Liverpool University Hospitals NHS Foundation Trust

Technology Risk Assurance Manager

Information:

This job is now closed

Job summary

MIAA is the predominant provider of IT audit services to the NHS and public sector in the North West. With a client base of over 70 and the launch of our solutions and assurance brands we are continuing to grow at pace.We are looking for one qualified, enthusiastic and forward-thinking IT audit professionals who are ready to take the next steps in developing their IT audit career by joining our successful team.As a Technology Risk Assurance Manager, you will be involved in the identification and delivery of technology assurance needs of our NHS and public sector clients. The post holders will take responsibility for a portfolio of clients and / or workstreams and will personally deliver a range of assignments across the North West.

Based in one of our offices in the North West (Liverpool, Salford, Darwen or Chester) you will be earning up to £45,839 on NHS Band 7, within a flexible working environment and will have full support in your personal and professional development.

Main duties of the job

Working as part of a dynamic team, the successful candidates will take responsibility for the operational elements of client relationship management for a limited portfolio of audit plans and for performing a range of complex technical and risk based data protection and security audit assignments. Support the Senior Technology Risk Assurance audit managers to ensure audits are completed and reported to audit committees in line with client plans and expectations. Reporting to audit committees as required. Conclude on quality of all audit opinions produced for allocated clients and contribute to the drafting of Head of Internal Audit Opinion and Statement of Internal Control as required. Direct and supervise staff and contractors as required. The Technology Risk Assurance Auditors will be required to maintain knowledge and awareness of areas of emerging cyber threats, audit techniques and mitigating controls,key legislation and regulations applicable to data protection and security.

About us

Liverpool University Hospitals NHS Foundation Trust was created on 1 October 2019 following the merger of two adult acute Trusts, Aintree University Hospital NHS Foundation Trust and the Royal Liverpool and Broadgreen University Hospitals NHS Trust.

The merger provides an opportunity to reconfigure services in a way that provides the best healthcare services to the city and improves the quality of care and health outcomes that patients experience.

The Trust runs Aintree University Hospital, Broadgreen Hospital, Liverpool University Dental Hospital and the Royal Liverpool University Hospital.

It serves a core population of around 630,000 people across Merseyside as well as providing a range of highly specialist services to a catchment area of more than two million people in the North West region and beyond.

To hear more about our achievements click here https://www.liverpoolft.nhs.uk/media/13089/1606-annual-report-booklet_final.pdf

Details

Date posted

11 October 2021

Pay scheme

Agenda for change

Band

Band 7

Salary

£40,057 to £45,839 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

287-MIAA-29-21

Job locations

MIAA, Regatta Place,

Brunswick Business Park

Liverpool

L3 4BL


Job description

Job responsibilities

To take responsibility for the operational elements of client relationship management for a limited portfolio of audit plans including the personal conduct of complex assignments.

To conclude upon the quality of all audit opinions produced for allocated clients, contribute to the drafting of the Head of Internal Audit Opinion and Statements of Internal Control as required.

To direct and supervise staff and contractors to deliver the allocated audit plans on time, to budget and to quality standards.

To report to the Audit Committee as required.

To respond to a broad range of sensitive and complex queries from clients and staff.

Communication and the establishment of personal credibility at Board and other senior levels with the clients are central to the job. This is built upon the provision and receipt of routine, complex and sensitive information of a confidential nature. This will require tact and persuasion as well as a deep appreciation and understanding of complex client risks, NHS systems and existing guidance. Discussions with senior staff forms a substantial element of the job often concerning contentious and complicated technical, legal, and control and governance issues at a corporate level. Communication will involve negotiating with external agencies. The job involves significant involvement in persuading and negotiating the reasoning behind recommendations with senior staff, up to and including Board level, across a range of disciplines in order to arrive at an agreed position. Communication of audit findings and advice will be personally and principally delivered through attendance at Audit Committee and other sub-committees/working groups.

Work is managed rather than supervised, with the jobholder working within procedures, broad policies and guidelines as defined by the Quality System, but having the freedom to act with autonomy. The nature of the work necessitates a thorough and concentrated focus on the gathering, testing and evaluation of evidence whilst balancing competing priorities.

The nature of the work necessitates a thorough and concentrated focus on processes to deliver consistent and robust opinions whilst balancing competing priorities. The work pattern is often unpredictable but there is routinely a need to actively participate in and lead senior level discussions and workshops requiring high levels of sustained concentration. Meeting competing deadlines is a routine element of the job.

There is representation across a range of NHS and other bodies on standing senior committees and working parties. Personally responsible for initiating, developing and implementing policy changes and service developments e.g. risk management, information governance, information security, service management and IT operations. These policy proposals impact across the Agency and multiple clients.

There is extensive scope for decision making in respect of planning and organizing the personal work schedule, managing priorities, forming judgments on the adequacy and effectiveness of systems, and producing recommendations to deliver improvements. These decisions will be based upon detailed analysis and evaluation of complex systems issues and options across a range of systems. Such analysis will incorporate an assessment of potentially conflicting and multi-layered information e.g. multiple risk registers, Information Governance Frameworks, etc.,

There will be a routine day to day management role in respect of staff in the function encompassing work scheduling, coaching, and individual and team training, and assignment review. This will include coordination of resources across competing priorities in order to achieve agreed objectives. The management role will also incorporate responsibility for elements of disciplinary and grievance; conduct of appraisals and objective setting for allocated staff; conducting recruitment; reviewing work performance and progress; tackling poor performance; and determining work priorities

The Agency operates in a unique competitive trading environment requiring a professional customer-focus at all times and a range of commercial skills of the post holder. This trading environment creates a business model that requires income to be secured in open competition against multinational consulting and accountancy firms. Income needs to be secured on a regional and national basis to maintain operational and strategic viability.

There is a requirement to adapt to a range of working conditions at different client sites which will also involve frequent travel.

A substantial element of the job involves utilizing a number of office based and client computer systems to evaluate systems and produce the audit outputs. Those outputs, usually reports, are generated from input and manipulation of financial and other data in word processing, spreadsheet, and presentation and database applications. The function also provides IT support to the Agency and the post holder is expected to contribute to this support.

Please also refer to the Job Description attached.

Job description

Job responsibilities

To take responsibility for the operational elements of client relationship management for a limited portfolio of audit plans including the personal conduct of complex assignments.

To conclude upon the quality of all audit opinions produced for allocated clients, contribute to the drafting of the Head of Internal Audit Opinion and Statements of Internal Control as required.

To direct and supervise staff and contractors to deliver the allocated audit plans on time, to budget and to quality standards.

To report to the Audit Committee as required.

To respond to a broad range of sensitive and complex queries from clients and staff.

Communication and the establishment of personal credibility at Board and other senior levels with the clients are central to the job. This is built upon the provision and receipt of routine, complex and sensitive information of a confidential nature. This will require tact and persuasion as well as a deep appreciation and understanding of complex client risks, NHS systems and existing guidance. Discussions with senior staff forms a substantial element of the job often concerning contentious and complicated technical, legal, and control and governance issues at a corporate level. Communication will involve negotiating with external agencies. The job involves significant involvement in persuading and negotiating the reasoning behind recommendations with senior staff, up to and including Board level, across a range of disciplines in order to arrive at an agreed position. Communication of audit findings and advice will be personally and principally delivered through attendance at Audit Committee and other sub-committees/working groups.

Work is managed rather than supervised, with the jobholder working within procedures, broad policies and guidelines as defined by the Quality System, but having the freedom to act with autonomy. The nature of the work necessitates a thorough and concentrated focus on the gathering, testing and evaluation of evidence whilst balancing competing priorities.

The nature of the work necessitates a thorough and concentrated focus on processes to deliver consistent and robust opinions whilst balancing competing priorities. The work pattern is often unpredictable but there is routinely a need to actively participate in and lead senior level discussions and workshops requiring high levels of sustained concentration. Meeting competing deadlines is a routine element of the job.

There is representation across a range of NHS and other bodies on standing senior committees and working parties. Personally responsible for initiating, developing and implementing policy changes and service developments e.g. risk management, information governance, information security, service management and IT operations. These policy proposals impact across the Agency and multiple clients.

There is extensive scope for decision making in respect of planning and organizing the personal work schedule, managing priorities, forming judgments on the adequacy and effectiveness of systems, and producing recommendations to deliver improvements. These decisions will be based upon detailed analysis and evaluation of complex systems issues and options across a range of systems. Such analysis will incorporate an assessment of potentially conflicting and multi-layered information e.g. multiple risk registers, Information Governance Frameworks, etc.,

There will be a routine day to day management role in respect of staff in the function encompassing work scheduling, coaching, and individual and team training, and assignment review. This will include coordination of resources across competing priorities in order to achieve agreed objectives. The management role will also incorporate responsibility for elements of disciplinary and grievance; conduct of appraisals and objective setting for allocated staff; conducting recruitment; reviewing work performance and progress; tackling poor performance; and determining work priorities

The Agency operates in a unique competitive trading environment requiring a professional customer-focus at all times and a range of commercial skills of the post holder. This trading environment creates a business model that requires income to be secured in open competition against multinational consulting and accountancy firms. Income needs to be secured on a regional and national basis to maintain operational and strategic viability.

There is a requirement to adapt to a range of working conditions at different client sites which will also involve frequent travel.

A substantial element of the job involves utilizing a number of office based and client computer systems to evaluate systems and produce the audit outputs. Those outputs, usually reports, are generated from input and manipulation of financial and other data in word processing, spreadsheet, and presentation and database applications. The function also provides IT support to the Agency and the post holder is expected to contribute to this support.

Please also refer to the Job Description attached.

Person Specification

Qualifications

Essential

  • Appropriate IT audit qualifications (e.g. QiCA, CISA, CIISP etc) or professional accountancy qualification (CCAB) OR Membership of the Institute of Internal Auditors (MIIA qualified) OR an appropriate degree (e.g. Health Informatics or Information Security)

Experience

Essential

  • Must have demonstrable experience of working in audit either in the public or private sectors or in a large accountancy practice that has included experience of auditing large organisations or a professional IT service environment
  • must have demonstrable understanding of audit role and techniques.
  • Must have experience of managing and supervising staff.
  • Must have experience of client relationship management

Knowledge

Essential

  • To demonstrate a full and mature understanding of NHS structure, policy, functions, systems, and pertinent IT initiatives and challenges, together with the aptitude to build on that knowledge
  • Must have an understanding of corporate governance, risk management and assurance principles and practice
  • To demonstrate a full and mature understanding of audit principles and practice together with the aptitude to build on that knowledge
  • To demonstrate a clear understanding of information security and governance as well as the wider IM&T agenda

Personal/Managerial Skills & Qualities

Essential

  • Must have excellent oral and written communication skills to enable complicated audit and security/governance issues to be explained to a range of NHS staff, often at a senior level. This will include presentational, negotiation and influencing skills.
  • Must have excellent analytical skills and have the ability to collate complex data from various sources
  • Must have strong and demonstrable understanding of of key IT control frameworks, risks and technologies
  • Must have strong supervision, staff management, coaching and mentoring skills
  • Must have client relationship management experience
  • Must have the ability to negotiate and persuade, sometimes in a setting that is unresponsive or hostile to audit findings
  • Must have a good level of numeracy, keyboard skills and computer literacy (ECDL or equivalent)
  • Must have the ability to make judgements and recommendations in the context of complex systems and risk and materiality of findings.
  • Must have good time management skills and the ability to work to tight deadlines whilst managing competing priorities.
  • Must have the ability to travel to a range of sites and work in a range of environments
Person Specification

Qualifications

Essential

  • Appropriate IT audit qualifications (e.g. QiCA, CISA, CIISP etc) or professional accountancy qualification (CCAB) OR Membership of the Institute of Internal Auditors (MIIA qualified) OR an appropriate degree (e.g. Health Informatics or Information Security)

Experience

Essential

  • Must have demonstrable experience of working in audit either in the public or private sectors or in a large accountancy practice that has included experience of auditing large organisations or a professional IT service environment
  • must have demonstrable understanding of audit role and techniques.
  • Must have experience of managing and supervising staff.
  • Must have experience of client relationship management

Knowledge

Essential

  • To demonstrate a full and mature understanding of NHS structure, policy, functions, systems, and pertinent IT initiatives and challenges, together with the aptitude to build on that knowledge
  • Must have an understanding of corporate governance, risk management and assurance principles and practice
  • To demonstrate a full and mature understanding of audit principles and practice together with the aptitude to build on that knowledge
  • To demonstrate a clear understanding of information security and governance as well as the wider IM&T agenda

Personal/Managerial Skills & Qualities

Essential

  • Must have excellent oral and written communication skills to enable complicated audit and security/governance issues to be explained to a range of NHS staff, often at a senior level. This will include presentational, negotiation and influencing skills.
  • Must have excellent analytical skills and have the ability to collate complex data from various sources
  • Must have strong and demonstrable understanding of of key IT control frameworks, risks and technologies
  • Must have strong supervision, staff management, coaching and mentoring skills
  • Must have client relationship management experience
  • Must have the ability to negotiate and persuade, sometimes in a setting that is unresponsive or hostile to audit findings
  • Must have a good level of numeracy, keyboard skills and computer literacy (ECDL or equivalent)
  • Must have the ability to make judgements and recommendations in the context of complex systems and risk and materiality of findings.
  • Must have good time management skills and the ability to work to tight deadlines whilst managing competing priorities.
  • Must have the ability to travel to a range of sites and work in a range of environments

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Liverpool University Hospitals NHS Foundation Trust

Address

MIAA, Regatta Place,

Brunswick Business Park

Liverpool

L3 4BL


Employer's website

https://www.liverpoolft.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Liverpool University Hospitals NHS Foundation Trust

Address

MIAA, Regatta Place,

Brunswick Business Park

Liverpool

L3 4BL


Employer's website

https://www.liverpoolft.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Technology Risk Assurance

Paula Fagan

paula.fagan@miaa.nhs.uk

07825592866

Details

Date posted

11 October 2021

Pay scheme

Agenda for change

Band

Band 7

Salary

£40,057 to £45,839 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

287-MIAA-29-21

Job locations

MIAA, Regatta Place,

Brunswick Business Park

Liverpool

L3 4BL


Supporting documents

Privacy notice

Liverpool University Hospitals NHS Foundation Trust 's privacy notice (opens in a new tab)