Liverpool University Hospitals NHS Foundation Trust

Senior Digital Risk Consultant (Risk & Governance)

Information:

This job is now closed

Job summary

An exciting opportunity has arisen in our digital risk assurance and advisory team for motivated individuals with excellent cyber security, digital transformation, systems and network management, service delivery and communication and people skills.

Senior Digital Risk Consultant - Risk and Governance - Band 8a

We are looking for enthusiastic and forward thinking digital risk professionals to join our successful team.

  • You will be working across all MIAA clients, mainly in the Northwest but also beyond, as part of a diverse and award winning team where you can make a real difference to the NHS and the care and services that it provides.
  • MAA are committed to the develop of our staff, as recognised through a variety of training related awards and certifications, and you will be fully supported, through a combination of informal development as well as formal training and certifications, to achieve your career ambitions within the context of our services.
  • We also recognise the fast-changing technology landscape and are constantly evolving our own approaches, using leading technologies to support and deliver our work and to maximise the value to our clients.
  • The role offers flexible/hybrid working and attractive benefits including an excellent salary and pension scheme. In addition, MIAA are committed to and prioritise the health and wellbeing of its staff with wellbeing champions and comprehensive resources available to support staff.

For further details please see Job Advert

Main duties of the job

  • 1. To take responsibility for the operational elements of client relationship management for a portfolio the digital risk audit plans and assigned consultancy reviews and services including the personal conduct of highly complex/technical, assignments.2. To conclude upon the effectiveness of highly complex digital risk management, contributing to the Head of Internal Audit Opinion and Statements of Internal Control as required, and supporting service improvement and resilience with a requirement for refined negotiating skills to describe contentious issues and drive improvement.3. To direct and supervise staff and contractors to deliver the allocated assignments and services on time, to budget and to quality standards.4. To report to relevant senior client-side officers and committees as required.5. To respond to a broad range of highly sensitive, technical, and complex queries from clients and staff.6. To assess and report on the extent to which highly complex client systems operate securely and effectively.7. To provide highly complex advice and guidance to clients and colleagues.8. Support the identification and mitigation of highly complex digital risks across clients.

About us

MIAA is an NHS Shared service, hosted by Liverpool University Hospitals NHS Foundation Trust. MIAA is the predominant provider of internal audit and advisory services to over 50 NHS and public sector organisations in the Northwest and beyond. MIAA offer clients a number of services in addition to internal audit including Digital Risk Assurance, Solutions, Anti-Fraud, Capital, Clinical Coding, Healthcare Quality Support Unit.

Originating in 1990, MIAA is now the largest in-house provider of internal audit, digital and consultancy services to the NHS, with a budgeted turnover of £12m.

All our teams benefit from:

  • Flexible/Hybrid Working
  • Generous pension scheme
  • Professional Training, development and protected learning time
  • Career progression

Our Values

  • Respect & Compassion
  • Trust
  • Innovation & Excellence

Details

Date posted

12 December 2023

Pay scheme

Agenda for change

Band

Band 8a

Salary

£50,952 to £57,349 a year per annum

Contract

Permanent

Working pattern

Full-time, Flexible working, Compressed hours

Reference number

287-MIAA-27-23

Job locations

One of MIAA Office Locations

TBC

Liverpool/Chester/Lancashire/Manchester

L3 4BL


Job description

Job responsibilities

KeyResponsibilities

Produces, agrees, and oversees delivery of highly complex risk-based digitalplans with allocated clients/assignments that are designed to produce sufficient assurances to fulfil the requirements of the Head of Internal Audit Opinion on the effectiveness of internal control. Actively identifies, defines, and delivers/oversees the highly complex advisory assignments and services specific to the needs of clients with a view to increasing and securing income from such activities. Manages the planning, conduct, output and opinions for highly complex digital assurance, consultancy, and services for allocated clients/assignments within agreed deadlines, budgets, and quality standards. Operates as budget holder for allocated advisory assignments and services i.e., a discrete set of services, requiring the planning and organizing of complex activities and programmes, often extending over multiple years,to ensure income is recovered, costs contained and outputs delivered. Often these budgeted plans need to be adjusted on an ongoing basis for reporting to Audit Committees as priorities shift. Manages and develops the key relationships with allocated clients, particularly the Chief Information/Digital Officer, Chief Clinical Information Officer, Chief Nursing Information Officer, Senior Information Risk Owner, Data Protection Officer, Caldicott Guardian as well as other senior digital staff. Provides highly complex advice to allocated clients, either directly or through colleagues, on technology/digital risk, either current or emerging, in the context of care, service and business activities. Responsibility for ensuring allocated plans are incorporated into the overall planning of resources and commitments for the function. Plans and organises the work schedule for allocated staff to ensure weekly, monthly, quarterly, and annual timetables are delivered particularly with regard to Audit Committee deadlines. Personally, conducts a range of highly complex and highly technical assignments for reporting to senior management and relevant committees. This will often involve significant research and development activity. Conducts research on behalf of the function, MIAA and the wider community to develop and pilot approaches to emerging areas. Makes recommendations as appropriate often involving significant proposed changes to working practices and procedures, often involving the adoption of new technologies, following policy implementation across multiple areas and NHS organisations. These routinely will involve contributing to service redesign and providing benchmarking information. Undertakes highly complex systems reviews that conclude upon the effective management of digital risk. Responds to, and often anticipates, queries from clients, which may be of asensitive and confidential nature, and investigates and reports as necessary to the satisfaction of the client. These queries may relate to highly complex issues requiring a detailed understanding of complex client risks, digital systems regulation, and legislation as well as complex digital infrastructures and threats. Routinely directs the work of junior team members, contractors, and other staff within the function. Builds effective client relationships across the functions clients and internally. Adheres and contributes to the continuous improvement philosophy to ensure we continue to provide a valuable service focused upon clients needs. Fully complies with all aspects of the confidentiality policy.

For further information please see full Job description and Person Specification

Job description

Job responsibilities

KeyResponsibilities

Produces, agrees, and oversees delivery of highly complex risk-based digitalplans with allocated clients/assignments that are designed to produce sufficient assurances to fulfil the requirements of the Head of Internal Audit Opinion on the effectiveness of internal control. Actively identifies, defines, and delivers/oversees the highly complex advisory assignments and services specific to the needs of clients with a view to increasing and securing income from such activities. Manages the planning, conduct, output and opinions for highly complex digital assurance, consultancy, and services for allocated clients/assignments within agreed deadlines, budgets, and quality standards. Operates as budget holder for allocated advisory assignments and services i.e., a discrete set of services, requiring the planning and organizing of complex activities and programmes, often extending over multiple years,to ensure income is recovered, costs contained and outputs delivered. Often these budgeted plans need to be adjusted on an ongoing basis for reporting to Audit Committees as priorities shift. Manages and develops the key relationships with allocated clients, particularly the Chief Information/Digital Officer, Chief Clinical Information Officer, Chief Nursing Information Officer, Senior Information Risk Owner, Data Protection Officer, Caldicott Guardian as well as other senior digital staff. Provides highly complex advice to allocated clients, either directly or through colleagues, on technology/digital risk, either current or emerging, in the context of care, service and business activities. Responsibility for ensuring allocated plans are incorporated into the overall planning of resources and commitments for the function. Plans and organises the work schedule for allocated staff to ensure weekly, monthly, quarterly, and annual timetables are delivered particularly with regard to Audit Committee deadlines. Personally, conducts a range of highly complex and highly technical assignments for reporting to senior management and relevant committees. This will often involve significant research and development activity. Conducts research on behalf of the function, MIAA and the wider community to develop and pilot approaches to emerging areas. Makes recommendations as appropriate often involving significant proposed changes to working practices and procedures, often involving the adoption of new technologies, following policy implementation across multiple areas and NHS organisations. These routinely will involve contributing to service redesign and providing benchmarking information. Undertakes highly complex systems reviews that conclude upon the effective management of digital risk. Responds to, and often anticipates, queries from clients, which may be of asensitive and confidential nature, and investigates and reports as necessary to the satisfaction of the client. These queries may relate to highly complex issues requiring a detailed understanding of complex client risks, digital systems regulation, and legislation as well as complex digital infrastructures and threats. Routinely directs the work of junior team members, contractors, and other staff within the function. Builds effective client relationships across the functions clients and internally. Adheres and contributes to the continuous improvement philosophy to ensure we continue to provide a valuable service focused upon clients needs. Fully complies with all aspects of the confidentiality policy.

For further information please see full Job description and Person Specification

Person Specification

Qualifcations

Essential

  • Level 7 Qualification in an Informatics or Cyber Security subject/equivalent. Examples include: o Master's degree/equivalent
  • Qualification in Computer Audit (QiCA) OR Certified Information System Auditor (CISA) OR Demonstrable, significant experience in the field of IT/IS audit
  • CREST Penetration Tester

Desirable

  • Certified Information Security Manager
  • Certified Data Protection Officer
  • PRINCE2 project management OR Managing Successful Programmes
  • CHECK Team Member

Experience

Essential

  • Must have senior experience of working in audit and consultancy or within a senior role in digital delivery.
  • Must have demonstrable understanding of the role or audit and consultancy and relevant techniques for delivery.
  • Must have significant experience of recruiting, developing, managing, and supervising staff.
  • Must have experience of working in the NHS or other public sector organization resulting in a developed understanding of digital systems, risks, and processes. Alternative experience in an equivalent organization may be acceptable.

Knowledge

Essential

  • Must have a full and mature understanding of NHS and public sector structures, policy, functions, and digital systems together with the aptitude to build on that knowledge.
  • Must have a full understanding of the digital agenda, corporate governance, risk management and assurance principles and practice
  • Must have a full and mature understanding of audit and IM&T principles and practice together with the aptitude to build on that knowledge.
  • Specific technical knowledge including: - Processes, tools, and techniques of information security management - Protection of information and information systems while ensuring their confidentiality, integrity, and availability. - Application security, data loss prevention, access control and intrusion. - Vulnerability assessment tools, techniques, models, and systems - Endpoint security configuration and monitoring/testing. - In-depth knowledge of IT security and data protection/sharing policies, standards, regulation, and legislation. - Network monitoring, analysis tooling and techniques - Methods and tools of forensics investigations for IT security violations or potential threats. - Tools, techniques, approaches, and processes of cybersecurity risk management. - Tools and techniques for assessing the effectiveness of information security measures, identifying potential risk exposures, and protecting the availability, confidentiality, and audit trails of information from destruction or manipulation. - Vulnerability assessment tools, techniques, and systems. The threats, measures, and practices of mobile security.

Skills

Essential

  • Excellent oral and written communication skills to enable complicated digital issues to be explained to a range of staff, often at a senior level. This will include presentational, negotiation and influencing skills.
  • Excellent analytical skills and have the ability to collate complex data from various sources.
  • Strong supervision, team building, staff management, coaching, mentoring and staff development skills
  • Ability to negotiate, persuade and influence, sometimes in a setting that is unresponsive or hostile to audit findings.
  • High level of numeracy and keyboard skills.
  • Ability to make judgements and recommendations in the context of complex systems and risk and materiality of findings
  • Good time management skills and the ability to work to tight deadlines whilst managing competing priorities.
  • Ability to contribute to corporate strategic direction.

Other

Essential

  • Must have the ability to travel to a range of sites and work in a range of environments. A driving licence and own transport is essential.
Person Specification

Qualifcations

Essential

  • Level 7 Qualification in an Informatics or Cyber Security subject/equivalent. Examples include: o Master's degree/equivalent
  • Qualification in Computer Audit (QiCA) OR Certified Information System Auditor (CISA) OR Demonstrable, significant experience in the field of IT/IS audit
  • CREST Penetration Tester

Desirable

  • Certified Information Security Manager
  • Certified Data Protection Officer
  • PRINCE2 project management OR Managing Successful Programmes
  • CHECK Team Member

Experience

Essential

  • Must have senior experience of working in audit and consultancy or within a senior role in digital delivery.
  • Must have demonstrable understanding of the role or audit and consultancy and relevant techniques for delivery.
  • Must have significant experience of recruiting, developing, managing, and supervising staff.
  • Must have experience of working in the NHS or other public sector organization resulting in a developed understanding of digital systems, risks, and processes. Alternative experience in an equivalent organization may be acceptable.

Knowledge

Essential

  • Must have a full and mature understanding of NHS and public sector structures, policy, functions, and digital systems together with the aptitude to build on that knowledge.
  • Must have a full understanding of the digital agenda, corporate governance, risk management and assurance principles and practice
  • Must have a full and mature understanding of audit and IM&T principles and practice together with the aptitude to build on that knowledge.
  • Specific technical knowledge including: - Processes, tools, and techniques of information security management - Protection of information and information systems while ensuring their confidentiality, integrity, and availability. - Application security, data loss prevention, access control and intrusion. - Vulnerability assessment tools, techniques, models, and systems - Endpoint security configuration and monitoring/testing. - In-depth knowledge of IT security and data protection/sharing policies, standards, regulation, and legislation. - Network monitoring, analysis tooling and techniques - Methods and tools of forensics investigations for IT security violations or potential threats. - Tools, techniques, approaches, and processes of cybersecurity risk management. - Tools and techniques for assessing the effectiveness of information security measures, identifying potential risk exposures, and protecting the availability, confidentiality, and audit trails of information from destruction or manipulation. - Vulnerability assessment tools, techniques, and systems. The threats, measures, and practices of mobile security.

Skills

Essential

  • Excellent oral and written communication skills to enable complicated digital issues to be explained to a range of staff, often at a senior level. This will include presentational, negotiation and influencing skills.
  • Excellent analytical skills and have the ability to collate complex data from various sources.
  • Strong supervision, team building, staff management, coaching, mentoring and staff development skills
  • Ability to negotiate, persuade and influence, sometimes in a setting that is unresponsive or hostile to audit findings.
  • High level of numeracy and keyboard skills.
  • Ability to make judgements and recommendations in the context of complex systems and risk and materiality of findings
  • Good time management skills and the ability to work to tight deadlines whilst managing competing priorities.
  • Ability to contribute to corporate strategic direction.

Other

Essential

  • Must have the ability to travel to a range of sites and work in a range of environments. A driving licence and own transport is essential.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website (opens in a new window).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website (opens in a new window).

Employer details

Employer name

Liverpool University Hospitals NHS Foundation Trust

Address

One of MIAA Office Locations

TBC

Liverpool/Chester/Lancashire/Manchester

L3 4BL


Employer's website

https://www.liverpoolft.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Liverpool University Hospitals NHS Foundation Trust

Address

One of MIAA Office Locations

TBC

Liverpool/Chester/Lancashire/Manchester

L3 4BL


Employer's website

https://www.liverpoolft.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Assistant Digital Director

Paula Fagan

paula.fagaan@miaa.nhs.uk

07825592866

Details

Date posted

12 December 2023

Pay scheme

Agenda for change

Band

Band 8a

Salary

£50,952 to £57,349 a year per annum

Contract

Permanent

Working pattern

Full-time, Flexible working, Compressed hours

Reference number

287-MIAA-27-23

Job locations

One of MIAA Office Locations

TBC

Liverpool/Chester/Lancashire/Manchester

L3 4BL


Supporting documents

Privacy notice

Liverpool University Hospitals NHS Foundation Trust 's privacy notice (opens in a new tab)