King's College Hospital NHS Foundation Trust

ICT Head of Cyber Security

Information:

This job is now closed

Job summary

The ICT Head of Cyber Security will act as the Trust's expert on cyber security protection, detection, response, and recovery. The ICT Head of Cyber Security will be responsible for the strategic approach to cyber threat management, the strategic planning of current and future IT security solutions. The post holder will manage, support and develop the Trust cyber security team.

The ICT Head of Cyber Security will own and be responsible for the completion of parts of the Data Security Assessment Toolkit in relation to ICT cyber security obligations in addition to working towards and maintaining Cyber Essentials Plus and ISO27001 certification. The post holder will work closely with a range of ICT departments, plus key stake holders in the Trust such as the Head of IG, the Trust SIRO and the Trust Information governance committee. Close working relationship with other Trusts and external organisations will be required.

Please note advert may close early if we receive suitable applicants before the closing date.

Main duties of the job

Lead the strategic planning of current and future IT security solutions, researching and reviewing recognised best practice and upcoming changes to technology.

Define and agree an appropriate target security structure with key stakeholders giving due regard to risks threats and vulnerabilities.

Maintaining compliance with various standards in place e.g. Data Security and Protection Toolkit, CareCERT, Cyber Essentials+, Network and Information Systems Regulations etc. ISO 27001

Act as the Trusts advisor on cyber security protection, detection, response and recovery.

Develop and advise in the implementation of policies, procedures and guidance documentation.

Provide advice to the ICT senior leaders group to influence the creation of a robust IT security service across the ICT department and its application estate.

Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence.

Work in conjunction with the Technical teams to maintain all security tools and technology used in the department

Undertake scoping and delivery of penetration tests and ensure actions from vulnerability assessments are resolved

Supporting wider IT functions in the evaluation and implementation of new technology and controls

Defining and documenting a security incident response program

Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements.

About us

King's College Hospital NHS Foundation Trust is one of the UK's largest and busiest teaching Trusts with a turnover of c£1 billion, 1.5 million patient contacts a year and more than 15,000 staff based across South East London. The Trust provides a full range of local and specialist services across its five sites. The trust-wide strategy of Strong Roots, Global Reachis our Vision to be BOLD, Brilliant people, Outstanding care, Leaders in Research, Innovation and Education, Diversity, Equality and Inclusion at the heart of everything we do. By being person-centred, digitally-enabled, and focused on sustainability, we aim to take Team King's to another level.

We are at a pivotal point in our history and we require individuals who are ready to join a highly professional team and make a real, lasting difference to our patients and our people.

King's is committed to delivering Sustainable Healthcare for All via our Green Plan. In line with national Greener NHS ambitions, we have set net zero carbon targets of 2040 for our NHS Carbon Footprint and 2045 for our NHS Carbon Footprint Plus. Everyone's contribution is required in order to meet the goals set out in our Green Plan and we encourage all staff to work responsibly, minimising their contributions to the Trust's carbon emissions, waste and pollution wherever possible.

Details

Date posted

26 May 2023

Pay scheme

Agenda for change

Band

Band 8b

Salary

£66,718 to £76,271 a year inc HCA

Contract

Permanent

Working pattern

Full-time

Reference number

213-CORP-6414

Job locations

Denmark Hill

London

SE5 9RS


Job description

Job responsibilities

Policy and Service Development

  • Maintain, update and implement Trust policies in scope of the ICT department covering all aspects of information security and Cyber activities.
  • Draft, develop, implement and maintain a portfolio of polices relating to all aspects of Cyber Security within ICT.
  • Ensure compliance with Trust policy and procedures are fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums.
  • Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live.
  • Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures
  • Identify, propose and implement any changes to practices, procedures required in departmental and user environment to improve service levels.
  • Ensuring that all cyber security risks are updated and managed via the Trust risk and issues process

Financial and Physical Resources

  • Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure.
  • Advise departments on the security of IT equipment.
  • Monitor and advice on software licence compliance in association with the Software Asset Manager.
  • Advice and guidance on the purchase of IT security equipment.
  • Exercise duty of care when using Trust equipment i.e. computers and software.
  • Advise ICT senior leaders group on the most cost effective method for maintaining the integrity and security of data and equipment.

Research and Development

  • Regularly researches into security developments and requirements, linking into national forums and support from the National Cyber security Centre.
  • Regularly researches Virus and security alerts provided by NHS information security service.
  • Keeping up to date with developments in IT Infrastructure and related technologies.
  • Contribute to the ICT Cyber security approach and strategy.
  • To undertake surveys and compliance audits determined by legislation and national guidelines, using both on-line and developed information systems when necessary, to ascertain scores against the standards.

Staff Management

Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.

  • Line management of the technical staff within the cyber security team. Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.
  • Ensure the team is compliance with all statutory, mandatory training together with any professional training requirements, ensuring they are up to date and fully compliant.
  • Manage team absences including sickness in line with Trust policy ensuring the appropriate return to work meetings occur, e-roster is updated and productivity is at keep to the highest possible level.
  • Identify and fill any vacancies that arise within the team in line with the Trusts recruitment policy and process.
  • Identify talent and support the internal talent management process in order attract and retain and succession plan for your people. Participate in a combination of knowledge transfer and training initiatives to support both personal development and service enhancement.
  • Review skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up to date.
  • Ensure overall wellbeing of the team is maintained. Continuously support in improving the morale of the team and implementing a culture of zero-tolerance for bullying and harassment.
  • Ensuring performance issues are dealt with in an appropriate and timely manner and follow the Trust's Disciplinary or Performance Procedures where formal action is necessary.
  • Ensuring that working practice complies with the Trust's policies and procedures for Data Protection, Confidentiality and Health and Safety ensuring the environment in which you and your staff work is safe, clean and tidy
  • Observing and continually promoting equal opportunities in compliance with the Trust's policies and values.
  • Developing team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure.
  • Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.

Job description

Job responsibilities

Policy and Service Development

  • Maintain, update and implement Trust policies in scope of the ICT department covering all aspects of information security and Cyber activities.
  • Draft, develop, implement and maintain a portfolio of polices relating to all aspects of Cyber Security within ICT.
  • Ensure compliance with Trust policy and procedures are fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums.
  • Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live.
  • Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures
  • Identify, propose and implement any changes to practices, procedures required in departmental and user environment to improve service levels.
  • Ensuring that all cyber security risks are updated and managed via the Trust risk and issues process

Financial and Physical Resources

  • Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure.
  • Advise departments on the security of IT equipment.
  • Monitor and advice on software licence compliance in association with the Software Asset Manager.
  • Advice and guidance on the purchase of IT security equipment.
  • Exercise duty of care when using Trust equipment i.e. computers and software.
  • Advise ICT senior leaders group on the most cost effective method for maintaining the integrity and security of data and equipment.

Research and Development

  • Regularly researches into security developments and requirements, linking into national forums and support from the National Cyber security Centre.
  • Regularly researches Virus and security alerts provided by NHS information security service.
  • Keeping up to date with developments in IT Infrastructure and related technologies.
  • Contribute to the ICT Cyber security approach and strategy.
  • To undertake surveys and compliance audits determined by legislation and national guidelines, using both on-line and developed information systems when necessary, to ascertain scores against the standards.

Staff Management

Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.

  • Line management of the technical staff within the cyber security team. Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.
  • Ensure the team is compliance with all statutory, mandatory training together with any professional training requirements, ensuring they are up to date and fully compliant.
  • Manage team absences including sickness in line with Trust policy ensuring the appropriate return to work meetings occur, e-roster is updated and productivity is at keep to the highest possible level.
  • Identify and fill any vacancies that arise within the team in line with the Trusts recruitment policy and process.
  • Identify talent and support the internal talent management process in order attract and retain and succession plan for your people. Participate in a combination of knowledge transfer and training initiatives to support both personal development and service enhancement.
  • Review skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up to date.
  • Ensure overall wellbeing of the team is maintained. Continuously support in improving the morale of the team and implementing a culture of zero-tolerance for bullying and harassment.
  • Ensuring performance issues are dealt with in an appropriate and timely manner and follow the Trust's Disciplinary or Performance Procedures where formal action is necessary.
  • Ensuring that working practice complies with the Trust's policies and procedures for Data Protection, Confidentiality and Health and Safety ensuring the environment in which you and your staff work is safe, clean and tidy
  • Observing and continually promoting equal opportunities in compliance with the Trust's policies and values.
  • Developing team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure.
  • Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.

Person Specification

Education and Qualifications

Essential

  • Educated to Degree Level or significant Cyber Security Experience plus Masters Level or equivalent experience.
  • Hold and retain a security industry recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP).

Desirable

  • ITIL Foundation; Prince 2 Foundation; Knowledge of the full product development lifecycle

Knowledge and Experience

Essential

  • Broad based technical knowledge covering all aspects of infrastructure from networking, end user devices through to servers and data centres.
  • Ability to converse fluently, logically and confidently with a wide range of levels of staff; possess good interpersonal and communication skills
  • Broad experience using a range of cyber security software and applications (Access control software, anti virus software, network monitoring tools, Microsoft security features, PAMs, internet monitoring tools, email monitoring tools)
  • Experience of working in an NHS cyber security regulatory environments or similar organisations
  • Staff management and development experience of complex technical teams.

Professional /Technical/Innovative Skills

Essential

  • Excellent communication, interpersonal and influencing skills.
Person Specification

Education and Qualifications

Essential

  • Educated to Degree Level or significant Cyber Security Experience plus Masters Level or equivalent experience.
  • Hold and retain a security industry recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP).

Desirable

  • ITIL Foundation; Prince 2 Foundation; Knowledge of the full product development lifecycle

Knowledge and Experience

Essential

  • Broad based technical knowledge covering all aspects of infrastructure from networking, end user devices through to servers and data centres.
  • Ability to converse fluently, logically and confidently with a wide range of levels of staff; possess good interpersonal and communication skills
  • Broad experience using a range of cyber security software and applications (Access control software, anti virus software, network monitoring tools, Microsoft security features, PAMs, internet monitoring tools, email monitoring tools)
  • Experience of working in an NHS cyber security regulatory environments or similar organisations
  • Staff management and development experience of complex technical teams.

Professional /Technical/Innovative Skills

Essential

  • Excellent communication, interpersonal and influencing skills.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

King's College Hospital NHS Foundation Trust

Address

Denmark Hill

London

SE5 9RS


Employer's website

https://www.kch.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

King's College Hospital NHS Foundation Trust

Address

Denmark Hill

London

SE5 9RS


Employer's website

https://www.kch.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Associate Partner – IT, Digital & Data

Theo Diejomaoh

theo@mlcpartners.co.uk

07377876245

Details

Date posted

26 May 2023

Pay scheme

Agenda for change

Band

Band 8b

Salary

£66,718 to £76,271 a year inc HCA

Contract

Permanent

Working pattern

Full-time

Reference number

213-CORP-6414

Job locations

Denmark Hill

London

SE5 9RS


Supporting documents

Privacy notice

King's College Hospital NHS Foundation Trust's privacy notice (opens in a new tab)