Job summary
Please note that priority will be given to SEL ICB employees who are affected by change.
South East London is a system that recognises the importance of digital and data in the provision of high-quality care. To ensure the ongoing integrity, security and availability of health and care data in our system, we are seeking a highly experienced person to be responsible for the information security and resilience
strategy across the South East London Integrated Care Board and for working
across the Integrated Care system to develop a risk-based strategy across our
system.
Recognising the criticality of this role, the position is a permanent role. At this time, staff in the ICB are hybrid working (predominately working from home) but there is a requirement to work in the office at Tooley St London as required as well as occasional travel to partner organisations and for offsite meetings.
Main duties of the job
Reporting to the Chief Digital Information Officer, the Chief Information Security Officer (CISO) as an integral role within the Digital Senior Leadership Team will provide strategic and day-to-day direction for architecture, live services, infrastructure delivery, cyber, resilience and Information Governance and
Data Management functions.
The role has a dual purpose, both providing an important leadership role across the ICS, while also being responsible for the delivery of cyber security, data integrity, system resilience, Information Governance and Data Management functions for the ICB as well as for supporting the primary care practices that we serve. One of the key early deliverables will be the development of an ICS cyber security strategy. This will be informed by the outputs of a cyber and resilience maturity assessment which is currently underway.
The position has a small team of Information Governance and Data Protection staff, as well as matrix responsibilities for staff responsible for ICB cyber. In addition, there will be potential for recruitment a fixed term resource to support the ICS-wide work required. Much of the work will be progressed through the further development of partnership working across SEL.
About us
The South East London Integrated Care System (ICS) brings together the health and care partners that serve our vibrant and highly diverse populations resident in the London boroughs of Bexley, Bromley, Greenwich, Lambeth, Lewisham and Southwark.
Our partnership brings together six local authorities, over 200 general practices, Guy's and St Thomas' Hospital NHS FT, King's College Hospital NHS FT, Lewisham and Greenwich NHS Trust, South London and the Maudsley Mental Health FT and Oxleas FT. Importantly, the ICS seeks to be connected to the communities we serve (circa 1.92m residents) and work with the widest possible range of community, voluntary and third sector groups and organisations in each borough.
Our vision is a highly performing, sustainable ICS that looks after its staff, responds to its communities and takes action to reduce the inequalities they experience. As a relatively new organisation our Integrated Care Board (ICB) we have established the organisation, details upon which can be found at www.selondonics.org/icb
Job description
Job responsibilities
Duties and Responsibilities
Develop, implement and monitor a strategic, comprehensive cyber, enterpriseinformation security, resilience, information governance and IT risk managementstrategy and plan. Provide expert cyber security advice to executives, IT Directors and technical teamsacross the ICS. To chair relevant cyber security and resilience assurance group/s and providemonthly/quarterly assurance to the ICS Board. Provide leadership to a cyber and resilience community of practice across the ICS Work directly with key stakeholders to facilitate risk assessment and riskmanagement processes. Assist with overall technology planning, providing a current knowledge and futurevision of technology and systems. To lead on the Internal Audit controls for IT Security Manage and develop an awareness portfolio which will address the requirements ofan Information Security Management System. Lead on the development and delivery of an effective monitoring system to measurecompliance with professional and regulatory standards.
To be able to articulate business risks to organisations in relation to the current /emerging cyber threats and also report on appropriate disaster recovery solutions tominimise the effects of cyber security events. To collaborate with all departments within the ICB and ICS where necessary toestablish a process for identification and dissemination of high-quality information tofacilitate effective cyber and information security management and improvement. Contribute and review system wide business cases for investment in cyber, coordinate national funding on cyber risk reduction. Implement a continuous learning process, researching and evaluating what hasworked and what has not, and in an agile manner, implementing changes to futurepractices based on these insights. Share insights and learnings across SEL and theLondon region. To be responsible for the information security of all information systems for the SELICB.
Job description
Job responsibilities
Duties and Responsibilities
Develop, implement and monitor a strategic, comprehensive cyber, enterpriseinformation security, resilience, information governance and IT risk managementstrategy and plan. Provide expert cyber security advice to executives, IT Directors and technical teamsacross the ICS. To chair relevant cyber security and resilience assurance group/s and providemonthly/quarterly assurance to the ICS Board. Provide leadership to a cyber and resilience community of practice across the ICS Work directly with key stakeholders to facilitate risk assessment and riskmanagement processes. Assist with overall technology planning, providing a current knowledge and futurevision of technology and systems. To lead on the Internal Audit controls for IT Security Manage and develop an awareness portfolio which will address the requirements ofan Information Security Management System. Lead on the development and delivery of an effective monitoring system to measurecompliance with professional and regulatory standards.
To be able to articulate business risks to organisations in relation to the current /emerging cyber threats and also report on appropriate disaster recovery solutions tominimise the effects of cyber security events. To collaborate with all departments within the ICB and ICS where necessary toestablish a process for identification and dissemination of high-quality information tofacilitate effective cyber and information security management and improvement. Contribute and review system wide business cases for investment in cyber, coordinate national funding on cyber risk reduction. Implement a continuous learning process, researching and evaluating what hasworked and what has not, and in an agile manner, implementing changes to futurepractices based on these insights. Share insights and learnings across SEL and theLondon region. To be responsible for the information security of all information systems for the SELICB.
Person Specification
Knowledge & Training
Essential
- Educated to master's level with additional in-depth professional knowledge in a range of disciplines over a significant period, or equivalent work experience demonstrating understanding of the same.
- Knowledge and awareness of assurance frameworks: oData Security and Protection Toolkit (DSPT) oNCSC Cyber Assessment Framework (CAF) oCyber Essentials Plus oISO 27001 Information security, cybersecurity and privacy protection. Information security management systems. Requirements / ISO 27002 Information technology, security techniques - code of practice for information security controls
Experience & Understanding
Essential
- Proven experience of working at a senior level leading and delivering information security and resilience in a sensitive and complex environment which is undergoing significant change.
- Proven experience in the development and management of highly performing teams
- An understanding of information governance
- Experience of developing and delivering a clear business plan, strategy and vision and of making difficult and challenging decisions to support strategy and vision.
- Experience of collaborative working across organisational boundaries and levels and with different professional groups.
Skills & Abilities
Essential
- The ability to providing and receiving highly complex, highly sensitive or highly contentious information where there are significant barriers to acceptance which need to be overcome.
- The ability to lead engagement with a wide range of stakeholders within and outside the ICB and a partnership approach to working across organisations.
- The ability to analyse highly complex facts or situations with emerging information, providing senior strategic advice to executives and boards on the best course of action based on available information.
- The ability to formulate the strategy and a long-term plan for information security covering cyber, resilience, data integrity and data security.
Other
Essential
- Outstanding leadership influencing, negotiating and interpersonal skills.
- Excellent team player who understands and appreciates the benefits of a diverse workforce and recognises the value in different styles, approaches and contributions
Person Specification
Knowledge & Training
Essential
- Educated to master's level with additional in-depth professional knowledge in a range of disciplines over a significant period, or equivalent work experience demonstrating understanding of the same.
- Knowledge and awareness of assurance frameworks: oData Security and Protection Toolkit (DSPT) oNCSC Cyber Assessment Framework (CAF) oCyber Essentials Plus oISO 27001 Information security, cybersecurity and privacy protection. Information security management systems. Requirements / ISO 27002 Information technology, security techniques - code of practice for information security controls
Experience & Understanding
Essential
- Proven experience of working at a senior level leading and delivering information security and resilience in a sensitive and complex environment which is undergoing significant change.
- Proven experience in the development and management of highly performing teams
- An understanding of information governance
- Experience of developing and delivering a clear business plan, strategy and vision and of making difficult and challenging decisions to support strategy and vision.
- Experience of collaborative working across organisational boundaries and levels and with different professional groups.
Skills & Abilities
Essential
- The ability to providing and receiving highly complex, highly sensitive or highly contentious information where there are significant barriers to acceptance which need to be overcome.
- The ability to lead engagement with a wide range of stakeholders within and outside the ICB and a partnership approach to working across organisations.
- The ability to analyse highly complex facts or situations with emerging information, providing senior strategic advice to executives and boards on the best course of action based on available information.
- The ability to formulate the strategy and a long-term plan for information security covering cyber, resilience, data integrity and data security.
Other
Essential
- Outstanding leadership influencing, negotiating and interpersonal skills.
- Excellent team player who understands and appreciates the benefits of a diverse workforce and recognises the value in different styles, approaches and contributions
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
