Job summary
Chief Information Security Officer
Band 8C, Full Time, Flexible working, Home or Remote Working
The Chief Information Security Officer is the lead role within the Trust's Digital Services function for cyber security and information governance. The CISO wis responsible for developing the Trust's cyber security strategy, ensuring alignment with national and regional cyber strategies.
The postholder will line manage the cyber security and IG teams, and will work with other senior leaders within digital services to ensure that the department specifically and also the Trust as a whole, understand the cyber agenda, and how to protect the systems and data the Trust holds.
Proposed Interview Date - 16th April 2025
Main duties of the job
The CISO is responsible for:
- developing, implementing and reviewing the Trust's cyber security strategy
- ensuring that there is training for staff on all things cyber security and information governance
- oversight, delivery and reporting on the Data Security and Protection Toolkit
- providing assurance to the Trust's SIRO and Chief Digital Officer on all things cyber
- line managing a cyber team and the IG function, including the Trust's FOI responsibilities
About us
The Trust is a combined acute and community Trust in south west London. Croydon is the largest Borough in the sector, and the hospital provides services from its two main hospital sites and a range of community venues.
The cyber and IG teams sit within the Digital Services Directorate, which is based at the main Croydon University Hospital site. The working pattern for all staff within the department is a mix of on site and remote working.
Job description
Job responsibilities
The CISO is responsible for:
- developing and maintaining highly effective relationships with a range of internal and external stakeholders, including NHS England's regional cyber lead, and the CISO at SW London ICS
- developing and delivering the Trust's cyber security strategy
- managing the Trust's cyber security and IG frameworks, including associated policies and procedures
- developing, managing and reporting on a suite of cyber security KPIs
- reviewing the Trust's cyber and IG capacity and capability, ensuring that it remains sufficient in terms of capacity and capability, to meet changing standards and requirements s they change from time to time.
Job description
Job responsibilities
The CISO is responsible for:
- developing and maintaining highly effective relationships with a range of internal and external stakeholders, including NHS England's regional cyber lead, and the CISO at SW London ICS
- developing and delivering the Trust's cyber security strategy
- managing the Trust's cyber security and IG frameworks, including associated policies and procedures
- developing, managing and reporting on a suite of cyber security KPIs
- reviewing the Trust's cyber and IG capacity and capability, ensuring that it remains sufficient in terms of capacity and capability, to meet changing standards and requirements s they change from time to time.
Person Specification
Qualifications
Essential
- oEducated to masters level or equivalent level of experience of working at a senior level in specialist area.
Qualifications
Essential
- One or more security qualifications, including CISSP, CISM
Knowledge
Essential
- Extensive knowledge of relevant public and private sector cyber security practice
Knowledge
Essential
- Extensive Knowledge of key legislation and mandated standards including GDPR, NISR, DS&P Toolkit, Cyber Essentials + accreditation
Knowledge
Essential
- Experience of IT incident response, including Disaster Recovery and Business Continuity
Experience
Essential
- Experience of managing complex, strategic technology and cyber security projects or areas with complex working practices
Experience
Essential
- Experience of successfully operating in and delivering priorities in a partnership environment
Skills
Essential
- Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly
Skills
Essential
- Excellent written and verbal communication skills with the ability to communicate, negotiate and influence staff at all levels in the organisation
Skills
Essential
- Ability to make decisions autonomously, when required, on difficult issues
Person Specification
Qualifications
Essential
- oEducated to masters level or equivalent level of experience of working at a senior level in specialist area.
Qualifications
Essential
- One or more security qualifications, including CISSP, CISM
Knowledge
Essential
- Extensive knowledge of relevant public and private sector cyber security practice
Knowledge
Essential
- Extensive Knowledge of key legislation and mandated standards including GDPR, NISR, DS&P Toolkit, Cyber Essentials + accreditation
Knowledge
Essential
- Experience of IT incident response, including Disaster Recovery and Business Continuity
Experience
Essential
- Experience of managing complex, strategic technology and cyber security projects or areas with complex working practices
Experience
Essential
- Experience of successfully operating in and delivering priorities in a partnership environment
Skills
Essential
- Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly
Skills
Essential
- Excellent written and verbal communication skills with the ability to communicate, negotiate and influence staff at all levels in the organisation
Skills
Essential
- Ability to make decisions autonomously, when required, on difficult issues
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
