Head of Information Governance

The closing date is 04 December 2025

Hours: 37.5, all MKUH roles will be considered for flexible working

Are you an experienced information governance professional seeking your next challenge? The NHS is looking for a dynamic, knowledgeable, and forward‑thinking individual to join our team as Head of Information Governance. This is a pivotal role, ensuring the effective management, protection, and use of information across the organisation, supporting delivery of high‑quality healthcare services.

Lead the development, implementation, and review of the NHS's information governance strategy, policies, and procedures.

Ensure compliance with all relevant legislation, including the Data Protection Act 2018, UK GDPR, Freedom of Information Act, and NHS‑specific standards.

Act as the organisation's expert advisor on all matters relating to information governance, data protection, confidentiality, and records management.

Oversee the delivery of staff training and awareness programmes to promote a strong culture of information governance.

Manage responses to data breaches, information requests, audits, and investigations, liaising with regulatory bodies as required.

Work collaboratively with key stakeholders, including IT, clinical teams, and external partners, to ensure robust data governance and cyber security practices.

Interview date: 15 December 2025

NHS Survey, 2024 They feel supported in their employers making reasonable adjustments to help them carry out their work, rating an 82.9%

Report regularly to senior management and the board on information governance performance, risks, and improvements.

Extensive knowledge of data protection, confidentiality, and information security legislation and best practice, ideally within a healthcare setting.

Proven experience in a senior information governance, data protection, or records management role.

Excellent leadership, communication, and influencing skills, with the ability to engage and educate colleagues at all levels.

Strong analytical skills and the ability to manage complex projects and conflicting priorities.

Relevant professional certification (e.g., CIPP/E, ISEB, or similar) is desirable.

Milton Keynes University Hospital, in proud partnership with the University of Buckingham, is a University Teaching Hospital committed to advancing patient care through cutting‑edge research and education.

As a medium‑sized general hospital, we provide a full range of general medical and surgical services, including a busy Emergency Department, Maternity, and Paediatrics.

We are also proud to offer a growing portfolio of specialist services. In January 2025 we opened our state‑of‑the‑art Radiotherapy Centre, bringing advanced cancer treatment closer to home. Our services also include neonatology, specialist surgical care, and a wide range of diagnostics, supported by the new Community Diagnostic Centre at Whitehouse Health Centre.

Further investment is underway, including the construction of Oak Wards – a new ward block featuring two 24‑bed wards – and the recently approved Women and Children’s Centre, set to open by 2030.

Staff Management

Provide visible leadership within the Trust for information governance and data protection.

Provide visible leadership of the information governance and data protection teams including talent management and staff development.

Manage all team members in accordance with HR policies and procedures ensuring that good practice in recruitment, appraisal, performance management and other policies areas is maintained.

Information Governance Expertise and Leadership

Promote an effective information governance and risk‑management culture that embeds information governance principles in Trust activities, ensures individual responsibilities are understood and supports good working practices throughout the Trust.

Proactively be a source of information and expertise on information governance including EU and national legislation, Information Commissioners Officer, Information Commissioner Directives, NHS England and Department of Health targets, and translate those into strategy and policy that enable good governance and compliance across the Trust. This will involve decision making where no precedent exists.

Data Protection Officer

To be the Trusts Data Protection Officer as defined by the GDPR.

To monitor compliance with the GDPR and other data protection laws, and with the Trusts data protection policies, including managing internal data protection activities.

To provide routine reports to the Trust Board via the SIRO on the organisation’s state of compliance.

To raise awareness of data protection issues across the Trust, including training staff and developing user‑friendly advice and guidance materials as necessary.

To advise on, and monitor the process for, data protection impact assessments.

Information sharing

Manage information sharing initiatives and agreements, ensuring the Trusts approach is compliant with law and best practice.

Proactively ensure the Trust is able to share information effectively and appropriately where multi‑agency or partnership working exists.

Budgets

Effectively manage the information governance team budget.

Compliance

Manage a systematic programme of confidentiality audits and ensure results are communicated and acted upon.

Ensure legitimate relationship and Privacy Officer audits are routinely undertaken within the team and any results requiring action appropriately escalated.

Organisational responsibility to coordinate the delivery of action plans and improvement programmes to support Data Security & Protection Toolkit compliance. This will require liaison with all levels of staff throughout the Trust, service users, contractors, and other agencies.

Please refer to the job description for further details.

• Educated to Masters level in a relevant subject or have equivalent experience
• Certificate in Information Security Management Principles or similar or have equivalent experience
• Certificate in Freedom of Information (BCS)
• Extensive knowledge and understanding of the information governance legislative framework
• Highly developed understanding of confidentiality NHS Codes of Practice and guidance
• Highly developed knowledge of the principles and law applicable to information sharing between agencies
• In depth, up to date knowledge of NHS information security requirements
• Significant evidence of continuing professional development
• Significant knowledge of current national and regional health policy and guidance in relation to IG
• Specialist and in‑depth knowledge of a number of functions and disciplines.
• Certified Information Security manager (CISM) or Certified Information security Systems Professional (CISSP)
• MSP qualification or Prince 2 Practitioner with extensive program management experience within an information sharing environment

• Extensive experience of managing information security and risk
• Extensive experience of information governance within an NHS environment
• Experience of Data Security & Protection Toolkit management
• Extensive experience in the development, delivery and implementation of information governance and information security policies and procedures
• Significant experience of developing and managing information sharing with other agencies
• Experience of working at a senior level in an NHS risk or assurance role
• Excellent track record of managing multiple concurrent projects and deliverables against conflicting priorities.
• Experience of working effectively within a political environment
• Experience of effectively managing budgets
• Extensive experience of effectively managing staff
• System audits and investigation of suspicious activity
• Excellent relationship development and networking across internal and external stakeholders
• Significant experience of supporting all departments in the hospital with business case development, IG Risk management, as well ICO fine avoidance.
• Competent user of Trust systems to include eCare, PACs, SBS and EDM

• Excellent interpersonal skills including relationship building, negotiation & diplomacy with managers & staff at all levels
• Able to influence within external agencies, specifically with regional organisations and key partners
• Well‑developed ability to weigh up a range of options to give information governance advice in what may be a contentious situation or be in response to legal action
• Ability to deal with highly complex or sensitive facts or situations requiring analysis, interpretation, and comparison of a range of options, often where there is no precedent
• Ability to deal with an unpredictable work pattern, maintain composure under pressure, deal with frequent interruptions and work to tight deadlines
• Ability to demonstrate motivation and integrity
• Ability to manage and cope with high levels of change
• Emotional intelligence and personal resilience to remain effective in complex and often stressful circumstances
• Able to work autonomously and make clear decisions in senior forums

• Demonstrate effective management and leadership skills
• Self‑motivated with the ability to generate and implement own ideas
• Able to work with limited or no supervision
• Able to prioritise and manage own and others workload and deliver against deadlines
• Excellent interpersonal, persuasion and influencing skills
• Work under pressure whilst remaining pragmatic
• Assertive and confident, with drive and enthusiasm to lead and succeed
• Analytical reasoning with creative problem‑solving ability
• Committed to self‑development and being enthusiastic about acquiring new skills and embracing new technologies.
• Maintain a calm and rational approach to situations where conflict is likely.
• Provide leadership and guidance to staff in their personal development and training

• Excellent written and oral communication skills
• Ability to communicate highly complex, sensitive and contentious information to a wide range of stakeholder audiences who may be openly hostile
• Ability to handle difficult issues with sensitivity

• Able to perform the duties of the post with reasonable aids and adaptations

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Milton Keynes University Hospital NHS Foundation Trust