Job summary

The Deputy Director, Privacy and Compliance is responsible for the functions that collectively enable UKHSA. The team helps to ensure that UKHSA can make the best use out of its data and information to protect public health. Teams provide a single locus for UKHSA to assure Public Health data activities and monitor corporate information risk performance, supporting UKHSAs SIRO obligations to the Department of Health. It leads second line of defence compliance for the Director General of Chief Data Office

Main duties of the job

The job holder will be responsible for leading a team of civil servants and contractors across three areas: (1) Data Compliance, (2) Data Release & Acquisition and (3) Privacy (General Data Protection Regulation); providing professional and accessible data services across UKHSA to enable the use of and sharing of data in support of the UK's Public Health.

The UKHSA Privacy and Compliance directorate sits within Chief Data Office (CDO) Group within UKHSA. The CDO Group has grown out of the Data, Analytics and Surveillance group and Technology; and is now responsible for providing supporting cutting-edge digital, data, analytical With this role we will expect attendance at leadership events in London from time to time as well as any travel necessary to attend sites across the UKHSA estate as required.

This role is a 3-4 month's cover for the Deputy Director of Privacy and Compliance. It will require quickly taking on leadership the Privacy and Compliance team.

About us

We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce.

UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.

Please visit our careers site for more information

Job description

Job responsibilities

Key responsibilities will include:

Ensure UKHSAs approach and process for managing information risk is in accordance with the Framework Agreement with DHSC. Provide advice and best principles for delivering Public Health outcomes. Take the lead in maintaining effective working relationships on Information Risk with key stakeholders, including DHSC, NHS Digital (NHSD), and UKHSA seniors. Responsibility for all data and information sharing (across UKHSA) under formal arrangements or in accordance with legal requirements inbound and outbound data / information, personal and non-personal data. Lead lean/efficient UKHSA services for other groups to enable permissions on data ingestion, use and sharing in support of Public Health outcomes, whilst engendering the trust and confidence of the public, government and our oversight bodies. Responsibility for overseeing adherence to data compliance, privacy, GDPR and other information security controls and standards. Coordinate for the UKHSA Deputy Senior Information Risk Owner (SIRO) the design and implementation of information risk governance and meet all necessary reporting requirements established by the Department of Health and Social Care. Ensure that information risks are appropriately fed into Boards, Audit Risk Committee and DHSC Senior Accountability Meeting as required. Assure the implementation of ICO audit recommendations, that evidence to demonstrate delivery against recommendations is quality assured, collated and made ready in good time. Lead a separate compliance function, working closely with the Data Protection Officer, understanding and evaluating information risk across UKHSA

This role will influence the following key stakeholders:

Internal Data and Analytics function Deputy Directors peers Data and Analytics function Director General and Directors Role and office of the Caldicott Guardian Directors and Deputy Directors across UKHSAIMP Team Data Operations Enterprise Data and Analytical Platform (EDAP) Programme team Legal Commercial Cyber Technology

External

Senior civil servants within Cabinet Office, ONS, DHSC, NHS and other government organisations Roles and organisations such as the National Data Guardian, UK Caldicott Guardian Council, Information Commissioners Office, UK Statistics Authority Concerned stakeholders within identified partnerships with the private sector DHSCs Office of Data Protection (ODPO) DHSCs SIRO DHSCs Information Risk and Assurance (IRMA) team NHS England (NHSE) ICO National Data Guardian (NDG) Government Internal Audit Agency (GIA)

Essential Criteria.

Availability to begin the role on the 7th April 2025 on a short term basis, rolling off in 18th July 2025, (with possible short extension.) Minimum of a Bachelors level degree or equivalent leadership experience. Demonstrate strong leadership skills, having an ability to influence a cross-functional groups towards unified direction, in the face of ambiguity, and having an ability to influence senior business leadership Experience of effective stakeholder management and the ability/gravitas to engage with senior stakeholders across disparate business areas An understanding of, or experience working in, the three main areas of IMP work (information management, data governance and compliance with laws relating to the management of data) Experience of leading and motivating teams to deliver challenging delivery objectives at a time of significant change Knowledge of data-related government regulatory requirements and emerging trends and issues. Experience of, or aptitude for, developing processes and ways of working that comply with the law and/or important government policies.

For full details, please refer to the attached Candidate Pack.

ExternalOpen to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).

Stage 1: Application & Sift

You will be required to complete an application form. You will be assessed on essential criteria, and this will be in the form of an Application form (Employer/ Activity history section on the application) a 1000 word Statement of Suitability.

This should outline how your skills, experience and knowledge provide evidence of your suitability for the role, with reference to the essential criteria.

The Application Form and Statement of Suitability will be marked together.

Please note you will not be able to upload your CV. You must complete the application form in as much detail as possible.

Unfortunately, late applications will not be considered.

If you are successful at this stage, you will progress to interview & assessment.

Please do not exceed 1000 words. We will not consider any words over and above this number.

Feedback will not be provided at this stage.

Stage 2: Interview (success profiles)

You will be invited to virtual interview.

Behaviours, technical and experience will be tested at interview.

There will be a 5-minute presentation, based on Technical and Experience, the topic of which will be confirmed prior to the interview.

The Behaviours tested during the interview stage will be Leadership Delivering at Pace

Interviews will be held week commencing 17th February 2025. Please note, these dates are subject to change.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Clearance.

For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC).

UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice.

UKHSA operates a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce. As a hybrid worker, you will be expected to spend a minimum of 60% of your contractual working hours (approximately 3 days a week pro rata, (averaged over a month) working at one of UKHSA's locations (Birmingham B2 4BH, Leeds LS2 7UE, Liverpool L3 1DS, and London E14 4PU). Specialist or regional roles will be based at the appropriate UKHSA site. For certain roles, some additional flexibility may be possible, which will be agreed upon with the hiring manager based on individual requirements and business needs.

Relocation expenses are not available.

Person Specification

Experience

Essential

Application Form & Statement of Suitability

Behaviours

Essential

Leadership Delivering at Pace