Data Protection Manager
In the role of Data Protection Manager, you will be highly organised, have a proven track record, and demonstrate excellent technical knowledge and communication skills. You will support the on-going development and monitoring of Information Governance processes to meet the current and future requirements. You will be expected to work collaboratively to embed data protection culture across HBSUK where information is valued, protected and seen as an asset.
You will thrive in an environment of accountability, freedom of thought and rapid growth. Every day will be different and together we will strive for excellence never forgetting our mission to make healthcare better.
This role will report to the Head of Data Protection and DPO.
To be considered for the the role you will require the following:
Essential Criteria;
EDUCATION, QUALIFICATION AND TRAINING
* Relevant degree (e.g. Information Technology, Data Protection, Data Science, Law, or Business Administration Degree) or equivalent professional experience.
EXPERIENCE
* At least 5-6 years of experience in data protection, privacy, or AI governance roles
* Experience in conducting TPRAs, DPIAs, AI privacy risk and TRAs
* Experience in managing SARs
* Experience of working with the Data Security & Protection Toolkit (DSPT)
* Experience in managing data protection incidents and breaches
* Experience in conducting data protection reviews for project and process changes
* Experience in completing and submitting data protection maturity assessments
* Experience in staff management or can demonstrate ability to lead team members directly or indirectly
KNOWLEDGE AND SKILLS
* Good communication skills and teamworking approach
* Familiarity with AI governance structures and frameworks and understanding of their implications for data privacy
* Understanding of GDPR requirements and how to incorporate them into contracts
* Experience in implementing and managing BCRs within an organisation
* Ability to use technology
* Knowledge of data privacy governance models and standards
* Skills in identifying and mitigating risks during remediation work
* Ability to ensure day-to-day data protection activities align with established corporate standards
* Experience in maintaining annual registrations and acting as a point of contact for the ICO
* Skills in handling investigations of complaints and liaising with regulatory bodies
Desirable
EDUCATION, QUALIFICATION AND TRAINING
* Relevant certifications such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or Artificial Intelligence Governance Professional (AIGP)
EXPERIENCE
* Experience in managing and enhancing data protection and records management practices, supporting organisation through compliance transitions, and embedding robust information governance frameworks across varying business sizes
* Experience of working in the NHS and/or a technology platform provider
* ISO 27701 or 27001 certification or auditing experience
KNOWLEDGE AND SKILLS
* Knowledge of GDPR compliance and data protection laws related to vendor management
* Skills in providing data protection support and guidance during the contracting process with suppliers
* Experience in implementing and completing data protection improvement programme of work
* Performing due diligence on third parties to highlight and mitigate key risks
* Ability to explain how AI technologies work and their implications on data privacy
* Ability to incorporate automation in day-to-day work.
OTHER JOB-RELATED REQUIREMENTS
* Ability to work in a fast-paced environment, managing multiple priorities effectively while maintaining attention to detail.
Within this position, you will mainly be;
* Through your work, support the implementation of the HBSUK Strategy.
* Assist with HBSUK’s data protection programme of improvement work including reviewing Data Privacy Impact Assessments (DPIAs), Data Protection Agreements (DPAs) and Data Sharing Agreements (DSAs).
* Provide data protection support and guidance in the contracting process with third parties, including completing Third Party Risk Assessments (TPRAs).
* Draft and update Data Governance policies.
* Support the Head of Data Protection and Data Protection Officer (DPO) in implementing HBSUK Data Governance strategy.
* Support the DPO with the Data Security and Protection Toolkit (DPST) internal audit and the annual submission.
* Support Information Asset Owners (IAOs) in keeping the Records of Processing Agreements (ROPAs) up to date and in mitigating risk. Work with IAOs and their support to ensure information is retained in line with HBSUK policies and procedures.
* Respond to Subject Access Requests (SARs) and maintain the SARs register.
* Support the IT Team in monitoring compliance with Information classification and colleagues’ use of data across the business, ensuring secure handling and alignment with HBSUK’s information classification policy requirements.
* Manage data breach incidents, including investigations, reporting, action planning and remediation, and provide training and guidance to staff to prevent recurrence.
* Support the implementation of HBSUK’s AI Governance Framework.
* Support the establishment and ongoing Information Management meeting.
* Support the DPO in providing training on data protection and advice and guidance to HBSUK staff.
* Deputise as required for the Head of Data Protection and DPO.
Our Commitment to you
We are dedicated to promoting equality of opportunity for all employees and job applicants. In line with the Equality Act 2010, we strive to create and maintain a working environment in which everyone is able to make the best use of their skills, free from discrimination or harassment, and in which all choices are based on merit. No person is subjected to any less favourable treatment on any discriminatory grounds on the basis of age, disability, gender reassignment, marital or civil partner status, pregnancy and maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation.
If this opportunity is something which appeals to you, get in touch today, so we can ensure you have the best experience throughout your search.