Job Summary
NUPAS is recruiting for a Head of IT, Data & Information Governance to lead the organisation's digital infrastructure, information security and data governance framework. This role provides strategic and operational oversight of all IT systems, cyber security, and information governance processes, ensuring that the organisation maintains secure, resilient and compliant digital services that support safe and effective patient care.
About Us
NUPAS is one of the leading organisations supporting women's reproductive choices.
Pro-choice is a must.
NUPAS is committed to safeguarding children, young people and vulnerable adults is everyone's responsibility. DBS checks are standard on all prospective employees, the level of this check will be determined by the job type.
All staff are required to adhere to the principles of patient centred care as detailed in the NICE Quality Standard for Patient Experience and to treat patients with dignity, kindness, compassion, courtesy, respect, understanding and honesty.
The post holder will, in support of the NUPAS values, ensure that everyone is treated as an individual, and will acknowledge and value difference to treat everyone fairly.
Job Responsibilities
* Lead the development and implementation of the organisation’s IT and digital strategy.
* Lead digital transformation initiatives, ensuring technology supports strategic growth, service redesign and improved patient experience.
* Oversee the management, performance and security of all IT systems, infrastructure and networks.
* Ensure digital systems support safe clinical practice and operational delivery.
* Manage relationships with IT suppliers, system providers and external technology partners.
* Ensure robust IT business continuity and disaster recovery arrangements are in place.
* Develop and maintain the organisation’s cyber security framework and risk controls.
* Ensure systems and infrastructure meet NHS digital security standards.
* Monitor and respond to cyber threats, vulnerabilities and incidents.
* Maintain secure system access controls and audit logs across organisational systems.
* Act as the Organisation’s Senior Information Risk Owner (SIRO).
* Lead the organisation’s Information Governance framework, policies and procedures.
* Ensure compliance with UK GDPR and the Data Protection Act 2018.
* Oversee responses to Subject Access Requests and other data rights requests.
* Ensure staff receive appropriate training on confidentiality, data protection and information security.
* Work with the Organisation’s Caldicott Guardian to ensure the organisation adheres to the Caldicott principles.
* Ensure the organisation maintains compliance with the Data Security and Protection Toolkit.
* Support compliance with governance requirements of the Care Quality Commission including Regulation 17 Good Governance.
* Ensure the organisation meets data protection requirements set by the Information Commissioner’s Office.
* Maintain accurate records and documentation to demonstrate regulatory compliance and support inspections and audits.
* Maintain the organisation’s information risk register.
* Provide assurance reports to the Senior Leadership Team and Board regarding cyber security, information governance and IT risks.
* Support internal and external audits relating to information security and digital systems.
* Manage the IT team.
* Provide technical oversight of organisational systems supporting clinical and administrative services.
* Ensure digital solutions support service efficiency, quality improvement and patient safety.
* Promote best practice in the management and secure use of digital systems across the organisation.
Person Specification
Essential
* Experience managing IT systems, infrastructure or digital services.
* Experience managing people.
* Knowledge of information governance, data protection and cyber security principles.
* Understanding of UK GDPR and the Data Protection Act 2018.
* Experience working within a regulated or compliance‑driven environment.
* Strong organisational skills with the ability to manage multiple priorities.
* Ability to communicate complex technical issues clearly to non‑technical stakeholders.
* Ability to develop policies, procedures and governance frameworks.
Desirable
* Experience working within healthcare or NHS‑funded services.
* Experience managing the Data Security and Protection Toolkit submission.
* Knowledge of regulatory requirements of the Care Quality Commission.
* Information governance or cyber security qualifications (such as CISM, CIPP/E or equivalent).
* IT service management experience (e.g., ITIL).
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Salary and Working Pattern
Salary: £70,000 a year
Contract: Permanent
Working pattern: Full‑time, Monday to Friday, 7.5 hours per day
Reference number: E0169‑26‑0012
Location
NUPAS Ltd
5 Arthur Road
Edgbaston
Birmingham
B15 2UL
NUPAS
79 Newton Street
Manchester
M1 1EX
#J-18808-Ljbffr