Job summary
This role will support the work of the IG and Information Security Manager in delivering the information security aspects of the Information Governance and Information Security work programme.
The Information Security Specialist's primary remit is to develop and implement appropriate Trust policies, procedures, materials, and tools to ensure the availability, accessibility, risk mitigation and security of allinformation resources.
Main duties of the job
- Act as the Trust lead for information security assurance, monitoring and reporting including auditing and evaluation of cyber security practices in the Trust and reporting and escalating any requirement gaps or remediation areas to the Senior Information Risk Owner (SIRO) to decide, escalate and manage appropriate actions with business units and the IT (Information Technology) Department.
- Define the organisations information security management programme with the input and goals of the SIRO to align with their and the Trust's cyber and information risk management framework parameters.
- Produce and report performance measurement statistics relating to information security to the Trusts Digital and Data Assurance Group (DDAG)
- Ensure the ongoing integration of information security with business strategies and requirements.
- Advise on the implementation of organisational business continuity processes in relation to the security of information to reduce the disruption caused by disasters and security failures to an acceptable level through a combination of preventative and recovery controls.
About us
Based in the North East of England we provide a range of hospital and community health services from our leading facilities, including the Queen Elizabeth Hospital, Blaydon urgent care centre and Bensham Hospital, all within Gateshead.
Established in 2005, we were one of the first foundation trusts in the country and since then have consistently achieved the highest levels of care for patients.
We now employ around 4,800 staff and currently provide 444 hospital beds across the Gateshead region.
Our values should be the 'golden thread' which runs through everything we do - they are the core of who we are. Our five values can easily be remembered by the simple acronymICORE; Innovation, Care, Openness, Respect, Engagement.
We have a number of staff networks including the Global Ethnic Majority (GEM) network, D-Ability network, LGBTQ+ Network and the Women's Network, to challenge us and help us to constantly improve. Our Armed Forces network is one of our emerging networks.
The health and wellbeing of our staff is one of our highest priorities, and we offer a range of support and initiatives as part of our 'Balance' programme balancegateshead.com to cater for our diverse workforce, so that your individual needs can be supported, allowing you a happy and healthy working experience with us.
Job description
Job responsibilities
- To keep owned policies and procedures up to date ensuring that the Trust remains compliant with the UK (United Kingdom) Data Protection, Information Security and Confidentiality legislations.
- To provide guidance and advice in respect of best practice in all maters relating to information security which will include but is not limited to information risk, business continuity, third party due diligence reviews, cyber security control assurance auditing where it has an impact on the Trust, its staff, patients, and the public.
- To keep abreast of current NHS (National Health Service), UK, EU, and relevant National legislation, to be able to provide recommendations and guidance in information security and cyber assurance levels to the Trust.
- To work with managers and staff to ensure that good industry practice and local processes are applied and comply with Trust Policy for cyber security controls and information security practices including information risk management and business continuity.
- To work with and report any requirement gaps or remediation areas to the Senior Information Risk Owner (SIRO) to decide, escalate and manage appropriate actions with business units and the IT Department.
- To work with and report to the IG and Information Security Manager (DPO (Data Protection Officer)) in all aspects of information security, information risks and recoverability of information and personal data, to ensure an efficient and effective service regarding the IG and Information Security programme delivery to meet the IG Operating Model Objectives.
Job description
Job responsibilities
- To keep owned policies and procedures up to date ensuring that the Trust remains compliant with the UK (United Kingdom) Data Protection, Information Security and Confidentiality legislations.
- To provide guidance and advice in respect of best practice in all maters relating to information security which will include but is not limited to information risk, business continuity, third party due diligence reviews, cyber security control assurance auditing where it has an impact on the Trust, its staff, patients, and the public.
- To keep abreast of current NHS (National Health Service), UK, EU, and relevant National legislation, to be able to provide recommendations and guidance in information security and cyber assurance levels to the Trust.
- To work with managers and staff to ensure that good industry practice and local processes are applied and comply with Trust Policy for cyber security controls and information security practices including information risk management and business continuity.
- To work with and report any requirement gaps or remediation areas to the Senior Information Risk Owner (SIRO) to decide, escalate and manage appropriate actions with business units and the IT Department.
- To work with and report to the IG and Information Security Manager (DPO (Data Protection Officer)) in all aspects of information security, information risks and recoverability of information and personal data, to ensure an efficient and effective service regarding the IG and Information Security programme delivery to meet the IG Operating Model Objectives.
Person Specification
Qualifications and Training
Essential
- Educated to Master's Level (infosec related subject) or equivalent
- Extensive experience in an IG or InfoSec role (minimum 3 years)
- InfoSec qualification or accreditation, i.e. ISEB, CISM etc.
Desirable
- Other supporting InfoSec certificate such as CISSP, CIPT, CISA etc.
Skills/Knowledge/Experience
Essential
- Experience and skilled in auditing compliance and regulatory standards such asISO27001
- Experience of developing, maintaining and managing policies and procedures
- understanding of cyber and InfoSec legislation, specifically DPA, GDPR and the NIS2018
Desirable
- Experience of developing, maintaining and managing policies, procedures and
- Experience in providing training and awareness to a wide audience.
- Understanding of the InfoSec role requirements and the differences to Information Security
Attitude
Essential
- Ability to work well under pressure and maintain composure in demanding situations
- Willingness to learn and share knowledge.
- Strong influencing and persuasion skills
- Self-motivated
Special Requirements
Essential
- Meets the requirements of UK Border and Immigration/ISA
- Can be on site 2-3 days per week.
Desirable
- Experience working in an NHS organisation in a similar role
Person Specification
Qualifications and Training
Essential
- Educated to Master's Level (infosec related subject) or equivalent
- Extensive experience in an IG or InfoSec role (minimum 3 years)
- InfoSec qualification or accreditation, i.e. ISEB, CISM etc.
Desirable
- Other supporting InfoSec certificate such as CISSP, CIPT, CISA etc.
Skills/Knowledge/Experience
Essential
- Experience and skilled in auditing compliance and regulatory standards such asISO27001
- Experience of developing, maintaining and managing policies and procedures
- understanding of cyber and InfoSec legislation, specifically DPA, GDPR and the NIS2018
Desirable
- Experience of developing, maintaining and managing policies, procedures and
- Experience in providing training and awareness to a wide audience.
- Understanding of the InfoSec role requirements and the differences to Information Security
Attitude
Essential
- Ability to work well under pressure and maintain composure in demanding situations
- Willingness to learn and share knowledge.
- Strong influencing and persuasion skills
- Self-motivated
Special Requirements
Essential
- Meets the requirements of UK Border and Immigration/ISA
- Can be on site 2-3 days per week.
Desirable
- Experience working in an NHS organisation in a similar role
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
