Job summary
This role will be primarily responsible for supporting the Trust in improving the Trust's cyber security posture and reducing the risk of impact from a cyber security incident. Ultimately, this role's aim is to help the Trust to protect the data and services that our patients depend on.
The specific responsibilities of the role will include ensuring that appropriate cyber controls are embedded within Trust services and systems, and that patient services and systems can be safely and securely operated in alignment with Trust policy and standards.
The post holder will build relationships across the Trust and more broadly across the health and care system, including with DT&i colleagues, clinical Strategic Business Units, key IT suppliers and Internal Audit, and will be frequently called upon to explain the security-preparedness and cyber risk environment to Trust management and to key stakeholders.
Main duties of the job
The post holder will be responsible for ensuring that cyber risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards.
This will include responsibility for qualifying and reporting on key Trust cyber risks and risk mitigation actions required to improve the Trust's cyber risk posture and to empower the Trust to deliver excellent standards of patient care. The post holder will work closely with internal business units, DT&i colleagues, key IT systems suppliers and Internal Audit.
The work will be mainly based in the Trust's locations in central London with some travel to third party sites as necessary.
The main duties of the job are:
- Maintain the Trusts Information Security Policy Framework and Standards.
- Management of Risk and Compliance.
- Provide assurance on Information Security and Cyber Security arrangements at the Trust and Third Parties.
- Ensure remediation and improvement activities are planned and tracked through service management and delivery processes.
About us
The Trust is part of King's Health Partners Academic Health Sciences Centre (AHSC), a pioneering collaboration between one of the world's leading research-led universities and three of London's most successful NHS Foundation Trusts. The Digital, Technology and Information directorate .
Information Security Team
The Information security team consists of the Head of Information Security and Risk, Information Security Manager, Cyber Security Risk Manager, and two Information Security Analysts. The Team work closely with our Cyber Security Operations Team and the Trusts Information Governance Team.
Training Opportunities
As part of one of the largest and most engaged workforces in the NHS you'll have access to our unrivalled training and development programmes.
We want the best people tojoin us,learn with usandgrow with us, We are committed to fostering a supportive and inclusive culture where you can advance and be your best.
Job description
Job responsibilities
Risk, Compliance and Assurance
- Protect and assure patient data and services against cyber and information security risk, undertake security architecture review with stakeholders while enabling security by design in the delivery of new patient services and systems
- Ensure that cyber and information risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards
- Identify, qualify and track key cyber and information security risks to Trust systems and data, and determine suitable risk controls to mitigate identified risks
- Monitor, assess and qualify vulnerabilities and known cyber threats and alerts and prioritise and drive remediation, working in collaboration with the Trusts cyber operational team and with wider Trust colleagues
- Conduct a schedule of security vulnerability and penetration tests for Trust systems and drive and coordinate remediation of identified vulnerabilities
- Coordinate management of major cyber incidents and investigations.
- Assist with developing and driving adoption of the Trusts cyber security strategy, policy, standards and procedures, in alignment with Trust strategic objectives and with legal and NHS Digital requirements for cyber security and data protection
- Collaborate with business, programme and project managers, IT partners and key decision makers to ensure that appropriate cyber security controls are deployed and operated to time and budget
- Assist with the development and delivery of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements in cyber capability and maturity
- Contribute to the development of commercially acceptable business cases and propositions for Cyber Security investment which balance cyber security risk control with accessibility, usability and cost considerations
- Assist with providing the formal annual response to the cyber security compliance elements of the NHS Digital Data Security & Protection Toolkit
- Assist with developing and driving adoption of the Trust cyber security risk and assurance framework
- Provide guidance to the Trust in response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals
- Provide guidance to the Trust on the achievement of requirements of national cyber security standards and legislation, including the NHS Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems
- Monitor and audit Trust processes to identify gaps or weaknesses in current policy and practice, for manual and or electronic systems. Ensure all recommendations are implemented to deliver a continuous improvement in Trust service delivery
- Contribute to the development of the annual audit programme working with the Trusts Internal Audit department and external auditors
- Support Trust cyber initiatives through regular briefings and reports on cyber risk posture, action planning, and compliance with required standards
- Provide colleague education and awareness on cyber threat and how to safely respond to cyber incidents
- Ensure that cyber security considerations are effectively raised and addressed within appropriate IT and business management forums
- Contribute to setting objectives for the Information Security Analyst team, monitoring performance to assure delivery of the cyber security work programme
- Contribute to and develop the skills and foster the career paths for the Information Security Analyst team
- Deputise for the Information Security Manager and supervise and provide day to day line-management of the team as required, including dealing with a range of staffing issues such as capability, disciplinary, grievance, absence etc.; Assign relevant work tasks where required
- Mentor and support junior staff, encouraging staff development and cross- team working.
Job description
Job responsibilities
Risk, Compliance and Assurance
- Protect and assure patient data and services against cyber and information security risk, undertake security architecture review with stakeholders while enabling security by design in the delivery of new patient services and systems
- Ensure that cyber and information risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards
- Identify, qualify and track key cyber and information security risks to Trust systems and data, and determine suitable risk controls to mitigate identified risks
- Monitor, assess and qualify vulnerabilities and known cyber threats and alerts and prioritise and drive remediation, working in collaboration with the Trusts cyber operational team and with wider Trust colleagues
- Conduct a schedule of security vulnerability and penetration tests for Trust systems and drive and coordinate remediation of identified vulnerabilities
- Coordinate management of major cyber incidents and investigations.
- Assist with developing and driving adoption of the Trusts cyber security strategy, policy, standards and procedures, in alignment with Trust strategic objectives and with legal and NHS Digital requirements for cyber security and data protection
- Collaborate with business, programme and project managers, IT partners and key decision makers to ensure that appropriate cyber security controls are deployed and operated to time and budget
- Assist with the development and delivery of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements in cyber capability and maturity
- Contribute to the development of commercially acceptable business cases and propositions for Cyber Security investment which balance cyber security risk control with accessibility, usability and cost considerations
- Assist with providing the formal annual response to the cyber security compliance elements of the NHS Digital Data Security & Protection Toolkit
- Assist with developing and driving adoption of the Trust cyber security risk and assurance framework
- Provide guidance to the Trust in response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals
- Provide guidance to the Trust on the achievement of requirements of national cyber security standards and legislation, including the NHS Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems
- Monitor and audit Trust processes to identify gaps or weaknesses in current policy and practice, for manual and or electronic systems. Ensure all recommendations are implemented to deliver a continuous improvement in Trust service delivery
- Contribute to the development of the annual audit programme working with the Trusts Internal Audit department and external auditors
- Support Trust cyber initiatives through regular briefings and reports on cyber risk posture, action planning, and compliance with required standards
- Provide colleague education and awareness on cyber threat and how to safely respond to cyber incidents
- Ensure that cyber security considerations are effectively raised and addressed within appropriate IT and business management forums
- Contribute to setting objectives for the Information Security Analyst team, monitoring performance to assure delivery of the cyber security work programme
- Contribute to and develop the skills and foster the career paths for the Information Security Analyst team
- Deputise for the Information Security Manager and supervise and provide day to day line-management of the team as required, including dealing with a range of staffing issues such as capability, disciplinary, grievance, absence etc.; Assign relevant work tasks where required
- Mentor and support junior staff, encouraging staff development and cross- team working.
Person Specification
Qualifications and Experience
Essential
- Qualifications - Degree Level - IS/Cyber Security
- Experience 5yrs >
- Holds a relevant professional (SME) qualification
Skills and Abilities
Essential
- Demonstrates Skills and Abilities required for the role
- Demonstrates good interpersonal skills
- Demonstrates Knowledge and alignment to Trust values and behaviours
Teamwork
Essential
- Candidate exhibits attributes that are a good fit with the team.
Person Specification
Qualifications and Experience
Essential
- Qualifications - Degree Level - IS/Cyber Security
- Experience 5yrs >
- Holds a relevant professional (SME) qualification
Skills and Abilities
Essential
- Demonstrates Skills and Abilities required for the role
- Demonstrates good interpersonal skills
- Demonstrates Knowledge and alignment to Trust values and behaviours
Teamwork
Essential
- Candidate exhibits attributes that are a good fit with the team.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
