Head of Digital Assurance

Recruiter Greater Manchester Mental Health NHS Foundation Trust

• Lead the collation, completion and submission of the Data Security and Protection Toolkit submission.
• Develop strategies and plans to promote and develop good digital assurance practice within the organisation and to embed such good practice in organisational culture.
• Develop, manage and coordinate a robust IG programme of work within the organisation in line with the Data Protection Act 2018, Freedom of Information Act 2000, Caldicott requirements, Information Sharing Processes and other related legislation and guidance.
• Promote the good IG practice based on the Trust's relevant strategies in key partnerships such as the GM ICS, strategic regional and national groups and collaborative networks.
• Provide updates and expert advice to senior leaders in the Trust and in strategic partnerships on issues that relate to information governance.
• Work closely with the Caldicott Guardian, the Chief Clinical Information Officer, the SIRO, and the CIO to lead the development and delivery of the Trust digital assurance Framework in line with relevant legislation, health and social care standards.
• Monitor and manage compliance with IG related national legislation (Data Protection Act, Freedom of Information Act etc), industry security standards (such as ISO27001, Cyber Essentials Plus) and health and social care IG standards.
• Advise the organisation and key partnerships / strategic networks to design, develop and monitor processes, policies and strategies to enable effective, lawful and secure use of clinical information for secondary uses such as research to maximise the value of such information for the benefit of service users.
• Lead the development of Trust-wide IG and other relevant Digital policies that are compliant, clear and easy to understand.
• Ensure the organisation successfully manages the risk associated with information and technology through Trust wide standards and compliance with those standards.
• Ensure processes and awareness are in place for information related incidents to be appropriately reported, escalated and investigated, lessons learnt are disseminated across the organisation.
• Lead reviews and advise on breaches of information security and confidentiality.
• Provide expert advice and guidance to members of staff and other stakeholders on digital assurance matters.
• Provide expert advice on national strategies and complex legislation affecting the IG of the organisation ensuring the organisation is aware of changes that may require adjustments in the Trust approach.
• Lead, participate and contribute in organisational, regional and national committees, groups and networks to determine and implement national and local policies, protocols and procedures.
• Lead the monitoring of information processing against agreed standards by undertaking inspections and assurance audits of information security and confidentiality arrangements within the organisation.
• Engage service users and carers in the development of organisational digital assurance policies to ensure increased awareness of information rights, purposes for which information is to be used and shared and obtaining consent.
• Lead the development of regular reports and communications on digital assurance matters within and beyond the organisation.
• Lead the development and delivery an IG awareness and training programme of activities that meets the needs of the Trust workforce, and complies with the requirements of the Data Protection and Security Toolkit (DSPT).
• Promote professional and corporate responsibility to safeguard confidential clinical information handled and exchanged within the Trust and with partner organisations.
• Lead the training of large groups of staff in confidentiality, information security, freedom of information and other digital assurance subjects.
• Lead the investigation and response to formal information requests, complaints, regulatory notices from external organisations and regulators.
• Provide lead point of contact with the Information Commissioner's Office on behalf of the Trust.
• Manage the processes to enable effective sharing of information within the organisation and with partner organisations in line with national legislation and policies.
• Develop assurance checks on compliance to internal Digital Services and Trust processes and national best practice standards.
• Contribute to the development of a culture of openness allowing appropriate information to flow freely.
• Ensure the development and effective administration of a document management system.
• Act as the Data Protection Officer fulfilling their statutory duties and responsibilities under the GDPR and the Data Protection Act 2018.
• Monitor the compliance of the Trust with the data protection legislation and reporting any issues or risks to the Caldicott Guardian, the SIRO, and the IG Steering Group.
• Provide advice and guidance to the Trust staff on data protection matters, such as data subject rights, data breach notification, data protection impact assessment, data sharing agreements, and data minimisation principles.
• Raise awareness and promoting a data protection culture within the Trust through training, communication, and engagement activities.

• Educated to masters level or equivalent level of work experience at senior level in a specialist area
• Evidence of professional-development within the last 3 years.
• Ability to demonstrate commitment of upskilling in Data Protection legislation and Information Governance within the Healthcare provision in the UK

• Professional certifications in project or change management (e.g. PRINCE2, Agile, APMG Change Management, MSP).
• Evidence of professional development in Data Protection Officer, SIRO or Caldicott principles

• Considerable experience working in a Digital/patient information, information governance, digital clinical safety and quality management environment
• Experience in stakeholder management, including engaging with clinicians, researchers, IT professionals, and external partners.
• Experience of the development of clear and unequivocal standards, procedures and policies followed by successful implementation and review
• Previous experience in supporting the transformation and implementing digital technologies to improve healthcare services and patient outcomes.
• Experience of working at a senior management level within a digital related role or relevant discipline
• Proven ability to manage budgets and human/financial resources effectively, demonstrating staff management and leadership skills
• Experience of data quality management, including the collection and sharing of mandated data sets, such as the Mental Health Standard Data Set (MHSDS)
• Experience of working for the public sector and/or a mental health provider.
• Experience of the NHS Data Security and Protection Toolkit and the National Cyber Security Centre's Cyber Assessment Framework.

• Familiarity with project management methodologies and tools, such as Agile or PRINCE2, and their application to progressing work.
• Experience of the Digital Technology Assurance Criteria (DTAC), and DCB0160 and DCB0129 digital clinical safety standards.
• Experience of overseeing Clinical Coding activity.
• Experience of undertaking the Data Protection Officer role in a health care organisation.

• Specialist knowledge, good understanding, and experience of applications of the Data Protection Act (2018), UK GDPR, Freedom of Information Act (2000), Records Management Code of Practice (2021) and other relevant legislation.
• Knowledge of healthcare regulations, data privacy laws, and ethical considerations related to digital healthcare initiatives.
• Knowledge of research and secondary use legislation (such as Confidentiality Advisory Group decisions and Section 251 of the Health and Social Care Act)
• Good understanding of service user consent, knowledge of consent in relation to Mental Capacity Act, Mental Health Act and experience of practical consent models

• Understanding of the challenges and opportunities in mental health services and how digital transformation can address them.
• Strong knowledge of digital technologies and trends in healthcare, such as electronic health records, telemedicine, artificial intelligence, data analytics, and mobile health applications.
• Specialist knowledge, good understanding, and experience of applications of the national security standards set by the National Cyber Security Centre, Department of Health and NHS England

• Ability to handle highly complex and sensitive information for communication with staff at all levels, including senior managers, executive directors and the Trust Board.
• Excellent communication and interpersonal skills, including the ability to engage and collaborate effectively with individuals at all levels of the organisation.
• Strategic thinking and analytical capabilities to identify opportunities for improved digital assurance and align them with organisational goals.
• Ability to manage budgets, allocate resources, and mitigate risks.
• Problem-solving mindset, with the ability to think creatively and find innovative solutions to challenges.

• Strong project management skills, with the ability to lead, plan, and execute complex projects with multiple stakeholders.

• Strong leadership and team management skills, with the ability to inspire and motivate cross-functional teams.
• Results-oriented and deadline-driven, with a focus on achieving measurable outcomes and delivering on time and within budget.
• Adaptable and resilient, with the ability to thrive in a fast-paced and evolving healthcare environment.
• Ethical and trustworthy, with a commitment to maintaining confidentiality and ensuring the responsible use of digital technologies in healthcare.
• Excellent organisational and time management skills, with the ability to prioritise and manage multiple tasks effectively

• There is an occasional requirement to travel to relevant regional/national events. Also, to regularly attend the office and travel across the wide footprint of the Trust to attend meetings relevant to the role.

All positions within the Trust are subject to satisfactory pre-employment checks, for further information on the checks required please visit the NHS Employers website www.nhsemployers.org

Applicants are encouraged to apply for posts at Greater Manchester Mental Health who have direct experience of mental health, learning disability or drug and alcohol services either as a service user or a carer.

The Trust is also committed to safeguarding children, young people and vulnerable adults and requires all staff and volunteers to share this commitment.

We are aspiring to ensure our workforce is representative of the diverse communities that we serve, and we are strongly committed to removing barriers to employment for candidates from under-represented groups, for example BAME, Disabled and LGBT+ communities. If you would like to have an informal chat about the recruitment process for this role or would value some additional support, we'd love to hear from you.

A candidate may utilise the help of AI when writing job application. The assessment of an application is made on its entirety and most times AI-generated content does not fully grasp the context and requirements of the job one applies for thus producing inaccurate and misleading information, especially in the supporting statement section of an application that can lack real life examples of one's achievements, success and challenges.

We have added a disclaimer to our application process advising that the use of AI is monitored. GMMH reserves the right to follow up with a candidate at the interview on specific responses and those examples used in the supporting statement to explore it further.

We are proud to be an approved sponsor for the Skilled Worker visa. Applications from individuals who require sponsorship will be considered alongside all other applications. Please be aware that not all roles are eligible for sponsorship. You can review the list of eligible roles and salary requirements on the UK Government's website - click here.

If you are offered a role with us and you require sponsorship, we will check your eligibility in line with the information on the above website. Your offer of employment could be withdrawn if the role is not eligible for sponsorship, and you are not otherwise able to evidence your right to work in the UK.

The Home Office introduces new changes from 09/04/2025 that impact the health and care sector, you may wish to familiarise with it here.

We want to attract and retain people with diverse skills and experience, to deliver inclusive healthcare services to our communities.

We will consider relevant experience outside the NHS to calculate your salary on appointment. Please contact our Recruitment Team for more information.

You must have appropriate UK professional registration.

• Head of Digital Assurance JD (PDF, 304.6KB)
• Head of Digital Assurance PS (PDF, 552.5KB)
• Important Candidate information (PDF, 2.5MB)