ICS Cyber Security Manager

Job description

Job responsibilities

The post holder will be required to maintain and build constructive relationships with a broad range of internal and external stakeholders including Regional Working Groups and NHS England..Participate in relevant internal and external working groups/projects, services, and initiatives to provide information and analytical advice and expertise.Participate and represent the ICS within relevant BSW Digital working groups including running of the ICS wide cyber security group.Interpret and explain information and highly complex issues to a wide range of internal and external stakeholders.

Project Management

Lead on coordinating ICS wide cyber projects and procurements via the Technical Design Authority (TDA)Provide coordination of and participate in relevant internal and external working groups and provide cyber security advice, expertise, and support where requested, including key strategic developments, service redesign and chairing the ICS Cyber Technical Design Authority (TDA) meetings.Liaison with external providers of ICS IT solutions to ensure appropriate standards of cyber security are adhered to.Deliver complex material to a non-technical audience.Ensuring that ICS wide cyber projects fall within agreed financial envelopes

Cyber Security

Advise on cyber security for BSW ICS organisations, recommending actions and improvements utilising existing dashboards (MDE (Microsoft Defender for Endpoint), DSPT (Data Security and Protection Toolkit)) to monitor cyber maturity across the ICS and provide relevant executive level briefings where necessary.Ensure system wide tracking of information assets and assessment of their protection status.Track coverage of cyber tooling and ensure this meets or exceeds the prevailing threat levels.Assist individual organisations to pilot potential ICS wide cyber solutions to then share and expand their use for the benefit of all participants.Utilise the ICS system wide risk register and additional dashboards as needed, to assist organization to identify common cyber risks and recommend appropriate solutions to help address them.Ensure all ICS organisations respond to High Severity Alerts within the mandated timeframes and support with relevant mitigation advice.Work with Information Governance (IG) leads to help ICS organisations complete the cyber related assertions of the DSPT.Help develop an ICS wide incident response plan, including business continuity requirements and incident response priorities, which support regular and coordinated incident response preparedness exercises.Develop a cyber security training and awareness plan for the ICS that utilizes NHS Digitals Data Security Centre (DSC) central services (such as KeepITConfidential) and the Regional Cyber Crime Units offerings.To assist ICS members in the implementation of the BSW Cyber Strategy, IT security policies and technical controls (including cyber threat mitigation and intrusion detection) ensuring compliance with data protection legislation, Caldicott guidelines and the NHS Data Protection Security Toolkit requirements.Assist organisations with their disaster recovery and business continuity plans and ensure they align and are consistent with the requirements of the ICS. Assist ICS organisations in achieving alignment with NCSCs (National Cyber Security Centre) guidance on backups, ensuring that appropriate backups exist of all infrastructure assets through the implementation of suitable controls and procedures.

Strategy Development

Maintain and update the ICS Cyber Strategy ensuring it stays relevant and aligned to central cyber strategies (NCSC, NHSE/I, NHSD etc.) and the ICS wider Digital Strategy.Provide regular forward-looking assessments of potential cyber threats and issues (such as DSPT requirements, unsupported systems) and provide relevant recommendations to reduce ICS wide risk.Encourage the ICS to maximise the centrally funded cyber offering provided by NHS England, promoting organisational take-up where required. Coordinate any system wide cyber returns required at an ICS level.Act as the ICS cyber link with Avon & Somerset LRF and Wiltshire & Swindon LRF as part of the wider multi-agency preparedness and response to cyber incidents.

Research and Development

Contribute to the development and reporting of key performance cyber indicators for the successful assessment of cyber controls.Maintain a thorough awareness of current and emerging technologies that may be beneficial to the ICS and undertake the piloting and testing of these where appropriate, including producing documentation and positioning papers when required.Influence and participate in defining cyber infused IT standards for services across the BSW ICS.Actively pursue professional development through formal training, informal skills transfer and self-tuition. Be highly motivated in both self-development and in the development of staff and teams.

Management, Planning, Organising and Ongoing Advice

Work closely with the Head of IT and relevant teams to plan and manage the delivery of cyber schemes across the ICS organisations.Adhere to good practice change control procedures and relevant BSW and NHS policies.Be flexible and adjust work schedules to meet BSW ICS requirements.To participate in internal forums and meetings as required and contribute cyber related information to the projects they are involved in.Contribute to the creation of technical documentation with a clear understanding of the business and service user needs.Acquire and maintain detailed knowledge of deployed technologies so that cyber-related incident response enquiries can be clearly and quickly addressed.Maintain an awareness of changes to software, hardware, and technologies that could impact on cyber security, as well as identify opportunities where cyber security can be better applied to technology being used across BSW ICS. Exercise judgement in applying guidelines for setting priorities for resolution, monitoring progress, and applying escalation procedures for cyber incidents, progressing them to a satisfactory conclusion.Ensure organisational policies are applied in own work environment.Negotiate with and influence users and suppliers to ensure cyber security project goals are met.The post will be required to work within and be directed by other BSW organisations as part of wider ICS work.

Person Specification

Qualification, Training Experience

Essential

• Masters degree level qualification relevant for the role or demonstrable equivalent level of experience.
• Evidence of continued professional development.
• Specialist cyber related qualification. E.g NSCS recognised or equivalent Cyber security training e.g CISSP.
• Experience in delivering large scale technical cyber projects or programmes that have a high degree of interdependency.
• Demonstrates skills enabling ability to clearly identify opportunities for efficiencies leading to cost savings.
• Delivered and sustained successful vendor relationships and contract negotiations and management.
• Demonstrable experience working in a highly sensitive large and complex multi-tiered environment.
• A demonstrable understanding of how cyber risk can impact business operations.
• A practical understanding of how cyber risk can impact clinical operations.
• Previous experience of imputing into strategic plans and policies. Previous experience of project and change management skills and/or techniques.

Desirable

• Previous experience of working in digital in the NHS or a healthcare setting.
• Significant experience of successfully operating in a politically sensitive environment.

Knowledge

Essential

• Awareness of Information Governance, Data Security Protection Toolkit or CAF & GDPR (General Data Protection Regulation).
• A good understanding of the technical cyber issues that impact IT and networking systems.
• Working knowledge of Risk Management.
• Knowledge of different security assurance frameworks (CE, ISO27001, CAF, NIST).
• Understanding of data backup and recovery processes and standards.

Desirable

• Familiarity with Data Protection and Caldicott Principles.
• Experience of working in the NHS and/or local authorities or wider public sector.
• Understanding of the Primary, Community and Secondary Care environments.
• Working knowledge of TCPIP networking including Wi-Fi, Firewalls, Routing with security implications.

Communication Skills

Essential

• Ability to prepare and produce concise yet insightful communications for dissemination to stakeholders.
• Able to communicate and present to a wide audience.

Analytical

Essential

• Ability to analyse very complex issues where material is conflicting and drawn from multiple sources.
• Demonstrated capability to act upon incomplete information, using experience to make inferences and decision making.
• Numerate with the ability to analyse a range of complex technical issues, combined with deep analytical skills and propose interim/ permanent resolutions as appropriate.
• Able to make pragmatic strategic and operational decisions based on the analysis and interpretation of complex information.

Planning Skills

Essential

• Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly.
• Experience of setting up and implementing complex processes and procedures.
• Ability to create bids and business cases.

Management skills

Essential

• Able to coordinate and work collaboratively across multiple organizations.
• Leadership and people management skills.
• Robust management/ownership of risks and issues.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

NHS Bath and North East Somerset, Swindon and Wiltshire ICB

Address

Jenner House

Unit E3, Langley Park

Chippenham

SN15 1GG

Employer's website

https://bsw.icb.nhs.uk/ (Opens in a new tab)