Cyber Security Lead

Cardiff and Vale University Health Board

Information:

This job is now closed

Job summary

Cardiff and Vale UHB is looking to appoint a Cyber Security Lead.

Cyber security issues are a key concern in the Health Service, with technical advances arising every day. This post provides a great opportunity to play a key role in helping Cardiff and Vale UHB improve cyber security operations and provide the assurance needed to operate the business successfully and safely.

In this role, the successful candidate will be providing technical advice on Cyber Security related topics and playing a key role in helping us to improve our cyber security operations.

Main duties of the job

The role will require the successful candidate to lead teams on a range of Cyber Security engagements, supporting services to design and assess the effectiveness of their Cyber Security mechanisms.

The main duties of this role will be:

  • Responsible for the overall management and performance of the Cyber Security team
  • Provide and receive complex, sensitive information relating to Cyber Security and Corporate issues ensuring the safe operation of the organisations ICT systems.
  • Investigate complex Cyber Security enquiries providing assistance & advice as required
  • Coordinate Cyber Security incident responses at organisational level
  • Leads on Cyber Security issues and compliance in ICT
  • Implement Cyber Security policy, procedures and processes which impacts Informatics and within own team.
  • Perform root cause analysis on all Cyber Security Events.

The ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.

About us

Cardiff and Vale University Health Boardis one of the largest Integrated Health Boards in the UK. It has a large and complex ICT service that underpins the delivery of digital health care. ICT supports around 15,000 users and over 200 services across more than 120 sites. The adoption and expectations placed upon digital healthcare are expected to grow substantially over the next 5 years as the health board expands its mobility services both in primary and secondary care settings.

As a new dedicated cyber function, the Cyber Security Manager will work alongside colleagues in our Digital Directorate. In addition to this, the post holder will be working with a number of different teams across Cardiff and Vale UHB to deliver high quality work.

Cardiff, the thriving Welsh capital, is a fantastic city to live and work in with an abundance of sports, arts and cultural attractions. Situated to the west of Cardiff, the Vale of Glamorgan offers a combination of beautiful Welsh countryside and a dramatic natural coastline. Whether city life or rural living, Cardiff and the Vale offers the best of both worlds.

Date posted

25 January 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£51,706 to £58,210 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

001-AC030-0124

Job locations

Woodlands House

Maes-y-coed Road

Cardiff

CF14 4TT


Job description

Job responsibilities

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac

Job description

Job responsibilities

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac

Person Specification

Essential

Essential

  • A strong academic background to degree level or equivalent experience in a directly related role
  • A related professional certification, for example; Certified Information systems security professional (CISSP), Certified Information Security Manager (CISM)
  • Solid IT and/or technology background
  • ITIL Foundation
  • Educated to Degree level (preferably Cyber Security) or equivalent level of work experience and knowledge
  • Professional qualification or membership in cyber security (International Information Systems Security Certification (ISC2), British Computer Society (BCS), National Computer Security Centre (NCSC), etc) or equivalent
  • Evidence of Continual Professional Development

Desirable

  • Degree educated in an IT related discipline
  • Information Technology Infrastructure Library (ITIL) Foundation Certificate
  • IT based qualification preferably security related such as GCIA Certified intrusion Analyst, etc.
  • ITIL Managing Across the Lifecycle
  • PRINCE2 Foundation
  • Formal leadership training at equivalent or greater to Institute of Leadership & Management (ILM) Level 5

Experience

Essential

  • Substantial experience working in an IT based role preferably in a security related area
  • Strong knowledge and experience of a number of the following; Information Security, architecture design and implementation, security assessments, Identity and Access Management, Third Party Risk Management and IT Controls Testing
  • Awareness of National and International security standards
  • Relevant experience working in a senior Cyber Security Role

Desirable

  • Experience of working in a Service Organisation Control (SOC) environment
  • Working with Third party Security specialists
  • Experience of ICT service provision in a health care setting
  • Experience of working in fields other than Cyber Security
  • Experience of managing teams

Skills

Essential

  • Effectively manage your own workload
  • Ability to work as part of a team
  • Project management skills, preferably with accreditation, for example: ITIL, PRINCE2, Managing Successful Programmes (MSP)
  • Ability to plan workload for and lead a team and act as role model for best practice
  • Provide clear reporting to senior management
  • Ability to communicate clearly with non-technical staff and end users
  • Ability to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no support
  • Manage 3rd parties and suppliers to deliver projects
  • Ability to understand vulnerability scans and penetration tests, and develop a remediation plan
  • Develop best practice procedures and policies for cyber security team
  • Able to evaluate and select of best practice security tools
  • Manage root case analysis and recovery of security incidents
  • Good keyboard skills and application use.

Desirable

  • Strong communicator(Written and verbal)
  • Ability to analyse and problem solve
  • A broad range of ICT skills and understanding
  • Ability to speak Welsh

SPECIAL KNOWLEDGE

Essential

  • Broad knowledge of and understanding of IT
  • Knowledge of IT security principles
  • Full stack knowledge from network to server
  • Excellent understanding of cyber security best practices and terminology
  • Knowledge of desktop and mobile devices and operating systems
  • Good knowledge of common cyber security tools and solutions
  • Good understanding of security monitoring and alerting solutions
  • Excellent understanding of Cyber Security professional code of conduct
  • Good understanding of vulnerability scanning and penetration testing

Desirable

  • SIEM platfroms such as ArcSight, Splunk, or LogRhythm (products)
  • Data Leakage Prevention tools
  • McAfee enterprise suite including antivirus, HIPS, and rogue device detection
  • Advance Package Tool detection and mitigation
  • Application of Cyber Security in a healthcare environment
  • Good knowledge of one or more specialist areas such as compliance, penetration testing or incident response

PERSONAL QUALITIES

Essential

  • Methodical
  • Confident
  • Hardworking
  • Reliable and trustworthy
  • Risk aware
  • Demonstrated integrity within a professional environment
  • Enthusiastic, self motivated, looks for opportunities to improve services, staff and self
  • Cares about the service and service continuity and is willing to go the extra mile when necessary
  • Ability to communicate with all levels of the organisation
  • Flexible and adaptable to meet all aspects of the work

Desirable

  • Patient, diligent and diplomatic
  • Pro-active, resourceful and able to use initiative
  • Willingness to learn, develop, and keep abreast of technological developments
Person Specification

Essential

Essential

  • A strong academic background to degree level or equivalent experience in a directly related role
  • A related professional certification, for example; Certified Information systems security professional (CISSP), Certified Information Security Manager (CISM)
  • Solid IT and/or technology background
  • ITIL Foundation
  • Educated to Degree level (preferably Cyber Security) or equivalent level of work experience and knowledge
  • Professional qualification or membership in cyber security (International Information Systems Security Certification (ISC2), British Computer Society (BCS), National Computer Security Centre (NCSC), etc) or equivalent
  • Evidence of Continual Professional Development

Desirable

  • Degree educated in an IT related discipline
  • Information Technology Infrastructure Library (ITIL) Foundation Certificate
  • IT based qualification preferably security related such as GCIA Certified intrusion Analyst, etc.
  • ITIL Managing Across the Lifecycle
  • PRINCE2 Foundation
  • Formal leadership training at equivalent or greater to Institute of Leadership & Management (ILM) Level 5

Experience

Essential

  • Substantial experience working in an IT based role preferably in a security related area
  • Strong knowledge and experience of a number of the following; Information Security, architecture design and implementation, security assessments, Identity and Access Management, Third Party Risk Management and IT Controls Testing
  • Awareness of National and International security standards
  • Relevant experience working in a senior Cyber Security Role

Desirable

  • Experience of working in a Service Organisation Control (SOC) environment
  • Working with Third party Security specialists
  • Experience of ICT service provision in a health care setting
  • Experience of working in fields other than Cyber Security
  • Experience of managing teams

Skills

Essential

  • Effectively manage your own workload
  • Ability to work as part of a team
  • Project management skills, preferably with accreditation, for example: ITIL, PRINCE2, Managing Successful Programmes (MSP)
  • Ability to plan workload for and lead a team and act as role model for best practice
  • Provide clear reporting to senior management
  • Ability to communicate clearly with non-technical staff and end users
  • Ability to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no supportoAbility to work on own initiative, organise own workload, and deliver projects with no support
  • Manage 3rd parties and suppliers to deliver projects
  • Ability to understand vulnerability scans and penetration tests, and develop a remediation plan
  • Develop best practice procedures and policies for cyber security team
  • Able to evaluate and select of best practice security tools
  • Manage root case analysis and recovery of security incidents
  • Good keyboard skills and application use.

Desirable

  • Strong communicator(Written and verbal)
  • Ability to analyse and problem solve
  • A broad range of ICT skills and understanding
  • Ability to speak Welsh

SPECIAL KNOWLEDGE

Essential

  • Broad knowledge of and understanding of IT
  • Knowledge of IT security principles
  • Full stack knowledge from network to server
  • Excellent understanding of cyber security best practices and terminology
  • Knowledge of desktop and mobile devices and operating systems
  • Good knowledge of common cyber security tools and solutions
  • Good understanding of security monitoring and alerting solutions
  • Excellent understanding of Cyber Security professional code of conduct
  • Good understanding of vulnerability scanning and penetration testing

Desirable

  • SIEM platfroms such as ArcSight, Splunk, or LogRhythm (products)
  • Data Leakage Prevention tools
  • McAfee enterprise suite including antivirus, HIPS, and rogue device detection
  • Advance Package Tool detection and mitigation
  • Application of Cyber Security in a healthcare environment
  • Good knowledge of one or more specialist areas such as compliance, penetration testing or incident response

PERSONAL QUALITIES

Essential

  • Methodical
  • Confident
  • Hardworking
  • Reliable and trustworthy
  • Risk aware
  • Demonstrated integrity within a professional environment
  • Enthusiastic, self motivated, looks for opportunities to improve services, staff and self
  • Cares about the service and service continuity and is willing to go the extra mile when necessary
  • Ability to communicate with all levels of the organisation
  • Flexible and adaptable to meet all aspects of the work

Desirable

  • Patient, diligent and diplomatic
  • Pro-active, resourceful and able to use initiative
  • Willingness to learn, develop, and keep abreast of technological developments

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Cardiff and Vale University Health Board

Address

Woodlands House

Maes-y-coed Road

Cardiff

CF14 4TT


Employer's website

https://cavuhb.nhs.wales/ (Opens in a new tab)

Employer details

Employer name

Cardiff and Vale University Health Board

Address

Woodlands House

Maes-y-coed Road

Cardiff

CF14 4TT


Employer's website

https://cavuhb.nhs.wales/ (Opens in a new tab)

For questions about the job, contact:

Head of Information Governance and Cyber Security

James Webb

James.Webb@wales.nhs.uk

02920745981

Date posted

25 January 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£51,706 to £58,210 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

001-AC030-0124

Job locations

Woodlands House

Maes-y-coed Road

Cardiff

CF14 4TT


Supporting documents

Privacy notice

Cardiff and Vale University Health Board's privacy notice (opens in a new tab)