Job summary
We are looking for an experienced Cyber Security Specialist who can be instrumental in delivering the Information Security and Cyber Security agenda in the Trust and with the wider Devon ICS. This opportunity has arisen due to the previous postholder advancing in their career.
As the Chief Information Security Officer (CISO), you would lead the services Cyber Security Team and be a technical expert on Cyber Security matters. You will oversee and assure on the delivery of the Trust Cyber Security policy by working with Trust Care Groups, Corporate Departments, Clinical Users and partner organisations as well as within the Service. You would lead on work within the Integrated Care System to ensure that the Trust is aligned with other Trust's ways of working and best practice.
As CISO you will provide specialist Information Security and Cyber Security advice, in accordance with national, regional and local Trust Cyber Security Policies. As well as providing progress and assurance reports to the Chief Information Officer; Senior Information Risk Owner; Trust Committee's and Trust Board.
To view more information on this role, please click on the attached Advert Page Tiger document.
Main duties of the job
As CISO you would be joining our Digital & Innovation (D&I) Services Team. The team are key in supporting the delivery of the Trust's Vision and Strategies. D&I Services provide Digital support and services to approximately 11,000 users across multiple organisations in the Plymouth Health Community such as UHP and the following partner organisations: Livewell Southwest; Harbour Drug & Alcohol Services; Southwest Medical Defence Group.
- To act as the designated specialist on information/cyber security for University Hospitals Plymouth NHS Trust and its customers to provide an expert specialist advice service, in accordance with national, regional and local IM&T/cyber security policies.
- In addition the post holder will be expected to work with and have access to Chief Executive Officers and Senior Managers should a significant security breach occur.
- To identify areas in which UHP and its customers are inadequately covered by IT security policies and procedures and, in consultation with IT specialists, data protection, information governance and security leads, develop new policies and procedures to cover these areas. Support senior managers in presenting these to the relevant Boards or other approval bodies.
About us
We are a people business - where every member of staff matters and can make a difference. Patients are at the heart of everything we do. Joining University Hospitals Plymouth NHS Trust means becoming part of a team of dedicated staff, who are committed to leading the way through innovation, clinical excellence and great customer care. The Trust has great opportunities for career development in a highly progressive working environment. We offer all of this in a vibrant, modern city with a historic reputation for adventure. PLEASE NOTE THAT ALL COMMUNICATION WILL BE ELECTRONIC, PLEASE CHECK YOUR EMAIL ACCOUNT REGULARLY. If you have any issues with applying online and need additional support including reasonable adjustments with the application process please contact the recruitment team on 01752 432100. We recognise that work life balance is important for our colleagues and so we invite requests from applicants around less than full time/flexible working for our advertised roles. Please contact the recruiting manager to discuss this prior to your application submission. We commit to giving this full consideration in each case. We encourage people from diverse backgrounds to apply for our roles, as diversity strengthens our teams. It is sometimes necessary to close vacancies before the closing date. If you have not heard from us within 4 weeks of the closing date, please assume that you have not been shortlisted.
Job description
Job responsibilities
Freedom to take actions as the lead specialist, based on own interpretation of security policy, to conduct complex investigations into suspected or actual breaches of security and provide formal written reports advising how legislation and or policy should be interpreted directly to the relevant Senior Information Risk Owner or identified person for the organisation affected. These cases could lead to disciplinary action being taken against staff
- Liaise with senior managers of stakeholder organisations, NHS cyber security teams, the Counter Fraud Service, the Police and external organisations, as required, when investigating incidents.
- Monitoring and managing all IT security breaches taking remedial action to prevent recurrence, reporting, analysing and reducing the impact and volumes of all security inciden
- Investigations into abuse of IT services such as internet and email may occasionally expose the post holder to distressing images and require the post holder to act as a professional witness in disciplinary hearings etc.
- The alignment of IT security with legislative, NHS and business security requirements and those agreed with customers
- Identification and management of security risks ensuring that IT Services maintains compliance in line with the overall SCW corporate governance framework, designing and maintaining appropriate security controls and security plans with procedures for their operation and maintenance
- Management of the overall IT security agenda in support of overall
- UHP & LSW corporate governance plans
- Management of IT security training, awareness and communications
- Identifying and classifying IT assets and the level of control and protection required.
- Assisting with Business Impact Analyses
- Performing regular and ad hoc security tests
- Ensuring that the confidentiality, integrity and availability of IT services are maintained
- Ensuring that all access to services by external partners and suppliers is subject to contractual agreements and responsibilities.
For further details, please see the attached JD
Job description
Job responsibilities
Freedom to take actions as the lead specialist, based on own interpretation of security policy, to conduct complex investigations into suspected or actual breaches of security and provide formal written reports advising how legislation and or policy should be interpreted directly to the relevant Senior Information Risk Owner or identified person for the organisation affected. These cases could lead to disciplinary action being taken against staff
- Liaise with senior managers of stakeholder organisations, NHS cyber security teams, the Counter Fraud Service, the Police and external organisations, as required, when investigating incidents.
- Monitoring and managing all IT security breaches taking remedial action to prevent recurrence, reporting, analysing and reducing the impact and volumes of all security inciden
- Investigations into abuse of IT services such as internet and email may occasionally expose the post holder to distressing images and require the post holder to act as a professional witness in disciplinary hearings etc.
- The alignment of IT security with legislative, NHS and business security requirements and those agreed with customers
- Identification and management of security risks ensuring that IT Services maintains compliance in line with the overall SCW corporate governance framework, designing and maintaining appropriate security controls and security plans with procedures for their operation and maintenance
- Management of the overall IT security agenda in support of overall
- UHP & LSW corporate governance plans
- Management of IT security training, awareness and communications
- Identifying and classifying IT assets and the level of control and protection required.
- Assisting with Business Impact Analyses
- Performing regular and ad hoc security tests
- Ensuring that the confidentiality, integrity and availability of IT services are maintained
- Ensuring that all access to services by external partners and suppliers is subject to contractual agreements and responsibilities.
For further details, please see the attached JD
Person Specification
Knowledge & Experience
Essential
- Proven evidence of post qualifying and continuing professional development
- Must have an understanding of the background to and aims of current healthcare policy and appreciate the implications of this on engagement
- Should have an appreciation of the relationship between the Department of Health and Social Care, NHSx's, the Integrated Care Service and individual provider organisations
- Significant demonstrable experience of successful operation in a political sensitive environment
- Member of the relevant professional body
- Demonstrable experience of managing risks and reporting
- Demonstrable experience of monitoring budgets and business planning processes
- Understanding of the public sector
- Demonstrable experience in a Healthcare environment
- Detailed proven knowledge of security, governance, implementation for both on premise & cloud-based technologies
- Proven knowledge and understanding of Freedom of Information Act (2000)
- Proven knowledge and understanding of Data Protection Act/General Data Protection Regulations (2018)
- Proven knowledge of Service Management and Service Delivery principles, specifically demonstrable experience of working in an ITIL complaint organisation and working with an ITIL complaint operating model
- Significant demonstrable experience of working in, or managing, an IT Security function
- Working proven knowledge of Microsoft Office with intermediate keyboard skills
Qualifications
Essential
- Educated to master's level or equivalent demonstrable experience of working at a senior level in specialist area
- Extensive proven knowledge of specialist areas, acquired through post graduate diploma or equivalent demonstrable experience or training plus further specialist proven knowledge or demonstrable experience to master's level equivalent
- CISSP qualified, or equivalent Information Security qualification
- Management qualification or significant relevant demonstrable experience
- Understanding of ISO27001
Desirable
- Project management qualification (e.g., PRINCE 2)
Aptitude & Abilities
Essential
- Must be able to prioritise own work effectively and be able to direct activities of others
- Demonstrable experience of managing and motivating a team and reviewing performance of the individuals
Person Specification
Knowledge & Experience
Essential
- Proven evidence of post qualifying and continuing professional development
- Must have an understanding of the background to and aims of current healthcare policy and appreciate the implications of this on engagement
- Should have an appreciation of the relationship between the Department of Health and Social Care, NHSx's, the Integrated Care Service and individual provider organisations
- Significant demonstrable experience of successful operation in a political sensitive environment
- Member of the relevant professional body
- Demonstrable experience of managing risks and reporting
- Demonstrable experience of monitoring budgets and business planning processes
- Understanding of the public sector
- Demonstrable experience in a Healthcare environment
- Detailed proven knowledge of security, governance, implementation for both on premise & cloud-based technologies
- Proven knowledge and understanding of Freedom of Information Act (2000)
- Proven knowledge and understanding of Data Protection Act/General Data Protection Regulations (2018)
- Proven knowledge of Service Management and Service Delivery principles, specifically demonstrable experience of working in an ITIL complaint organisation and working with an ITIL complaint operating model
- Significant demonstrable experience of working in, or managing, an IT Security function
- Working proven knowledge of Microsoft Office with intermediate keyboard skills
Qualifications
Essential
- Educated to master's level or equivalent demonstrable experience of working at a senior level in specialist area
- Extensive proven knowledge of specialist areas, acquired through post graduate diploma or equivalent demonstrable experience or training plus further specialist proven knowledge or demonstrable experience to master's level equivalent
- CISSP qualified, or equivalent Information Security qualification
- Management qualification or significant relevant demonstrable experience
- Understanding of ISO27001
Desirable
- Project management qualification (e.g., PRINCE 2)
Aptitude & Abilities
Essential
- Must be able to prioritise own work effectively and be able to direct activities of others
- Demonstrable experience of managing and motivating a team and reviewing performance of the individuals
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
