Nottingham CityCare Partnership CIC

Information Security Officer

Information:

This job is now closed

Job summary

Are you looking for challenge?

Do you have Information Security / Data Protection experience?

Do you have a passion for keeping information confidential and secure?

If so then we want to hear from you!

CityCare is looking to recruit a motivated Information Security Officer to work in our small, but busy and highly valued, Information Security team.

Reporting to the Head of Information Security & Data Protection Officer, the post holder should understand Data Protection legislation or have a keen interest in developing their understanding in this high-profile area.

The role will assist the Head of Information Security & DPO with the submission of the Data Security and Protection Toolkit, whilst aiding the organisation to demonstrate compliance with Data Protection legislation (GDPR / DPA etc.) and assisting them in fulfilling their statutory duties.

For any questions about the job role please contact Gareth Jones on:

Mobile: 07920 861 731 Email: gareth.jones22@nhs.net

Main duties of the job

You will be a team player, but also able to work autonomously, whilst providing an outstanding service to CityCare directorates and Partner organisations. You will be a point of contact for Information Security queries and will be a key support for CityCare Information Asset Owners.

This role will plan, coordinate, and deliver a range of projects and training programmes including, but not limited to, Data Security Awareness, Records Management and Information Assets.

To be successful in this exciting new role you will need to take initiative, be a good communicator, be dedicated and flexible, but also thrive on providing a good quality professional service whilst promoting all things information security.

Attached you will find the detailed job description and person specification for the role which outlines the day-to-day responsibilities.

About us

We are a provider of NHS Community Health Services, CityCare exists to support the health and wellbeing of all local people, working alongside other health and care partners to achieve this. We are a value driven, people business with a passion for excellence. Our vision and social purpose is to make a difference everyday to the health & wellbeing of our communities and our values of kindness, respect, trust and honesty lie at the heart of everything we do, guiding how we work together with partners and each other to consistently deliver high quality compassionate care. As a social enterprise we aim to add social value by investing in the future of our local communities and helping to make a difference in peoples lives.

CityCare value the benefits of a diverse and inclusive workforce. We encourage applications from candidates who identify as disabled, LGBT+ or from a Black, Asian or Minority Ethnic (BAME) background, as they are currently under-represented within our organisation.

CityCare is an equal opportunities employer. We are positive about employing people with disabilities. If you require your application in a different format please contact Human Resources on 0115 8839418. CityCare is committed to the protection of vulnerable adults and children.

Details

Date posted

09 February 2024

Pay scheme

Agenda for change

Band

Band 5

Salary

£28,407 to £34,581 a year

Contract

Permanent

Working pattern

Full-time

Reference number

B9826-PGCE-5944

Job locations

Aspect Court (Hybrid-Remote)

Aspect Business Park

Bennerley Road, Bulwell

Nottingham

NG6 8WR


Job description

Job responsibilities

Job Purpose

  • Working within a busy Information Security team, the post holder will work closely with the Head of Information Security & Data Protection Officer to provide a high-quality Information Security and Data Protection Service to CityCare Directorates.
  • The post holder will assist the Head of Information Security & Data Protection Officer with the submission of the Data Security and Protection Toolkit, whilst aiding the organisation to demonstrate compliance with Data Protection legislation.
  • The post holder will assist the Head of Information Security & Data Protection Officer in fulfilling their statutory duties.

Dimensions

  • The post holder will plan, coordinate and deliver a range of projects and training programmes including, but not limited to, Data Security Awareness, Records Management and Information Assets.
  • The post holder will also provide assistance to Managers and Project Leads in the completion of Data Protection Impact Assessments, Data Sharing Agreements and Data Processing Agreements.
  • The Information Security Officer will assist with the monitoring of policy reviews and support with increasing staff awareness of Information Security and Data Protection measures.

Key Responsibilities

  • To act as a point of contact for information security and data protection queries and requests for support which includes monitoring the shared mailbox and coordinating responses to internal and external colleagues.
  • To maintain relationships with members of the public and internal / external stakeholders whilst ensuring that queries are dealt with confidentiality and sensitively, effectively and of high standard, whilst using own judgement to decide on the course of action.
  • To contribute to the development of organisational policies, procedures, and guidance including monitoring of review dates and publication on the organisations intranet and website.
  • To provide support to Managers and Project Leads in the completion of relevant information security assessments such as Data Protection Impact Assessments, Data Sharing Agreements and Data Processing agreements, ensuring escalation of risks to the Head of Information Security & Data Protection Officer.
  • To plan, coordinate and deliver a range of projects and training programmes including, but not limited to, Data Security Awareness, Records Management and Information Assets, ensuring specific targets are met.
  • To work proactively with the organisations Information Asset Owners to ensure that the Information Asset Register/Data Flow Mapping is maintained, risk assessed and up to date and that all Owners are appropriately briefed, trained and supported in their roles, escalating any concerns to the Head of Information Security & Data Protection Officer, and/or SIRO as required.
  • To support, where required, with data breach / information security incidents, ensuring that Managers are recording in line with the organisations policies and appropriate actions are taken as quickly as possible and are escalated accordingly. This may also include reviewing audit trails, checking individual accounts and producing relevant reports.
  • To provide assistance / support with the organisations submission of the Data Security and Protection Toolkit, working with internal and external colleagues to collate the relevant evidence to ensure the organisation can demonstrate compliance.
  • To assist with the production of a communications plan to raise employee awareness, which could include posters, leaflets, articles and maintenance of the Information Security pages of the intranet.
  • To provide an administrative support to the Service, and to assist, where necessary, with the administration of the Digital & Information Security Group including agendas, papers, and reports.
  • To attend relevant Information Security meetings, seminars and conferences as necessary, providing feedback to relevant colleagues and committees and where necessary, deputising for the Head of Information Security & Data Protection Officer.
  • To develop and maintain strong working relationships with a range of internal and external colleagues, such as the Caldicott Guardian, Senior Information Risk Owner, Digital Leads, Business Intelligence and Cyber Security colleagues.
  • To support, where necessary, the Subject Access Request process and providing advice as needed.
  • Undertake any other duties which may reasonably be required within the Service and as delegated by the Head of Information Security & Data Protection Officer, including deputising as required.

Job description

Job responsibilities

Job Purpose

  • Working within a busy Information Security team, the post holder will work closely with the Head of Information Security & Data Protection Officer to provide a high-quality Information Security and Data Protection Service to CityCare Directorates.
  • The post holder will assist the Head of Information Security & Data Protection Officer with the submission of the Data Security and Protection Toolkit, whilst aiding the organisation to demonstrate compliance with Data Protection legislation.
  • The post holder will assist the Head of Information Security & Data Protection Officer in fulfilling their statutory duties.

Dimensions

  • The post holder will plan, coordinate and deliver a range of projects and training programmes including, but not limited to, Data Security Awareness, Records Management and Information Assets.
  • The post holder will also provide assistance to Managers and Project Leads in the completion of Data Protection Impact Assessments, Data Sharing Agreements and Data Processing Agreements.
  • The Information Security Officer will assist with the monitoring of policy reviews and support with increasing staff awareness of Information Security and Data Protection measures.

Key Responsibilities

  • To act as a point of contact for information security and data protection queries and requests for support which includes monitoring the shared mailbox and coordinating responses to internal and external colleagues.
  • To maintain relationships with members of the public and internal / external stakeholders whilst ensuring that queries are dealt with confidentiality and sensitively, effectively and of high standard, whilst using own judgement to decide on the course of action.
  • To contribute to the development of organisational policies, procedures, and guidance including monitoring of review dates and publication on the organisations intranet and website.
  • To provide support to Managers and Project Leads in the completion of relevant information security assessments such as Data Protection Impact Assessments, Data Sharing Agreements and Data Processing agreements, ensuring escalation of risks to the Head of Information Security & Data Protection Officer.
  • To plan, coordinate and deliver a range of projects and training programmes including, but not limited to, Data Security Awareness, Records Management and Information Assets, ensuring specific targets are met.
  • To work proactively with the organisations Information Asset Owners to ensure that the Information Asset Register/Data Flow Mapping is maintained, risk assessed and up to date and that all Owners are appropriately briefed, trained and supported in their roles, escalating any concerns to the Head of Information Security & Data Protection Officer, and/or SIRO as required.
  • To support, where required, with data breach / information security incidents, ensuring that Managers are recording in line with the organisations policies and appropriate actions are taken as quickly as possible and are escalated accordingly. This may also include reviewing audit trails, checking individual accounts and producing relevant reports.
  • To provide assistance / support with the organisations submission of the Data Security and Protection Toolkit, working with internal and external colleagues to collate the relevant evidence to ensure the organisation can demonstrate compliance.
  • To assist with the production of a communications plan to raise employee awareness, which could include posters, leaflets, articles and maintenance of the Information Security pages of the intranet.
  • To provide an administrative support to the Service, and to assist, where necessary, with the administration of the Digital & Information Security Group including agendas, papers, and reports.
  • To attend relevant Information Security meetings, seminars and conferences as necessary, providing feedback to relevant colleagues and committees and where necessary, deputising for the Head of Information Security & Data Protection Officer.
  • To develop and maintain strong working relationships with a range of internal and external colleagues, such as the Caldicott Guardian, Senior Information Risk Owner, Digital Leads, Business Intelligence and Cyber Security colleagues.
  • To support, where necessary, the Subject Access Request process and providing advice as needed.
  • Undertake any other duties which may reasonably be required within the Service and as delegated by the Head of Information Security & Data Protection Officer, including deputising as required.

Person Specification

Experience

Essential

  • Evidence of working in an Information Governance / Information Security or Information Technology role.
  • A good working knowledge of Data Protection legislation and ability to interpret legislative frameworks and guidance.
  • Evidence of designing and delivering presentations / training to a large group.
  • Evidence of delivering projects to agreed timescales.

Desirable

  • Experience of working within the NHS.
  • Experience of using NHS Management Systems such as ESR and Datix.
  • Experience / knowledge of the Data Security and Protection Toolkit.

Qualifications

Essential

  • Knowledge of a range of Data Protection areas acquired through qualification to degree or equivalent level or relevant experience.
  • Demonstrated experience of coordinating large projects in complex and challenging environments.

Desirable

  • Certificate or equivalent in an Information Security / Data Protection related discipline.
  • Project Management Qualification.

Knowledge and skills

Essential

  • Good working knowledge of Microsoft Office 365 products and applications, including Outlook.
  • Excellent written and verbal skills.
  • Ability to prepare and produce clear, concise communications for a variety of audiences.
  • Experience of policy and procedural management.
  • Evidence of problem-solving skills and providing advice, based upon own judgement / decision making, with minimal supervision.
  • Excellent time management skills, with the ability to manage own workload.
  • Evidence of developing trusted relationships with a wide range of internal and external colleagues.
  • Understanding of risks / risk management in an information / data / cyber security environment.
  • Evidence of personal development and keeping up to date with changing Data Protection law.
  • Ability to work as part of a team, delivering a set a of agreed objectives.

Desirable

  • Experience of SharePoint / OneDrive / Sites development and maintenance.
  • Conflict management and negotiation skills.
  • Experience of administrative tasks such as minute taking / actions logs.

Special Requirements

Essential

  • All appointments are subject to satisfactory occupational health clearance.
  • Ability to be flexible over hours worked within contracted hours to meet the needs of the service.
  • Ability to work out of hours (within reason).
  • Able to attend the office at least 2 days per week and to travel to various locations / CityCare bases.
Person Specification

Experience

Essential

  • Evidence of working in an Information Governance / Information Security or Information Technology role.
  • A good working knowledge of Data Protection legislation and ability to interpret legislative frameworks and guidance.
  • Evidence of designing and delivering presentations / training to a large group.
  • Evidence of delivering projects to agreed timescales.

Desirable

  • Experience of working within the NHS.
  • Experience of using NHS Management Systems such as ESR and Datix.
  • Experience / knowledge of the Data Security and Protection Toolkit.

Qualifications

Essential

  • Knowledge of a range of Data Protection areas acquired through qualification to degree or equivalent level or relevant experience.
  • Demonstrated experience of coordinating large projects in complex and challenging environments.

Desirable

  • Certificate or equivalent in an Information Security / Data Protection related discipline.
  • Project Management Qualification.

Knowledge and skills

Essential

  • Good working knowledge of Microsoft Office 365 products and applications, including Outlook.
  • Excellent written and verbal skills.
  • Ability to prepare and produce clear, concise communications for a variety of audiences.
  • Experience of policy and procedural management.
  • Evidence of problem-solving skills and providing advice, based upon own judgement / decision making, with minimal supervision.
  • Excellent time management skills, with the ability to manage own workload.
  • Evidence of developing trusted relationships with a wide range of internal and external colleagues.
  • Understanding of risks / risk management in an information / data / cyber security environment.
  • Evidence of personal development and keeping up to date with changing Data Protection law.
  • Ability to work as part of a team, delivering a set a of agreed objectives.

Desirable

  • Experience of SharePoint / OneDrive / Sites development and maintenance.
  • Conflict management and negotiation skills.
  • Experience of administrative tasks such as minute taking / actions logs.

Special Requirements

Essential

  • All appointments are subject to satisfactory occupational health clearance.
  • Ability to be flexible over hours worked within contracted hours to meet the needs of the service.
  • Ability to work out of hours (within reason).
  • Able to attend the office at least 2 days per week and to travel to various locations / CityCare bases.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Nottingham CityCare Partnership CIC

Address

Aspect Court (Hybrid-Remote)

Aspect Business Park

Bennerley Road, Bulwell

Nottingham

NG6 8WR


Employer's website

https://www.nottinghamcitycare.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Nottingham CityCare Partnership CIC

Address

Aspect Court (Hybrid-Remote)

Aspect Business Park

Bennerley Road, Bulwell

Nottingham

NG6 8WR


Employer's website

https://www.nottinghamcitycare.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Information Security

Gareth Jones

gareth.jones22@nhs.net

07920861731

Details

Date posted

09 February 2024

Pay scheme

Agenda for change

Band

Band 5

Salary

£28,407 to £34,581 a year

Contract

Permanent

Working pattern

Full-time

Reference number

B9826-PGCE-5944

Job locations

Aspect Court (Hybrid-Remote)

Aspect Business Park

Bennerley Road, Bulwell

Nottingham

NG6 8WR


Supporting documents

Privacy notice

Nottingham CityCare Partnership CIC's privacy notice (opens in a new tab)