable criteria
32. Experience of working pro-actively and cooperatively with all staff, including at times of high levels of pressure.
33. Manage a complex workload with conflicting priorities and statutory deadlines
34. Commitment to self-development with the ability to demonstrate in depth knowledge of Data protection Act 2018, UK GDPR, Data Usage and Access Act 2025 and Information Governance within the Healthcare provision in the UK
Equality, Diversity, and Inclusion
Essential criteria
35. Evidence of having championed diversity in previous roles (as appropriate to role).
Specific Requirements
Essential criteria
36. Ability to concentrate on complex issues for periods of 4 hrs plus several times a week whilst also exhibiting flexibility to change tasks and multi-task at times.
37. Ability to think creatively and develop innovative ideas for service improvement.
38. Ability to undertake report writing, complex statistical analysis and audit.
39. Ability to deal with difficult situations and to remain calm under pressure
40. Deal with patients and other users in a compassionate manner
41. Be adaptable and able to remain calm when dealing with staff / patient groups in stressful situations (e.g. when talking about personal experiences of care.)
42. Self-motivated and able to work using own initiative.
43. High level of emotional intelligence.
44. Must be able to travel to multiple site office-based working, willing to travel
45. Ability to work autonomously, liaise and coordinate the Management Team on a day-to-day basis and to take appropriate action as necessary
Freedom to Act
Essential criteria
46. Identify and adhere to best practice Responsible for own professional actions and have sufficient autonomy for the delivery of the role
47. Able to interpret national and local guidance and to develop local policies to reflect these standards
Equality Diversity & Inclusion
Essential criteria
48. Evidence of having undertaken own development to improve understanding of equalities issues
49. Evidence of having championed diversity in previous roles (as appropriate to role).
Important information for applicants:
A Note on AI Use in Applications
We value the individuality and authenticity that each candidate brings to the application process. While AI tools are increasingly accessible, we strongly discourage their use in completing your application. Your responses should reflect your own voice, experiences, and motivations—elements that are essential to a fair and accurate evaluation.
Applications that rely heavily on AI-generated content may misrepresent your abilities and could result in your application being rejected. We encourage you to take the time to present your genuine self, as this helps us better understand your potential and ensures a transparent selection process.
Closing Adverts Early: In the event of exceptional interest, we may close adverts earlier than specified.
Some of our adverts are capped for a limited number of applications; therefore, the advert will close once the cap has been reached. We therefore encourage you to submit your application as soon as possible if you are interested in the position to prevent you from missing out on applying for the opportunity.
Flexible Working: If you would like to explore potential options regarding flexible working please speak with the appropriate recruiting/line manager.
DBS Checks: As part of our commitment to a safe working environment, we undertake a Disclosure and Barring Service check on all new employees where the role is eligible for a criminal record check. We make offers in line with the Rehabilitation of Offenders Act 1975.
Skilled Worker Visa: Applications for Skilled Worker sponsorship are welcome for the roles that meet the Visa and Immigrations eligibility criteria. For further information please visit the gov.uk website searching for Skilled Worker. It is your responsibility as the applicant to ensure that you meet this criteria.
UHSussex reserves the right to close the role early if we receive a high volume of applications