Job summary
An exciting opportunity has opened up for a Head of Cyber Risk and Assurance to join us.
The Head of Cyber Security, Risk & Compliance serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and patient information in compliance with the Trust's information security policies.
A key element of the role is working with executive management to determine acceptable levels of risk for the Trust. This position is responsible for establishing and maintaining an information security management programme to ensure that information assets are adequately protected.
The role holder, leads and owns the Trust's information security / Cyber strategy; drives and owns the Trust's information security / Cyber posture, using a risk-based approach; and takes a comprehensive approach to information security. The role manages the information and technology risk to the Trust's IT facilities and information from internal and external threats; advises the Trust at a strategic level on existing and emerging threats; and owns and develops the necessary IT security policies, standards, and procedures.
Main duties of the job
- Leadership of the information security / Cyber governance function across the Trust, working closely with the Head of Cyber Security Operations and the Trust Data Privacy Officer to ensure that a comprehensive approach to policy-setting is effectively implemented in all aspects of Trust activity.
- The post holder will have experience in the provision of robust governance and assurance services across the entire IT security portfolio of activities. The post holder will have excellent stakeholder and communication skills. They will be able to lead a team to create a network of relationships necessary in the delivery of Cyber security, including partners such as NHSE, GM Region and the ICS
- Development of an information security / cyber vision and strategy that is aligned to Trust priorities and enables and facilitates the organisation's objectives, and ensures senior stakeholder buy-in and mandate.
- Implementation and monitoring of a strategic, comprehensive information security cyber program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed.
- Development, communication and implementation of Trust-wide information security / cyber policies, ensuring consistent application of policies and standards, including privacy, risk management, compliance and business continuity management.
- Maintenance of said strategy, policy and control framework documentation.
About us
The Northern Care Alliance NHS Foundation Trust (NCA) provides hospital and integrated health and social care services to over one million people living across Greater Manchester. Our 20,000 colleagues care for people in hospital and in the community, working across Bury, Rochdale, Oldham and Salford, to save and improve lives.
As a large NHS trust we are committed to enhancing the health of our local population by delivering consistently high standards of care and working closely with local authorities and key partners. We believe in our power and potential to make a difference and we're always looking for people who demonstrate our three core values - care, appreciate and inspire - to join our team.
In return, we can offer you a job role with purpose and flexibility. The size and scale of the NCA means we can provide more challenge and opportunities so your career can always be moving in the right direction. By joining us you can also access a competitive benefits package, including, a fantastic annual leave allowance, flexible working opportunities and protected hours for health and wellbeing activities, helping you to achieve more personal downtime and a better work-life balance.
Job description
Job responsibilities
To read more information about the advertised role, and the main job duties/responsibilities please open the Job Description and Person Specification located under the supporting documents heading. You can also read more information about working at the Northern Care Alliance within the attached Candidate Information Pack or by visiting our careers website:www.careers.northerncarealliance.nhs.uk
Job description
Job responsibilities
To read more information about the advertised role, and the main job duties/responsibilities please open the Job Description and Person Specification located under the supporting documents heading. You can also read more information about working at the Northern Care Alliance within the attached Candidate Information Pack or by visiting our careers website:www.careers.northerncarealliance.nhs.uk
Person Specification
Qualifications
Essential
- Educated to a minimum of Master's degree level, or equivalent post graduate qualification
- Degree level or equivalent qualification specifically in IT/Informatics
- Evidence of management development through Continuous Professional Development and/or formal management course
Desirable
- Specialist training in areas such as: Cyber Security, Risk Management,PRINCE2 or MSP
Professional Registration
Desirable
- Relevant professional body registration (CISSP / CISM)
Knowledge
Essential
- A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies
- Proficiency in developing physical and digital security protocols and procedures
- Proven track record of leadership
- Evidence of developing teams/others
- Demonstrable track record in delivering complex targets and objectives to tight deadlines
- Experience of motivating and inspiring staff managed directly and indirectly to work together to achieve a common objective
Skills
Essential
- Highly developed specialist knowledge and experience of managing Information Security acquired over a significant period
- Significant knowledge and experience of applying budgeting, benefits tracking and demand management principles to both capital and revenue allocations
- Significant knowledge and understanding of the NHS, including the political, strategic and operational environment in which it operates
- Significant knowledge and experience of risk management
- Demonstrates significant level of communication skills
- Ability to work to agreed goals, in a self-directed and professional manner
- Organisation and time management skills to manage and deliver a range of multiple tasks and projects to tight deadlines
- Ability to engage and influence and persuade a broad range of individuals and professional groups at all levels of seniority
- Proactive, creative and flexible approach to identifying and taking forward opportunities, shaping new ideas and partnerships
Desirable
- Knowledge and experience of Capital planning
Person Specification
Qualifications
Essential
- Educated to a minimum of Master's degree level, or equivalent post graduate qualification
- Degree level or equivalent qualification specifically in IT/Informatics
- Evidence of management development through Continuous Professional Development and/or formal management course
Desirable
- Specialist training in areas such as: Cyber Security, Risk Management,PRINCE2 or MSP
Professional Registration
Desirable
- Relevant professional body registration (CISSP / CISM)
Knowledge
Essential
- A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies
- Proficiency in developing physical and digital security protocols and procedures
- Proven track record of leadership
- Evidence of developing teams/others
- Demonstrable track record in delivering complex targets and objectives to tight deadlines
- Experience of motivating and inspiring staff managed directly and indirectly to work together to achieve a common objective
Skills
Essential
- Highly developed specialist knowledge and experience of managing Information Security acquired over a significant period
- Significant knowledge and experience of applying budgeting, benefits tracking and demand management principles to both capital and revenue allocations
- Significant knowledge and understanding of the NHS, including the political, strategic and operational environment in which it operates
- Significant knowledge and experience of risk management
- Demonstrates significant level of communication skills
- Ability to work to agreed goals, in a self-directed and professional manner
- Organisation and time management skills to manage and deliver a range of multiple tasks and projects to tight deadlines
- Ability to engage and influence and persuade a broad range of individuals and professional groups at all levels of seniority
- Proactive, creative and flexible approach to identifying and taking forward opportunities, shaping new ideas and partnerships
Desirable
- Knowledge and experience of Capital planning
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
UK Registration
Applicants must have current UK professional registration. For further information please see
NHS Careers website (opens in a new window).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
UK Registration
Applicants must have current UK professional registration. For further information please see
NHS Careers website (opens in a new window).