Head of IT, Data & Information Governance
NUPAS is recruiting for a Head of IT, Data & Information Governance to lead the organisations digital infrastructure, information security and data governance framework. This role provides strategic and operational oversight of all IT systems, cyber security, and information governance processes, ensuring that the organisation maintains secure, resilient and compliant digital services that support safe and effective patient care.
This is an opportunity to play a key role in supporting one of the leading organisations providing reproductive healthcare services. It is essential that the postholder shares our commitment to patient‑centred care and the right to choose, demonstrating professionalism, integrity and alignment with our organisational values in all aspects of their work.
This advert will close early if there are a lot of applicants, so we encourage you to apply early.
Main duties of the job
The postholder will be responsible for ensuring compliance with UK data protection legislation, NHS digital security requirements, and the regulatory expectations of healthcare providers delivering NHS‑funded services. This includes oversight of the organisations annual submission to the Data Security and Protection Toolkit, maintaining strong cyber security practices, and ensuring that confidential patient and organisational data is managed lawfully and securely.
Working closely with the Senior Leadership Team, the role will provide assurance to the organisation that robust systems, policies and controls are in place to protect information assets, support operational resilience, and maintain compliance with regulatory standards set by bodies including the Care Quality Commission, NHS England, the Department of Health and Social Care and the Information Commissioner's Office.
The role requires a highly organised and proactive individual who can manage digital systems, cyber risks and governance requirements within a regulated healthcare environment. The successful candidate will bring strong technical knowledge alongside an ability to translate complex digital and regulatory requirements into practical processes that support safe clinical operations, organisational transparency and effective governance.
About us
NUPAS is one of the leading organisations supporting women's reproductive choices.
Pro‑choice is a must.
The post holder will have a duty to ensure that the principles of patient, carer and public involvement and engagement are adhered to in line with Section 11 of The Health and Social Care Act 2012 for Improving Patient Experience.
NUPAS is committed to safeguarding and safeguarding children, young people and vulnerable adults is everyone's responsibility. DBS checks are standard on all prospective employees, the level of this check will be determined by the job type.
All staff are required to adhere to the principles of patient centred care as detailed in the NICE Quality Standard for Patient Experience and to treat patients with dignity, kindness, compassion, courtesy, respect, understanding and honesty.
The post holder will, in support of the NUPAS values, ensure that everyone is treated as an individual, and will acknowledge and value difference in order to treat everyone fairly.
Job responsibilities
IT Strategy and Infrastructure
Lead the development and implementation of the organisations IT and digital strategy.
Lead digital transformation initiatives, ensuring technology supports strategic growth, service redesign and improved patient experience.
Oversee the management, performance and security of all IT systems, infrastructure and networks.
Ensure digital systems support safe clinical practice and operational delivery.
Manage relationships with IT suppliers, system providers and external technology partners.
Ensure robust IT business continuity and disaster recovery arrangements are in place.
Cyber Security and Information Security
Develop and maintain the organisations cyber security framework and risk controls.
Ensure systems and infrastructure meet NHS digital security standards.
Monitor and respond to cyber threats, vulnerabilities and incidents.
Maintain secure system access controls and audit logs across organisational systems.
Information Governance
Act as the Organisations Senior Information Risk Owner (SIRO).
Lead the organisations Information Governance framework, policies and procedures.
Ensure compliance with UK GDPR and the Data Protection Act 2018.
Oversee responses to Subject Access Requests and other data rights requests.
Ensure staff receive appropriate training on confidentiality, data protection and information security.
Work with the Organisations Caldicott Guardian to ensure the organisation adheres to the Caldicott principles.
Regulatory Compliance
Ensure the organisation maintains compliance with the Data Security and Protection Toolkit.
Support compliance with governance requirements of the Care Quality Commission including Regulation 17 Good Governance.
Ensure the organisation meets data protection requirements set by the Information Commissioners Office.
Maintain accurate records and documentation to demonstrate regulatory compliance and support inspections and audits.
Governance and Risk Management
Maintain the organisations information risk register.
Provide assurance reports to the Senior Leadership Team and Board regarding cyber security, information governance and IT risks.
Support internal and external audits relating to information security and digital systems.
Operational Support
Manage the IT team.
Provide technical oversight of organisational systems supporting clinical and administrative services.
Ensure digital solutions support service efficiency, quality improvement and patient safety.
Promote best practice in the management and secure use of digital systems across the organisation.
Person Specification
Experience
* Experience managing IT systems, infrastructure or digital services.
* Experience managing people.
* Knowledge of information governance, data protection and cyber security principles.
* Understanding of UK GDPR and the Data Protection Act 2018.
* Experience working within a regulated or compliance‑driven environment.
* Strong organisational skills with the ability to manage multiple priorities.
* Ability to communicate complex technical issues clearly to non‑technical stakeholders.
* Ability to develop policies, procedures and governance frameworks.
* Experience working within healthcare or NHS‑funded services.
* Experience managing the Data Security and Protection Toolkit submission.
* Knowledge of regulatory requirements of the Care Quality Commission.
* Information governance or cyber security qualifications (such as CISM, CIPP/E or equivalent).
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
£70,000 a year Monday to Friday 7.5 hours per day
#J-18808-Ljbffr