Head of Information Governance

Head of Information Governance

Department - Information Governance

Band 8B

Hours: 37.5, all MKUH roles will be considered for flexible working

Are you an experienced information governance professional seeking your next challenge? The NHS is looking for a dynamic, knowledgeable, and forward‑thinking individual to join our team as Head of Information Governance. This is a pivotal role, ensuring the effective management, protection, and use of information across the organisation, supporting delivery of high‑quality healthcare services.

Lead the development, implementation, and review of the NHS's information governance strategy, policies, and procedures.

Ensure compliance with all relevant legislation, including the Data Protection Act 2018, UK GDPR, Freedom of Information Act, and NHS‑specific standards.

Act as the organisation's expert advisor on all matters relating to information governance, data protection, confidentiality, and records management.

Oversee the delivery of staff training and awareness programmes to promote a strong culture of information governance.

Manage responses to data breaches, information requests, audits, and investigations, liaising with regulatory bodies as required.

Work collaboratively with key stakeholders, including IT, clinical teams, and external partners, to ensure robust data governance and cyber‑security practices.

Report regularly to senior management and the board on information governance performance, risks, and improvements.

Extensive knowledge of data protection, confidentiality, and information security legislation and best practice, ideally within a healthcare setting.

Proven experience in a senior information governance, data protection, or records management role.

Excellent leadership, communication, and influencing skills, with the ability to engage and educate colleagues at all levels.

Strong analytical skills and the ability to manage complex projects and conflicting priorities.

Relevant professional certification (e.g., CIPP/E, ISEB, or similar) is desirable.

Milton Keynes University Hospital, in proud partnership with the University of Buckingham, is a University Teaching Hospital committed to advancing patient care through cutting‑edge research and education. With a "Good" rating from the CQC and significant investment underway, this is an exciting time to join our team and grow your career.

As a medium sized general hospital, we provide a full range of general medical and surgical services, including a busy Emergency Department, Maternity, and Paediatrics. As the population of our city and surrounding areas continues to grow rapidly, we are expanding and enhancing our facilities to meet rising demand and improve access to care for all our communities.

We are also proud to offer a growing portfolio of specialist services. In January 2025 we opened our state‑of‑the‑art Radiotherapy Centre, bringing advanced cancer treatment closer to home. Our services also include neonatology, specialist surgical care, and a wide range of diagnostics, supported by the new Community Diagnostic Centre at Whitehouse Health Centre.

Further investment is underway, including the construction of Oak Wards – a new ward block featuring two 24‑bed wards – and the recently approved Women and Children's Centre, set to open by 2030.

Visit our website to explore the latest news and opportunities at MKUH – News – Milton Keynes University Hospital –

For further information about Milton Keynes please visit – Visit Milton Keynes

20 November 2025

Agenda for change

Band 8b

£64,455 to £74,896 a year Per annum

Permanent

Full‑time

430-CORP25-265A

Information Governance (Dept)

Milton Keynes

MK6 5LD

Provide visible leadership within the Trust for information governance and data protection.

Provide visible leadership of the information governance and data protection teams including talent management and staff development.

Manage all team members in accordance with HR policies and procedures ensuring that good practice in recruitment, appraisal, performance management and other policies areas is maintained.

Promote an effective information governance and risk‑management culture that embeds information governance principles in Trust activities, ensures individual responsibilities are understood and supports good working practices throughout the Trust.

Proactively be a source of information and expertise on information governance including EU and national legislation, Information Commissioners Officer, Information Commissioner Directives, NHS England and Department of Health targets, and translate those into strategy and policy that enable good governance and compliance across the Trust. This will involve decision making where no precedent exists.

To be the Trusts Data Protection Officer as defined by the GDPR

To monitor compliance with the GDPR and other data protection laws, and with the Trusts data protection policies, including managing internal data protection activities

To provide routine reports to the Trust Board via the SIRO on the organisations state of compliance

To raise awareness of data protection issues across the Trust, including training staff and developing user‑friendly advice and guidance materials as necessary

To advise on, and monitor the process for, data protection impact assessments.

Manage information sharing initiatives and agreements, ensuring the Trusts approach is compliant with law and best practice.

Proactively ensure the Trust is able to share information effectively and appropriately where multi‑agency or partnership working exists.

Effectively manage the information governance team budget.

Manage a systematic programme of confidentiality audits and ensure results are communicated and acted upon.

Ensure legitimate relationship and Privacy Officer audits are routinely undertaken within the team and any results requiring action appropriately escalated.

Organisational responsibility to coordinate the delivery of action plans and improvement programmes to support Data Security & Protection Toolkit compliance. This will require liaison with all levels of staff throughout the Trust, service users, contractors, and other agencies.

— Please refer to the job description for further details. —

Provide visible leadership within the Trust for information governance and data protection.

Provide visible leadership of the information governance and data protection teams including talent management and staff development.

Manage all team members in accordance with HR policies and procedures ensuring that good practice in recruitment, appraisal, performance management and other policies areas is maintained.

Promote an effective information governance and risk‑management culture that embeds information governance principles in Trust activities, ensures individual responsibilities are understood and supports good working practices throughout the Trust.

Proactively be a source of information and expertise on information governance including EU and national legislation, Information Commissioners Officer, Information Commissioner Directives, NHS England and Department of Health targets, and translate those into strategy and policy that enable good governance and compliance across the Trust. This will involve decision making where no precedent exists.

To be the Trusts Data Protection Officer as defined by the GDPR

To monitor compliance with the GDPR and other data protection laws, and with the Trusts data protection policies, including managing internal data protection activities

To provide routine reports to the Trust Board via the SIRO on the organisations state of compliance

To raise awareness of data protection issues across the Trust, including training staff and developing user‑friendly advice and guidance materials as necessary

To advise on, and monitor the process for, data protection impact assessments.

Manage information sharing initiatives and agreements, ensuring the Trusts approach is compliant with law and best practice.

Proactively ensure the Trust is able to share information effectively and appropriately where multi‑agency or partnership working exists.

Effectively manage the information governance team budget.

Manage a systematic programme of confidentiality audits and ensure results are communicated and acted upon.

Ensure legitimate relationship and Privacy Officer audits are routinely undertaken within the team and any results requiring action appropriately escalated.

Organisational responsibility to coordinate the delivery of action plans and improvement programmes to support Data Security & Protection Toolkit compliance. This will require liaison with all levels of staff throughout the Trust, service users, contractors, and other agencies.

— Please refer to the job description for further details. —

• Educated to Masters level in a relevant subject or have equivalent experience
• Certificate in Information Security Management Principles or similar or have equivalent experience
• BCS (ISEB) qualification in data protection
• Certificate in Freedom of Information (BCS)
• Extensive knowledge and understanding of the information governance legislative framework
• Highly developed understanding of confidentiality NHS Codes of Practice and guidance
• Highly developed knowledge of the principles and law applicable to information sharing between agencies
• In depth, up to date knowledge of NHS information security requirements
• Significant evidence of continuing professional development
• Leadership development / qualification
• Significant knowledge of current national and regional health policy and guidance in relation to IG
• Specialist and in‑depth knowledge of a number of functions and disciplines.

• Certified Information Security manager (CISM) or Certified Information security Systems Professional (CISSP)
• MSP qualification or Prince 2 Practitioner with extensive program management experience within an information sharing environment

• Extensive experience of managing information security and risk
• Extensive experience of information governance within an NHS environment
• Experience of Data Security & Protection Toolkit management
• Extensive experience in the development, delivery and implementation of information governance and information security policies and procedures
• Significant experience of developing and managing information sharing with other agencies
• Experience of working at a senior level in an NHS risk or assurance role
• Excellent track record of managing multiple concurrent projects and deliverables against conflicting priorities.
• Experience of working effectively within a political environment
• Experience of effectively managing budgets
• Extensive experience of effectively managing staff
• System audits and investigation of suspicious activity
• Excellent relationship development and networking across internal and external stakeholders

• Significant experience of supporting all departments in the hospital with business case development, IG Risk management, as well ICO fine avoidance.
• Competent user of Trust systems to include eCare, PACs, SBS and EDM

• Excellent interpersonal skills including relationship building, negotiation & diplomacy with managers & staff at all levels
• Able to influence within external agencies, specifically with regional organisations and key partners
• Well‑developed ability to weigh up a range of options to give information governance advice in what may be a contentious situation or be in response to legal action
• Ability to deal with highly complex or sensitive facts or situations requiring analysis, interpretation, and comparison of a range of options, often where there is no precedent
• Ability to deal with an unpredictable work pattern, maintain composure under pressure, deal with frequent interruptions and work to tight deadlines
• Ability to demonstrate motivation and integrity
• Ability to manage and cope with high levels of change
• Emotional intelligence and personal resilience to remain effective in complex and often stressful circumstances
• Able to work autonomously and make clear decisions in senior forums

• Demonstrate effective management and leadership skills
• Self‑motivated with the ability to generate and implement own ideas
• Able to work with limited or no supervision
• Able to prioritise and manage own and others workload and deliver against deadlines
• Excellent interpersonal, persuasion and influencing skills
• Work under pressure whilst remaining pragmatic
• Assertive and confident, with drive and enthusiasm to lead and succeed
• Analytical reasoning with creative problem‑solving ability
• Committed to self‑development and being enthusiastic about acquiring new skills and embracing new technologies.
• Maintain a calm and rational approach to situations where conflict is likely.
• Provide leadership and guidance to staff in their personal development and training

• Excellent written and oral communication skills
• Ability to communicate highly complex, sensitive and contentious information to a wide range of stakeholder audiences who may be openly hostile
• Ability to handle difficult issues with sensitivity

• Able to perform the duties of the post with reasonable aids and adaptations

• Educated to Masters level in a relevant subject or have equivalent experience
• Certificate in Information Security Management Principles or similar or have equivalent experience
• BCS (ISEB) qualification in data protection
• Certificate in Freedom of Information (BCS)
• Extensive knowledge and understanding of the information governance legislative framework
• Highly developed understanding of confidentiality NHS Codes of Practice and guidance
• Highly developed knowledge of the principles and law applicable to information sharing between agencies
• In depth, up to date knowledge of NHS information security requirements
• Significant evidence of continuing professional development
• Leadership development / qualification
• Significant knowledge of current national and regional health policy and guidance in relation to IG
• Specialist and in‑depth knowledge of a number of functions and disciplines.

• Certified Information Security manager (CISM) or Certified Information security Systems Professional (CISSP)
• MSP qualification or Prince 2 Practitioner with extensive program management experience within an information sharing environment

• Extensive experience of managing information security and risk
• Extensive experience of information governance within an NHS environment
• Experience of Data Security & Protection Toolkit management
• Extensive experience in the development, delivery and implementation of information governance and information security policies and procedures
• Significant experience of developing and managing information sharing with other agenciesExperience of working at a senior level in an NHS risk or assurance role
• Excellent track record of managing multiple concurrent projects and deliverables against conflicting priorities.
• Experience of working effectively within a political environment
• Experience of effectively managing budgets
• Extensive experience of effectively managing staff
• System audits and investigation of suspicious activity
• Excellent relationship development and networking across internal and external stakeholders

• Significant experience of supporting all departments in the hospital with business case development, IG Risk management, as well ICO fine avoidance.
• Competant user of Trust systems to include eCare, PACs, SBS and EDM

• Excellent interpersonal skills including relationship building, negotiation & diplomacy with managers & staff at all levels
• Able to influence within external agencies, specifically with regional organisations and key partners
• Well‑developed ability to weigh up a range of options to give information governance advice in what may be a contentious situation or be in response to legal action
• Ability to deal with highly complex or sensitive facts or situations requiring analysis, interpretation, and comparison of a range of options, often where there is no precedent
• Ability to deal with an unpredictable work pattern, maintain composure under pressure, deal with frequent interruptions and work to tight deadlines
• Ability to demonstrate motivation and integrity
• Ability to manage and cope with high levels of change
• Emotional intelligence and personal resilience to remain effective in complex and often stressful circumstances
• Able to work autonomously and make clear decisions in senior forums

• Demonstrate effective management and leadership skills
• Self‑motivated with the ability to generate and implement own ideas
• Able to work with limited or no supervision
• Able to prioritise and manage own and others workload and deliver against deadlines
• Excellent interpersonal, persuasion and influencing skills
• Work under pressure whilst remaining pragmatic
• Assertive and confident, with drive and enthusiasm to lead and succeed
• Analytical reasoning with creative problem‑solving ability
• Committed to self‑development and being enthusiastic about acquiring new skills and embracing new technologies.
• Maintain a calm and rational approach to situations where conflict is likely.
• Provide leadership and guidance to staff in their personal development and training

• Excellent written and oral communication skills
• Ability to communicate highly complex, sensitive and contentious information to a wide range of stakeholder audiences who may be openly hostile
• Ability to handle difficult issues with sensitivity

• Able to perform the duties of the post with reasonable aids and adaptations

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Milton Keynes University Hospital NHS Foundation Trust

Information Governance (Dept)

Milton Keynes

MK6 5LD

https://www.mkuh.nhs.uk/working-at-mkuh (Opens in a new tab)