Job summary
Undertake first line triage, support, investigation, mitigation and reporting on all cyber security/governance related matters including: General Data Protection Regulations (GDPR); Data Protection Act, phishing attacks; technical security and governance incidents/breaches; risks; security controls; encryption; exceptional security bypass requests; policy, etc. These may be complex and Trust wide, and involve all levels of management, access to patient systems and data, third parties, regulatory bodies, and interaction with patients and their families.
To manage the provision of Confidentiality and Access Support Agreements for external/temporary staff and organisations in a timely fashion to ensure training and granting of access to sensitive patient systems is delivered when required, but with appropriate assurances/controls in place and to align with IT Training and Service Desk processes.
To support the Cyber Security/Assurance Managers in the completion, control maintenance and development, and comprehensive evidencing for the relevant mandatory Data Security Protection Toolkit (DSPT) submissions in line with NHS Digital expectations
Main duties of the job
Provide and receive complex information, including personal interaction, with all levels of management, patients, third parties and regulators, and undertake investigations and problem solving for cyber security and governance matters.
Entrusted with update access to multiple key live patient systems holding sensitive data to facilitate investigations and problem resolution with data on these systems, which may include updates.
To attend meetings with external agencies and partners on relevant cyber security and governance matters, when required, i.e. attend the monthly Cheshire and Mersey Information Governance Group, and similar, on behalf of the team.
Conduct security control surveys for key Trust IT Systems and record and report compliance with expected control for Audit purposes and DSPT requirements. As part of this process also provide guidance and feedback to local management on control gaps and opportunities for improvement.
Provide advice and assistance to all levels of staff, management and external organisations, including patients, relating to all aspects of cyber security and governance. This would include technical, professional advice, risk assessment, control guidance, compliance checks, problem resolution and investigations.
About us
Liverpool University Hospitals NHS Foundation Trust was created on 1 October 2019 following the merger of two adult acute Trusts, Aintree University Hospital NHS Foundation Trust and the Royal Liverpool and Broadgreen University Hospitals NHS Trust.
The merger provides an opportunity to reconfigure services in a way that provides the best healthcare services to the city and improves the quality of care and health outcomes that patients experience.
The Trust runs Aintree University Hospital, Broadgreen Hospital, Liverpool University Dental Hospital and the Royal Liverpool University Hospital.
It serves a core population of around 630,000 people across Merseyside as well as providing a range of highly specialist services to a catchment area of more than two million people in the North West region and beyond.
To hear more about our achievements click herehttps://www.liverpoolft.nhs.uk/media/13089/1606-annual-report-booklet_final.pdf
Follow us on Social Media:
Facebook - Liverpool University Hospitals Careers
Instagram - @LUHFTcareers
Twitter - @LUHFTcareers
Job description
Job responsibilities
Provide and receive complex information, via various mediums, including personal interaction, with all levels of management, patients, third parties and regulators, and undertake investigations and problem solving for cyber security and governance matters. Some of these may be sensitive, highly confidential and with disciplinary or regulatory implications.
Entrusted with update access to multiple key live patient systems holding sensitive data to facilitate investigations and problem resolution with data on these systems, which may include updates.
The post holder assists in the creation, review, implementation and dissemination of key cyber security and governance policies, protocols and procedures, as well as providing guidance and may propose changes on them where appropriate.
To attend meetings with external agencies and partners on relevant cyber security and governance matters, when required, i.e. attend the monthly Cheshire and Mersey Information Governance Group, and similar, on behalf of the team.
Conduct security control surveys for key Trust IT Systems and record and report compliance with expected control for Audit purposes and DSPT requirements. As part of this process also provide guidance and feedback to local management on control gaps and opportunities for improvement.
Provide advice and assistance to all levels of staff, management and external organisations, including patients, relating to all aspects of cyber security and governance. This would include technical, professional advice, risk assessment, control guidance, compliance checks, problem resolution and investigations.
Assist Technical Support team in finding and resolving problem workstations throughout the Trust that are not available on the network or are not being rebooted to take security patches and other fixes to ensure robust protection from cyber-attacks
To manage the provision of Confidentiality and Access Support Agreements for external 3rd parties and organisations in a timely fashion to ensure training and granting of access to sensitive patient systems is delivered when required, but with appropriate assurances/controls in place and to align with IT Training and Service Desk processes as well as relevant legislation, such as GDPR
Job description
Job responsibilities
Provide and receive complex information, via various mediums, including personal interaction, with all levels of management, patients, third parties and regulators, and undertake investigations and problem solving for cyber security and governance matters. Some of these may be sensitive, highly confidential and with disciplinary or regulatory implications.
Entrusted with update access to multiple key live patient systems holding sensitive data to facilitate investigations and problem resolution with data on these systems, which may include updates.
The post holder assists in the creation, review, implementation and dissemination of key cyber security and governance policies, protocols and procedures, as well as providing guidance and may propose changes on them where appropriate.
To attend meetings with external agencies and partners on relevant cyber security and governance matters, when required, i.e. attend the monthly Cheshire and Mersey Information Governance Group, and similar, on behalf of the team.
Conduct security control surveys for key Trust IT Systems and record and report compliance with expected control for Audit purposes and DSPT requirements. As part of this process also provide guidance and feedback to local management on control gaps and opportunities for improvement.
Provide advice and assistance to all levels of staff, management and external organisations, including patients, relating to all aspects of cyber security and governance. This would include technical, professional advice, risk assessment, control guidance, compliance checks, problem resolution and investigations.
Assist Technical Support team in finding and resolving problem workstations throughout the Trust that are not available on the network or are not being rebooted to take security patches and other fixes to ensure robust protection from cyber-attacks
To manage the provision of Confidentiality and Access Support Agreements for external 3rd parties and organisations in a timely fashion to ensure training and granting of access to sensitive patient systems is delivered when required, but with appropriate assurances/controls in place and to align with IT Training and Service Desk processes as well as relevant legislation, such as GDPR
Person Specification
Qualifications
Essential
- Relevant degree or other relevant professional qualifications (relevant experience/knowledge in similar role.) I
- ISEB in Information Security or equivalent qualification
- ECDL or equivalent IT experience
- Evidence of continuous professional development
Desirable
- Cyber Security Fundamentals or Practitioner
Experience
Essential
- The successful candidate should have at least 24 months recent and relevant work experience in a similar role
- Experience of training, handholding and support of Cyber Security/Governance initiatives
Desirable
- Experience of writing and implementing policies and procedure
- Knowledge and understanding of system and process management, records management, data quality, data protection, security and confidentiality controls.
- Experience of working in the NHS and knowledge of multiple NHS systems, procedures and information flows
- Training in report writing, presentations, conflict management, negotiations etc
Knowledge
Essential
- Expert knowledge and understanding of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 as they apply to wider cyber Security and Governance activities, procedures and practices.
- IT knowledge, specifically in the use of multiple Microsoft Office products and relevant security system concepts
- Expert knowledge of Cyber Security/Governance and IM&T strategies in the NHS
- Knowledge and understanding of DSPT and Data Guardian Standards.
Skills
Essential
- Proficient communication, negotiation and influencing skills for different target audiences across Trust and 3rd party organisations
- Able to demonstrate excellent written and verbal skills
- Ability to investigate, advise and report on potentially highly complex/sensitive security incidents liaising with all levels of management
- Ability to work with sensitivity / tact, including a commitment to confidentiality. Sensitive to the requirements and pressures placed on colleagues.
Other
Essential
- Able to use own initiative and work autonomously, with minimum supervision and to act independently within defined areas. Practice effective time management, plan, organise and prioritise work appropriately and work pro-actively to meet deadlines.
Person Specification
Qualifications
Essential
- Relevant degree or other relevant professional qualifications (relevant experience/knowledge in similar role.) I
- ISEB in Information Security or equivalent qualification
- ECDL or equivalent IT experience
- Evidence of continuous professional development
Desirable
- Cyber Security Fundamentals or Practitioner
Experience
Essential
- The successful candidate should have at least 24 months recent and relevant work experience in a similar role
- Experience of training, handholding and support of Cyber Security/Governance initiatives
Desirable
- Experience of writing and implementing policies and procedure
- Knowledge and understanding of system and process management, records management, data quality, data protection, security and confidentiality controls.
- Experience of working in the NHS and knowledge of multiple NHS systems, procedures and information flows
- Training in report writing, presentations, conflict management, negotiations etc
Knowledge
Essential
- Expert knowledge and understanding of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 as they apply to wider cyber Security and Governance activities, procedures and practices.
- IT knowledge, specifically in the use of multiple Microsoft Office products and relevant security system concepts
- Expert knowledge of Cyber Security/Governance and IM&T strategies in the NHS
- Knowledge and understanding of DSPT and Data Guardian Standards.
Skills
Essential
- Proficient communication, negotiation and influencing skills for different target audiences across Trust and 3rd party organisations
- Able to demonstrate excellent written and verbal skills
- Ability to investigate, advise and report on potentially highly complex/sensitive security incidents liaising with all levels of management
- Ability to work with sensitivity / tact, including a commitment to confidentiality. Sensitive to the requirements and pressures placed on colleagues.
Other
Essential
- Able to use own initiative and work autonomously, with minimum supervision and to act independently within defined areas. Practice effective time management, plan, organise and prioritise work appropriately and work pro-actively to meet deadlines.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
