Information Security Manager

Guy's and St Thomas' NHS Foundation Trust

Information:

This job is now closed

Job summary

This role will be primarily responsible for supporting the Trust in delivering fit for purpose cyber security plans, improving the Trust's cyber security posture and reducing the risk of impact from a cyber security incident. Ultimately, this role's aim is to help the Trust to protect the data and services that our patients depend on. The specific responsibilities of the role will include developing and raising awareness of the Trust's cyber security strategy, policy, standards and frameworks, embedding robust cyber security risk controls within Trust systems and services, and providing assurance that patient services and systems are being safely and securely operated in alignment with required policies and standards.

The Information Security Manager will need to form a large number of senior relationships across the Trust and more broadly across the health and care system, including clinical Strategic Business Units, key IT suppliers and Internal Audit, and will be frequently called-upon to explain the security-preparedness and cyber risk environment to Trust senior management and to key external stakeholders.

Main duties of the job

The Information Security Manager is accountable for ensuring that Guy's and St. Thomas' NHS Foundation Trust can protect patient data and services from cyber risk, and can meet national NHS standards for cyber security, specifically in relation to development and delivery of cyber policy and assurance.

Reporting directly to the Head of Information Security, the Information Security Manager will lead on the development and promotion of cyber security policy, standards and frameworks, and will strategically engage with NHS Digital and other key third parties to ensure that the Trust is empowered to deliver excellent standards of patient care. The post holder will provide leadership and guidance on cyber risk management and reporting, and will lead on the development and delivery of the Trust's cyber audit and assurance framework, working closely with internal business units, DT&I colleagues, key IT systems suppliers and Internal Audit.

The work will be mainly based in the Trust's locations in central London with some travel to partner Trusts and supplier sites as necessary.

About us

You will be joining a dynamic Information Security team led by dedicated professionals, each bringing unique expertise and a collaborative spirit to the table. Our team is committed to safeguarding our digital assets with a relentless work ethic and passion for modernisation and innovation. We support the personal development of our team members and offer extensive training opportunities to ensure our team operates at the forefront of cybersecurity. With a supportive environment and focus on continuous learning, you will have the opportunity to grow your career while contributing to a secure digital workplace that puts patients front and centre to all we do.

Date posted

04 November 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£61,927 to £68,676 a year p.a. inc HCA

Contract

Permanent

Working pattern

Full-time

Reference number

196-COF10469-S

Job locations

Education Centre

75 York Road

LONDON

SE1 7NJ


Job description

Job responsibilities

Protect and assure patient data and services against cyber security risk, while enabling secure delivery of new patient services and systems

Provide leadership and guidance to the Trust on cyber security policy, risk and compliance issues

Provide leadership and support to the Cyber Security Risk Manager and team

Deputise for the Head of Information Security when required

Develop and drive adoption of the Trusts cyber security strategy, policy, standards and procedures, including policy exception management, in alignment with Trust strategic objectives and with legal and NHS Digital requirements for cyber security and data protection

Development of cyber security portfolio, including alignment with clinical and IT strategic objectives and initiatives

Partner with business and IT leaders and key decision makers to ensure that appropriate cyber security controls are deployed and operated to time and budget

Develop and ensure delivery of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements in cyber capability and maturity

Shape commercially acceptable business cases and propositions for Cyber Security investment which balance cyber security risk control with accessibility, usability and cost considerations

Lead for providing formal response to cyber security compliance elements of the NHS Digital Data Security & Protection Toolkit

Develop and drive adoption of the Trust security risk and assurance framework

Lead for embedding cyber risk and assurance controls within development lifecycle for Trust services and systems

Provide direction and assurance for cyber security service development and operation, including assurance on cyber security services and systems provided by suppliers

Lead the Trust response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals

Assess and report on cyber security risk posture and compliance through specification and collection of relevant cyber security metrics and KPIs

Ensure that the Trust can meet the requirements of national cyber security standards and legislation, including the Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems

Monitor and audit Trust processes to identify gaps or weaknesses in current policy and practice, for manual and or electronic systems. Ensure all recommendations are implemented to deliver a continuous improvement in Trust service delivery

Agree an annual audit programme with the Trusts Internal Audit department and external auditors.

Ensure senior Trust engagement and support for cyber initiatives through regular briefings and reports to senior management boards and forums on cyber risk posture, action planning, and compliance with required standards

Provide colleague education and awareness on cyber threat and how to safely respond to cyber incidents

As a member of the Trusts senior cyber security team, ensure that cyber security considerations are effectively raised and addressed within appropriate IT and business management forums

Set objectives for the Cyber Security Risk team, monitoring performance to assure delivery of the cyber security work programme

Develop the skills and foster the career paths for cyber security professionals within the Cyber Risk team.

Responsible for overseeing information security systems in place.

Reporting on security systems in place and producing reports and audits for relevant governance forums.

Job description

Job responsibilities

Protect and assure patient data and services against cyber security risk, while enabling secure delivery of new patient services and systems

Provide leadership and guidance to the Trust on cyber security policy, risk and compliance issues

Provide leadership and support to the Cyber Security Risk Manager and team

Deputise for the Head of Information Security when required

Develop and drive adoption of the Trusts cyber security strategy, policy, standards and procedures, including policy exception management, in alignment with Trust strategic objectives and with legal and NHS Digital requirements for cyber security and data protection

Development of cyber security portfolio, including alignment with clinical and IT strategic objectives and initiatives

Partner with business and IT leaders and key decision makers to ensure that appropriate cyber security controls are deployed and operated to time and budget

Develop and ensure delivery of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements in cyber capability and maturity

Shape commercially acceptable business cases and propositions for Cyber Security investment which balance cyber security risk control with accessibility, usability and cost considerations

Lead for providing formal response to cyber security compliance elements of the NHS Digital Data Security & Protection Toolkit

Develop and drive adoption of the Trust security risk and assurance framework

Lead for embedding cyber risk and assurance controls within development lifecycle for Trust services and systems

Provide direction and assurance for cyber security service development and operation, including assurance on cyber security services and systems provided by suppliers

Lead the Trust response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals

Assess and report on cyber security risk posture and compliance through specification and collection of relevant cyber security metrics and KPIs

Ensure that the Trust can meet the requirements of national cyber security standards and legislation, including the Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems

Monitor and audit Trust processes to identify gaps or weaknesses in current policy and practice, for manual and or electronic systems. Ensure all recommendations are implemented to deliver a continuous improvement in Trust service delivery

Agree an annual audit programme with the Trusts Internal Audit department and external auditors.

Ensure senior Trust engagement and support for cyber initiatives through regular briefings and reports to senior management boards and forums on cyber risk posture, action planning, and compliance with required standards

Provide colleague education and awareness on cyber threat and how to safely respond to cyber incidents

As a member of the Trusts senior cyber security team, ensure that cyber security considerations are effectively raised and addressed within appropriate IT and business management forums

Set objectives for the Cyber Security Risk team, monitoring performance to assure delivery of the cyber security work programme

Develop the skills and foster the career paths for cyber security professionals within the Cyber Risk team.

Responsible for overseeing information security systems in place.

Reporting on security systems in place and producing reports and audits for relevant governance forums.

Person Specification

Qualifications and Experience

Essential

  • oEducated to Master's Degree level, or equivalent experience, in Computer Science or a related science discipline;
  • oEducated to Master's Degree level, or equivalent experience, in Computer Science or a related science discipline;
  • oSubject matter expert in cyber security policy, risk management

Previous Experience

Essential

  • oSignificant proven experience of working within large, complex, and diverse technical organisations in a senior cyber security leadership role;
  • oExperience of developing and managing enterprise-scale cyber security strategies, services and teams;
  • oExperience of delivering and managing complex transformation programmes in partnership with business and IT teams.

Skills and Abilities

Essential

  • oAbility to make pragmatic risk management decisions balanced appropriately between protection, usability, performance and cost.
  • oAbility to demonstrate leadership and vision in a changing environment;
  • oAbility to analyse complex problems and to develop practical and workable solutions to address them;
  • oAbility to engage and build coalitions across diverse stakeholder groups within complex, enterprise scale environments;
  • oStrong leadership and engagement skills to create high performing, customer-focussed teams in the context of changing requirements and ambiguity;

Setting Direction

Essential

  • oWell-developed leadership and influencing skills with the ability to enthuse, motivate and involve individuals and teams;
  • oAbility to be intellectually flexible and to look beyond existing structures, ways of working, boundaries and organisations to produce more effective and innovative service delivery and partnerships;
  • oSound judgement and astuteness in understanding and working with complex policy and diverse interest groups, and common sense in knowing when to brief "up the line";
  • oA commitment to continuous improvement in cyber security standards.

Autonomy

Essential

  • oAbility to work on own initiative and organize workload, allocating work and resources as necessary
  • oAbility to work to tight and often conflicting deadlines
  • oAbility to make decisions autonomously, when required, on difficult issues, and where there may be no precedent or external point of reference.

Personal Qualities

Essential

  • oAbility to balance and manage multiple conflicting demands, calmly and confidently;
  • oPersonal resilience, determination and ability to deliver positive outcomes on challenging issues.
  • oExcellent inter-personal and communications skills, with a track record in writing complex business cases and policies;
  • oStrong sense of commitment to openness, honesty and integrity in undertaking the role.
  • oFlexibility and the ability to handle a rapidly changing and ambiguous environment
  • oAbility to thrive in an often ambiguous environment
Person Specification

Qualifications and Experience

Essential

  • oEducated to Master's Degree level, or equivalent experience, in Computer Science or a related science discipline;
  • oEducated to Master's Degree level, or equivalent experience, in Computer Science or a related science discipline;
  • oSubject matter expert in cyber security policy, risk management

Previous Experience

Essential

  • oSignificant proven experience of working within large, complex, and diverse technical organisations in a senior cyber security leadership role;
  • oExperience of developing and managing enterprise-scale cyber security strategies, services and teams;
  • oExperience of delivering and managing complex transformation programmes in partnership with business and IT teams.

Skills and Abilities

Essential

  • oAbility to make pragmatic risk management decisions balanced appropriately between protection, usability, performance and cost.
  • oAbility to demonstrate leadership and vision in a changing environment;
  • oAbility to analyse complex problems and to develop practical and workable solutions to address them;
  • oAbility to engage and build coalitions across diverse stakeholder groups within complex, enterprise scale environments;
  • oStrong leadership and engagement skills to create high performing, customer-focussed teams in the context of changing requirements and ambiguity;

Setting Direction

Essential

  • oWell-developed leadership and influencing skills with the ability to enthuse, motivate and involve individuals and teams;
  • oAbility to be intellectually flexible and to look beyond existing structures, ways of working, boundaries and organisations to produce more effective and innovative service delivery and partnerships;
  • oSound judgement and astuteness in understanding and working with complex policy and diverse interest groups, and common sense in knowing when to brief "up the line";
  • oA commitment to continuous improvement in cyber security standards.

Autonomy

Essential

  • oAbility to work on own initiative and organize workload, allocating work and resources as necessary
  • oAbility to work to tight and often conflicting deadlines
  • oAbility to make decisions autonomously, when required, on difficult issues, and where there may be no precedent or external point of reference.

Personal Qualities

Essential

  • oAbility to balance and manage multiple conflicting demands, calmly and confidently;
  • oPersonal resilience, determination and ability to deliver positive outcomes on challenging issues.
  • oExcellent inter-personal and communications skills, with a track record in writing complex business cases and policies;
  • oStrong sense of commitment to openness, honesty and integrity in undertaking the role.
  • oFlexibility and the ability to handle a rapidly changing and ambiguous environment
  • oAbility to thrive in an often ambiguous environment

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Guy's and St Thomas' NHS Foundation Trust

Address

Education Centre

75 York Road

LONDON

SE1 7NJ


Employer's website

https://www.guysandstthomas.nhs.uk/careers/careers.aspx (Opens in a new tab)

Employer details

Employer name

Guy's and St Thomas' NHS Foundation Trust

Address

Education Centre

75 York Road

LONDON

SE1 7NJ


Employer's website

https://www.guysandstthomas.nhs.uk/careers/careers.aspx (Opens in a new tab)

For questions about the job, contact:

Head of Information Security and Risk

Paul Merison

paul.merison@gstt.nhs.uk

07596889062

Date posted

04 November 2024

Pay scheme

Agenda for change

Band

Band 8a

Salary

£61,927 to £68,676 a year p.a. inc HCA

Contract

Permanent

Working pattern

Full-time

Reference number

196-COF10469-S

Job locations

Education Centre

75 York Road

LONDON

SE1 7NJ


Supporting documents

Privacy notice

Guy's and St Thomas' NHS Foundation Trust's privacy notice (opens in a new tab)