Cyber Security Manager

Mid and South Essex NHS Foundation Trust

Information:

This job is now closed

Job summary

You will work in our busy team, delivering an outcome-focused, professional and high-quality service at all times.

As the primary point of contact for all IT security related queries, you will play a key role in the team, managing operational responsibilities, and be accountable for the day to day running of the cyber security team.

You will utilise your broad working knowledge of the field, and as a subject matter expert, provide expert advice to the cyber and senior leadership team.Liaise with the Information Governance to ensure there is a joined-up approach between security and governance.

As a critical service for the organisation, participation in an on-call rota will be required once you have acquired sufficient organisational knowledge and experience within your role.

Main duties of the job

You will build working relationships with ease and work with a diverse group of stakeholders, communicating in a clear, concise, timely and effective manner.

You will participate in larger pieces of security work, including the monitoring of security controls/processes and policies, provide assurance that existing controls are maintained, as well as a being proactive subject matter expert in team projects.

As a service lead you will take ownership of complex problems and drive to a successful, timely and secure resolution.

You will oversee cyber risk assessments including supply chain risk management, ensuring that security monitoring controls are robust and effective, and ensure that audit or remediation actions are completed in a timely manner.

About us

With a workforce of approximately 15,000 staff, we can now do more and go further in delivering health services to our local communities.

Our ambition is to deliver excellent local and specialist services, to improve the health and wellbeing of our patients, and provide a vibrant place for staff to develop, innovate and build careers.

Patients will experience improved care as well as fewer delays and cancellations. We are able to provide more once-in-a-lifetime specialist care region-wide. With our new trust size will come more opportunities for development, research, networking and innovation.

We aim to make the most of our skills and experiences so we can become the best we can be. As one organisation we will recruit the finest and retain more specialist staff due to more employment opportunities across our Trust.

Date posted

12 July 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£50,952 a year Per Annum (excluding oncall enhancements)

Contract

Permanent

Working pattern

Full-time

Reference number

390-COR-SO-0277

Job locations

Britannia House

Comet Way

Southend

SS2 6GE


Job description

Job responsibilities

A summary of responsibilities are as follows, please also refer to full job description.

Communication

  • Strong verbal and written communication skills and able to chair cyber meetings, and respond to technical and non-technical cyber security enquiries.
  • Responsible for communicating, developing and maintaining effective relationships with staff at all levels in the organisation and relevant external parties.
  • Develop and manage a communication strategy to the relevant staff members impacted or Trust wide when delivering on short and long term strategies, relating to IT security.
  • Engaging with SMEs agree, prioritise and monitor the delivery of mitigation actions

Analytical and Planning

  • Work with methods such as user-centred design, Agile or Lean, ensuring that you set appropriate security expectations at different phases of discover, test, build/buy, deploy and decommission. You will assess the risk and deliver the right amount of security and governance to mitigate it.
  • Review cyber threats and vulnerabilities, evaluate and report potential risks to senior colleagues in the organisation, together with remediation plans
  • Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders.
  • Co-ordinate maintenance, development, and testing of the organisations cyber security incident response plan to ensure that it is effective, aligned with industry standard best practice guidance and is robustly tested on a regular basis.
  • Share security findings to Digital SLT, as well as KPIs, KRIs, and cascade threat briefs to both technical and non-technical staff which may Including board level escalations.
  • Identify the need for and organise Cybersecurity related training in the wider organisation.
  • Provide leadership and management for the team.
  • Proactively plan and review systems and process to reduce operational and security risks.
  • Be responsible for ensuring the operation and security of the Trusts IT systems and infrastructure is in line with current best practice, UK legislation and national guidelines, including admin rights to some systems. (these information systems are utilised by several services and this is a major part of job responsibility)
  • Provide assurance to the CISO & Board that controls are working, and patch statuses are good

Policy and Service Development

  • Lead on the development and implementation of policies that encourage secure working and protect data across the Trust.
  • Responsible for coordinating any future security accreditation and delivery of local, ICS and National Cyber Security strategies.
  • Develop and deliver on structured short- and long-term strategic plans to address gaps in security across the Trust and meet recommended standards in Cyber Security within the organisation
  • Regularly present and report to the Chief Information Security Officer (CISO) on the progress of short- and long-term strategic plans.
  • Implement and monitor the progress of the short- and long-term strategic plans ensuring that adjustments are made, and issues are resolved efficiently and effectively to avoid delays with successful completion of the strategic plans.

Financial and Physical Resources

  • Responsible for specification and development of costed proposals and business cases for IT Security development projects.
  • Develop and support comprehensive business cases and funding bids to secure necessary internal and/or external funding to reduce cyber security risk to the organisation.
  • This is a technical management role that requires the ability to both manage a technically focused service and develop the strategy for that service. Take responsibility for delegated budget, ensuring effective planning and allocation of costs and resources relating to IT security systems.
  • Engaging and organising external resources that have been recruited or commissioned to complete cyber security related work.

Staff Management

  • Responsible for the direct line management of Cyber Security related job roles that sit under the organisational structure for this role.
  • Monitor and manage functions/responsibilities that are carried out by staff outside of the direct line management structure. I.E., if a function or responsibility that comes under the control of the Cyber Security service sits within another staff structure the post holder will monitor and manage those staff following the appropriate escalation processes
  • Participate and actively contribute, providing highly specialists advice during the negotiations between parties relating to clinical and non-clinical system designs and development process across the Trust

Information Resources

  • Required to prepare reports that evaluate Cyber Threats and propose appropriate course of action to mitigate the risk
  • Regularly undertakes survey, audits or research to support service development
  • Modification of Cyber Security system setting to ensure appropriate monitoring is undertaken for all new digital assets and systems
  • Perform root cause analysis (RCA) on security incidents and update knowledge base for future learning.

Job description

Job responsibilities

A summary of responsibilities are as follows, please also refer to full job description.

Communication

  • Strong verbal and written communication skills and able to chair cyber meetings, and respond to technical and non-technical cyber security enquiries.
  • Responsible for communicating, developing and maintaining effective relationships with staff at all levels in the organisation and relevant external parties.
  • Develop and manage a communication strategy to the relevant staff members impacted or Trust wide when delivering on short and long term strategies, relating to IT security.
  • Engaging with SMEs agree, prioritise and monitor the delivery of mitigation actions

Analytical and Planning

  • Work with methods such as user-centred design, Agile or Lean, ensuring that you set appropriate security expectations at different phases of discover, test, build/buy, deploy and decommission. You will assess the risk and deliver the right amount of security and governance to mitigate it.
  • Review cyber threats and vulnerabilities, evaluate and report potential risks to senior colleagues in the organisation, together with remediation plans
  • Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders.
  • Co-ordinate maintenance, development, and testing of the organisations cyber security incident response plan to ensure that it is effective, aligned with industry standard best practice guidance and is robustly tested on a regular basis.
  • Share security findings to Digital SLT, as well as KPIs, KRIs, and cascade threat briefs to both technical and non-technical staff which may Including board level escalations.
  • Identify the need for and organise Cybersecurity related training in the wider organisation.
  • Provide leadership and management for the team.
  • Proactively plan and review systems and process to reduce operational and security risks.
  • Be responsible for ensuring the operation and security of the Trusts IT systems and infrastructure is in line with current best practice, UK legislation and national guidelines, including admin rights to some systems. (these information systems are utilised by several services and this is a major part of job responsibility)
  • Provide assurance to the CISO & Board that controls are working, and patch statuses are good

Policy and Service Development

  • Lead on the development and implementation of policies that encourage secure working and protect data across the Trust.
  • Responsible for coordinating any future security accreditation and delivery of local, ICS and National Cyber Security strategies.
  • Develop and deliver on structured short- and long-term strategic plans to address gaps in security across the Trust and meet recommended standards in Cyber Security within the organisation
  • Regularly present and report to the Chief Information Security Officer (CISO) on the progress of short- and long-term strategic plans.
  • Implement and monitor the progress of the short- and long-term strategic plans ensuring that adjustments are made, and issues are resolved efficiently and effectively to avoid delays with successful completion of the strategic plans.

Financial and Physical Resources

  • Responsible for specification and development of costed proposals and business cases for IT Security development projects.
  • Develop and support comprehensive business cases and funding bids to secure necessary internal and/or external funding to reduce cyber security risk to the organisation.
  • This is a technical management role that requires the ability to both manage a technically focused service and develop the strategy for that service. Take responsibility for delegated budget, ensuring effective planning and allocation of costs and resources relating to IT security systems.
  • Engaging and organising external resources that have been recruited or commissioned to complete cyber security related work.

Staff Management

  • Responsible for the direct line management of Cyber Security related job roles that sit under the organisational structure for this role.
  • Monitor and manage functions/responsibilities that are carried out by staff outside of the direct line management structure. I.E., if a function or responsibility that comes under the control of the Cyber Security service sits within another staff structure the post holder will monitor and manage those staff following the appropriate escalation processes
  • Participate and actively contribute, providing highly specialists advice during the negotiations between parties relating to clinical and non-clinical system designs and development process across the Trust

Information Resources

  • Required to prepare reports that evaluate Cyber Threats and propose appropriate course of action to mitigate the risk
  • Regularly undertakes survey, audits or research to support service development
  • Modification of Cyber Security system setting to ensure appropriate monitoring is undertaken for all new digital assets and systems
  • Perform root cause analysis (RCA) on security incidents and update knowledge base for future learning.

Person Specification

Qualifications

Essential

  • Master's degree level qualification relevant for the role or demonstrable equivalent level of experience.
  • CISSP (or other relevant security certification) or equivalent education, training, and experience.

Desirable

  • Professional qualification or membership in Cyber Security (ISC2, BSC, NSSC, CompTIA etc.)
  • ITIL Security Management Qualification

Knowledge & Experience

Essential

  • Significant experience of working in a senior or management level security role.
  • Experience of working in a large and complex multi-tiered environment
  • Previous experience of defining and implementing KPI's/KRI's
  • Experience in planning, implementation and upgrade of security measures and controls.
  • Strong Knowledge of technical security controls, threats and vulnerabilities and current IT and security best practice approaches and frameworks
  • Excellent analytical and troubleshooting skills, including the ability to clarify a problem, seek all relevant information, detect trends and link cause and effect, and identify the critical issues in a complex situation.

Desirable

  • Previous experience of working in digital in the NHS or a healthcare setting.

Communication

Essential

  • Excellent verbal and written communication skills with the ability to work with personnel at all levels, within all disciplines of the Trust
  • Proven ability for exceptional attention to detail.
  • Strong communication skills able to explain matters that are often complex and obscure to non-specialists and, good at listening and sensitively interpreting others.

Personal & People Development

Essential

  • Able to anticipate wider consequences of decisions and know when to refer upwards.
  • The ability to work under pressure, manage changing priorities, whilst meeting targets and deadlines to expected levels of quality.
Person Specification

Qualifications

Essential

  • Master's degree level qualification relevant for the role or demonstrable equivalent level of experience.
  • CISSP (or other relevant security certification) or equivalent education, training, and experience.

Desirable

  • Professional qualification or membership in Cyber Security (ISC2, BSC, NSSC, CompTIA etc.)
  • ITIL Security Management Qualification

Knowledge & Experience

Essential

  • Significant experience of working in a senior or management level security role.
  • Experience of working in a large and complex multi-tiered environment
  • Previous experience of defining and implementing KPI's/KRI's
  • Experience in planning, implementation and upgrade of security measures and controls.
  • Strong Knowledge of technical security controls, threats and vulnerabilities and current IT and security best practice approaches and frameworks
  • Excellent analytical and troubleshooting skills, including the ability to clarify a problem, seek all relevant information, detect trends and link cause and effect, and identify the critical issues in a complex situation.

Desirable

  • Previous experience of working in digital in the NHS or a healthcare setting.

Communication

Essential

  • Excellent verbal and written communication skills with the ability to work with personnel at all levels, within all disciplines of the Trust
  • Proven ability for exceptional attention to detail.
  • Strong communication skills able to explain matters that are often complex and obscure to non-specialists and, good at listening and sensitively interpreting others.

Personal & People Development

Essential

  • Able to anticipate wider consequences of decisions and know when to refer upwards.
  • The ability to work under pressure, manage changing priorities, whilst meeting targets and deadlines to expected levels of quality.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Mid and South Essex NHS Foundation Trust

Address

Britannia House

Comet Way

Southend

SS2 6GE


Employer's website

https://www.mse.nhs.uk (Opens in a new tab)

Employer details

Employer name

Mid and South Essex NHS Foundation Trust

Address

Britannia House

Comet Way

Southend

SS2 6GE


Employer's website

https://www.mse.nhs.uk (Opens in a new tab)

For questions about the job, contact:

Chief Information Security Officer

Kate Thompson

kate.thompson19@nhs.net

07758221733

Date posted

12 July 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£50,952 a year Per Annum (excluding oncall enhancements)

Contract

Permanent

Working pattern

Full-time

Reference number

390-COR-SO-0277

Job locations

Britannia House

Comet Way

Southend

SS2 6GE


Supporting documents

Privacy notice

Mid and South Essex NHS Foundation Trust's privacy notice (opens in a new tab)