Head of Cyber Security

Job responsibilities

The Head of Cyber Security is operationally responsible for information security management and ensuring that effective cyber security measures are in place to enable the operation of safe, effective and efficient digital systems and services. The role is key to; maintaining measures to prevent unauthorised data theft, loss & disclosure; minimising risk of interruption to business-as-usual services that might arise from malicious activity and; identifying and delivering new and more efficient models of cyber security.

They are expected to improve the effectiveness and value of health care delivery in the Trust by:

• Leading the development and management of assigned digital functions to enhance clinical services and administrative support functions.
• Jointly lead organisational development within the IT Department to embed efficient processes followed by skilled, able and willing staff that ensure delivery of professional, customer focused and seamless digital services & solutions.

Specific Core Functions

Digital Roadmap

• Proactively and positively support the Chief Digital Officer (CDO) by contributing to Trust planning & development and providing digital services & solutions leadership across the Trust.
• Contribute to the development and implementation of long-term corporate digital and cyber security strategies, leading on technical and application development aspects.
• As a Trust expert on information security management; assess and interpret new ("step change") technologies and approaches to underpin effective digital service & solution delivery. Share knowledge of emerging trends and industry developments appropriately, and carry out quality assurance of proposals, so that these stand the best possible chance of success.
• Build and sustain effective communications with other Trust functions and positions involved with digital and transformation agenda as appropriate.
• Lead the implementation of Trust digital projects, investments and benefits realisation programmes ensuring that these meet budget and time targets and are carried out in accordance with Trust and departmental procedures as appropriate.
• Lead the development of Trust digital policies and procedures to reduce risks to the Trust, its staff and patients.
• Support the Divisional Director, CDO and their deputy in provision of routine and ad-hoc reports, plans and risks to Trust Board, Trust Leadership Team, IT Committee and other bodies to ensure digital issues are understood and responded to in an appropriate manner at all levels of the organisation.
• Represent the IT Department at local levels, developing partnerships, sharing best practice and integrating knowledge within the Trust.

Leadership & Management

• Provide effective and visible leadership and direction at all times in the operation and delivery of all Departmental services, including timely delivery of targets and objectives.
• As a member of the IT Department Senior Management Team (SMT) share collective responsibility for setting departmental policy, agreeing workload priorities and resolving internal issues to ensure the whole Department supports and enhances Trust service delivery to patients and the very best of its ability.
• Collaborate with other IT Department Heads of Service to ensure a cohesive, coordinated approach to all aspects of delivery enabling the Department, as a whole, to meet priority demands and ensure needs of the Trust and Department supersede those of individual services and staff.
• Collaborate with other IT Department Heads of Service to ensure robust processes are in place to maintain Departmental compliance with information governance, cyber security, Freedom of Information, data protection, Caldicott, health & safety, major incident planning, risk management, equality & diversity and other relevant requirements.
• Ensure that the Departmental structure remains fit for purpose and deliver required services.
• Take shared responsibility for the financial performance of the Department, including achievement of financial targets, balancing potentially conflicting demands of budgetary requirements and service requirements.
• Set performance standards for services and teams, monitor achievement against these, review working practices and devise improved ways of working where necessary to enhance the efficiency and effectiveness of services delivered.
• Manage, support and guide staff to deliver services, maintain professional standards and develop skills and attitudes that ensure optimum performance within available resources.
• Ensure best practice in managing staff is adopted and maintained, including regular performance appraisal, effective two-way communication and implementation of processes to ensure personnel work in a responsible, safe manner and have due regard for health & safety regulations.
• On behalf of the IT Department SMT, ensure that all digital systems & services have an appropriate degree of robustness and resilience against cyber attack, in line with agreed priorities based upon likelihood and impact.
• Promote the importance of information and infrastructure security across the Trust.
• On behalf of the IT Department SMT, act as the point-of-contact and lead promotion of the importance of information and infrastructure security across the Trust.

Cyber Security Service Delivery

Be accountable for the management and provision of the following services:

1. The IT Department Security Operations Centre (SOC).
2. Protection & assurances (including patch management, threat assessment & vulnerability detection, technical controls, etc.).
3. Overall security accreditation and compliance status of the Trust with legislation, NHS DSP Toolkit, Cyber Essentials, best practice and similar.

• Lead the management of information security and risk factors related to digital infrastructure and services in partnership with clinical and corporate governance colleagues. Act as the central point of contact on cyber/IT security issues both internally and for external organisations. Work with stakeholders to facilitate due diligence and cyber risk assessments, identifying acceptable levels of residual risk.
• Define cyber security digital/IT standards, complying with relevant NHS national standards & best practice, and ensure existing and new systems comply with such standards.
• Manage the development and implementation of cyber security policies and annual work programmes to ensure all information assets of the Trust are appropriately protected.
• Promote a culture of information security and risk appetite awareness across the Trust, ensuring appropriate levels of knowledge exist.
• Monitor the external environment for emerging threats and implement appropriate measures to minimise resulting risk to the Trust.
• Ensure networks, systems and data stores are secure and make recommendations for increased security as appropriate; implement appropriate vulnerability and threat analysis systems.
• Ensure arrangements for on-boarding of new technology & solutions to operational service include appropriate cyber/IT security due diligence checks, reviews and risk assessment. Monitor compliance and report deviations.
• Assess the cyber security impact and implications of incidents, events and custom & practice. Undertake risk analysis, prepare risk treatment plans and report as appropriate.
• Provide expert technical and professional advice and guidance in the effective use of cyber security measures.
• Develop operational cyber security services and specify security controls to provide efficient, integrated and customer-aware services for all clients.
• Ensure that all operational cyber security services are provided and managed to deliver an efficient and secure environment.
• Ensure that routine maintenance and remedial work upon cyber security services does not adversely impact the availability of business critical systems.
• Implement and manage change and release management processes, meeting industry standards as defined by ITIL, for use by all stakeholders internally and externally.
• Act as incident, change and release manager in assessing, approving or rejecting changes to the live environments where change poses an unmanageable risk to operational service.
• Ensure patching schedules are maintained and completed.

Personal Qualities

Essential

• Tenacity: demonstrates high levels of self-belief, drive, enthusiasm and stamina to achieve goals and see things through.
• Ability to motivate, inspire and provide innovative solutions.
• Excellent judgement.
• Ability to achieve consistently good results in an inclusive and collaborative manner.
• Ability to work effectively in a complex and changing environment.
• Ability to work under pressure to demanding timetables.
• Understands the need to deliver short-term priorities and achieve long-term goals (sense of balance).
• High degree of political awareness.
• Displays innovative and lateral thinking.
• Prepared to work flexibly.
• High degree of self-awareness.
• Ability to maintain confidence, at all times.
• High levels of personal integrity and loyalty.
• Intellectual flexibility that enables the reasoned assessment of a situation and the ability to draw pragmatic conclusions.
• Ability to broad scan to keep abreast of developments in the digital technology sector.
• Service orientated & customer focused.
• Ability to deal with confidential issues in a professional and sensitive manner.

Qualifications

Essential

• Educated to Degree level or equivalent qualification/experience.
• Post Graduate Qualification or equivalent.
• Evidence of continuing professional development including management studies to masters level or above or equivalent experience.
• Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent.
• Project management qualification, PRINCE2 or equivalent.
• ITIL Foundation & ITIL Practitioner Certificates.

Desirable

• Technical accreditations (e.g. Microsoft Certified Systems Engineer (MCSE), Cisco Certified Network Associate (CCNA), Certified Virtualisation Expert (CVE) or Citrix Certified Architect (CCA)).
• Professional registration (BCS, IET, UKCHIP).
• ITIL Expert level qualification.

Experience

Essential

• Knowledge & experience of relevant legislation, standards and best practice (including Data Protection Act/GDPR, NIS Regulations, NHSnet code of connection & DSP Toolkit, Cyber Essentials, ISO 27001, NCSC & ICO standards & recommendations, etc.).
• Significant experience working on both strategic & operational matters and managing digital services, at a senior level, preferably in the public sector.
• Significant experience in delivering and managing information security within large organisations (preferably within the NHS).
• Proven experience in building and managing a cyber/IT security (SOC) delivery function (preferably in an NHS environment).
• Significant professional experience of providing operational cyber/IT security services.
• Proven experience managing major cyber/IT security incidents (preferably in an NHS environment) including root cause analysis, applying lessons learned, audit, annual tests and round table events.
• Experience of developing and implementing digital & cyber security strategies, development programmes and business cases.
• Experience of leadership of complex digital/IT operational change/project management while also developing and maintaining high standards of quality.
• Experience of ITIL based operational IT service delivery leadership.
• Demonstrable success in building, leading, motivating and developing multi-disciplinary teams as highly effective people manager.
• Proven experience of effective performance and budgetary management and control including achieving annual targets on a regular basis.
• Sufficient knowledge of NHS/Government policies, strategies and organisational relationships in relation to digital, IT and public service developments, to be able to advise client organisation Boards and develop proposals for the IT Department to respond to corporate needs.

Desirable

• Knowledge & experience of a variety of technology platforms (e.g. server virtualisation, datacentres, desktop virtualisation, client-server architecture, data networking, TCP/IP & internet, cloud services & solutions, messaging, Storage Area Networks, security and mobility).
• Experience of operational IT delivery in an ITIL environment.
• Knowledge and understanding of the current and developing strategic digital requirements of an NHS Trust.

Skills

Essential

• Strong and effective leadership and people management skills.
• Strong influencing, persuasion and negotiating skills to gain agreement from multiple stakeholders.
• Highly developed verbal and written communication and presentation skills suitable for a range of audiences, including chairing of meetings.
• Ability to work with and through others.
• Able to clearly manage priorities for self, staff and teams in order to meet targets.
• Ability to perform well under pressure and manage unpredictable workload with conflicting priorities.
• Quality focused with an innovative approach and ability to solve complex problems.
• Ability to develop effect networks and work collaboratively with internal and external partners.
• Ability to critically analyse highly complex data sets.
• Well-developed skills to manage and report on complex performance management information.
• Personal Resilience.
• Ability to demonstrate pragmatism and understanding of how to implement information security principles to best effect and outcome.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).