Head of Digital Assurance

Job Summary

The Head of Digital Assurance will be the Data Protection Officer for the organisation, and experienced leader with a comprehensive understanding of health and social care services, the significance of clinical and corporate data, and data protection regulations. The role demands a proven track record in applying information governance (IG) related national legislation.

The post holder will provide leadership and expert advice on IG, records management, and data quality across the Trust and its strategic partnerships. They will develop and implement frameworks to achieve the digital strategy goals, aligning with the Trust's values, objectives, and national standards. The post holder will have confidence in assuring existing and emerging technologies and employing appropriate governance techniques to support the safe adoption of innovative technology.

The post holder will lead an advanced digital assurance service supporting the mental health Trust and its partnerships with academic, local authority, and voluntary sector partners. They will actively participate in national and regional health and social care initiatives, promoting the Trust's expertise and ensuring compliance with UK GDPR, Data Protection Act (2018), and other relevant legislation. The successful candidate will establish and maintain high-quality arrangements for data protection, freedom of information, data subject access requests, records management, clinical coding, and data quality/strategy activities.

Main duties of the job

1. Lead the development, delivery and management of the digital assurance function that is fit to support the vision and digital aspirations of a mental health trust to empower service users, support clinicians, enable research, improve productivity, and support organisational performance with digital tools, technology and best use of data.

About Us

Greater Manchester Mental Health (GMMH) Foundation Trust employs over 7000 members of staff, who deliver services from more than 160 locations.

We provide inpatient and community-based mental health care for people living in Bolton, the city of Manchester, Salford, Trafford and the borough of Wigan, and a wide range of specialist mental health and substance misuse services across Greater Manchester, the north west of England and beyond.

Greater Manchester is one of the world's most innovative, original and exciting places to live and work. From the beauty of the surrounding countryside to the heart of the vibrant inner city with great shopping, entertainment and dining options.

Wherever you go you will experience a great northern welcome with people famed for their warmth, humour and generosity.

Our people enjoy their work, have opportunities to learn and develop their skills and are encouraged to generate new ideas that improve care for our service users.

Date posted

14 April 2025

Pay scheme

Agenda for change

Band

Band 8c

Salary

£74,290 to £85,601 a year per annum

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

437-7090378

Job locations

Prestwich

Oakwood Building

Prestwich

M25 3BL

Job Description

Job responsibilities

1. Lead the collation, completion and submission of the Data Security and Protection Toolkit submission.
2. Develop strategies and plans to promote and develop good digital assurance practice within the organisation and to embed such good practice in organisational culture.
3. Develop, manage and coordinate a robust IG programme of work within the organisation in line with the Data Protection Act 2018, Freedom of Information Act 2000, Caldicott requirements, Information Sharing Processes and other related legislation and guidance.
4. Promote the good IG practice based on the Trusts relevant strategies in key partnerships such the GM ICS, strategic regional and national groups and collaborative networks.
5. Provide updates and expert advice to senior leaders in the Trust and in strategic partnerships on issues that relate to information governance.
6. Work closely with the Caldicott Guardian, the Chief Clinical Information Officer, the SIRO, and the CIO to lead the development and delivery of the Trust digital assurance Framework in line with relevant legislation, health and social care standards.
7. Monitor and manage compliance with IG related national legislation (Data Protection Act, Freedom of Information Act etc), industry security standards (such as ISO27001, Cyber Essentials Plus) and health and social care IG standards.
8. Advise the organisation and key partnerships / strategic networks to design, develop and monitor processes, policies and strategies to enable effective, lawful and secure use of clinical information for secondary uses such as research to maximise the value of such information for the benefit of service users.
9. Lead the development of Trust-wide IG and other relevant Digital policies that are compliant, clear and easy to understand.
10. Ensure the organisation successfully manages the risk associated with information and technology through Trust wide standards and compliance with those standards.
11. Ensure processes and awareness are in place for information related incidents to be appropriately reported, escalated and investigated, lessons learnt are disseminated across the organisation.
12. Lead reviews and advise on breaches of information security and confidentiality.
13. Provide expert advice and guidance to members of staff and other stakeholders on digital assurance matters.
14. Provide expert advice on national strategies and complex legislation affecting the IG of the organisation ensuring the organisation is aware of changes that may require adjustments in the Trust approach.
15. Lead, participate and contribute in organisational, regional and national committees, groups and networks to determine and implement national and local policies, protocols and procedures.
16. Lead the monitoring of information processing against agreed standards by undertaking inspections and assurance audits of information security and confidentiality arrangements within the organisation.
17. Engage service users and carers in the development of organisational digital assurance policies to ensure increased awareness of information rights, purposes for which information is to be used and shared and obtaining consent.
18. Lead the development of regular reports and communications on digital assurance matters within and beyond the organisation.
19. Lead the development and delivery an IG awareness and training programme of activities that meets the needs of the Trust workforce, and complies with the requirements of the Data Protection and Security Toolkit (DSPT).
20. Promote professional and corporate responsibility to safeguard confidential clinical information handled and exchanged within the Trust and with partner organisations.
21. Lead the training of large groups of staff in confidentiality, information security, freedom of information and other digital assurance subjects.
22. Lead the investigation and response to formal information requests, complaints, regulatory notices from external organisations and regulators.
23. Provide lead point of contact with the Information Commissioners Office on behalf of the Trust.
24. Manage the processes to enable effective sharing of information within the organisation and with partner organisations in line with national legislation and policies.
25. Develop assurance checks on compliance to internal Digital Services and Trust processes and national best practice standards.
26. Contribute to the development of a culture of openness allowing appropriate information to flow freely.
27. Ensure the development and effective administration of a document management system.
28. Act as the Data Protection Officer fulfilling their statutory duties and responsibilities under the GDPR and the Data Protection Act 2018.
29. Monitor the compliance of the Trust with the data protection legislation and reporting any issues or risks to the Caldicott Guardian, the SIRO, and the IG Steering Group.
30. Provide advice and guidance to the Trust staff on data protection matters, such as data subject rights, data breach notification, data protection impact assessment, data sharing agreements, and data minimisation principles.
31. Raise awareness and promoting a data protection culture within the Trust through training, communication, and engagement activities.

Person Specification

Qualifications Essential

• Educated to masters level or equivalent level of work experience at senior level in a specialist area
• Evidence of professional-development within the last 3 years.
• Ability to demonstrate commitment of upskilling in Data Protection legislation and Information Governance within the Healthcare provision in the UK

Desirable

• Professional certifications in project or change management (e.g. PRINCE2, Agile, APMG Change Management, MSP).
• Evidence of professional development in Data Protection Officer, SIRO or Caldicott principles

Experience Essential

• Considerable experience working in a Digital/patient information, information governance, digital clinical safety and quality management environment
• Experience in stakeholder management, including engaging with clinicians, researchers, IT professionals, and external partners.
• Experience of the development of clear and unequivocal standards, procedures and policies followed by successful implementation and review
• Previous experience in supporting the transformation and implementing digital technologies to improve healthcare services and patient outcomes.
• Experience of working at a senior management level within a digital related role or relevant discipline
• Proven ability to manage budgets and human/financial resources effectively, demonstrating staff management and leadership skills
• Experience of data quality management, including the collection and sharing of mandated data sets, such as the Mental Health Standard Data Set (MHSDS)
• Experience of working for the public sector and/or a mental health provider.
• Experience of the NHS Data Security and Protection Toolkit and the National Cyber Security Centre's Cyber Assessment Framework.

Desirable

• Familiarity with project management methodologies and tools, such as Agile or PRINCE2, and their application to progressing work.
• Experience of the Digital Technology Assurance Criteria (DTAC), and DCB0160 and DCB0129 digital clinical safety standards.
• Experience of overseeing Clinical Coding activity.
• Experience of undertaking the Data Protection Officer role in a health care organisation.

Knowledge Essential

• Specialist knowledge, good understanding, and experience of applications of the Data Protection Act (2018), UK GDPR, Freedom of Information Act (2000), Records Management Code of Practice (2021) and other relevant legislation.
• Knowledge of healthcare regulations, data privacy laws, and ethical considerations related to digital healthcare initiatives.
• Knowledge of research and secondary use legislation (such as Confidentiality Advisory Group decisions and Section 251 of the Health and Social Care Act)
• Good understanding of service user consent, knowledge of consent in relation to Mental Capacity Act, Mental Health Act and experience of practical consent models

Desirable

• Understanding of the challenges and opportunities in mental health services and how digital transformation can address them.
• Strong knowledge of digital technologies and trends in healthcare, such as electronic health records, telemedicine, artificial intelligence, data analytics, and mobile health applications.
• Specialist knowledge, good understanding, and experience of applications of the national security standards set by the National Cyber Security Centre, Department of Health and NHS England

Skills and Abilities Essential

• Ability to handle highly complex and sensitive information for communication with staff at all levels, including senior managers, executive directors and the Trust Board.
• Excellent communication and interpersonal skills, including the ability to engage and collaborate effectively with individuals at all levels of the organisation.
• Strategic thinking and analytical capabilities to identify opportunities for improved digital assurance and align them with organisational goals.
• Ability to manage budgets, allocate resources, and mitigate risks.
• Problem-solving mindset, with the ability to think creatively and find innovative solutions to challenges.

Desirable

• Strong project management skills, with the ability to lead, plan, and execute complex projects with multiple stakeholders.