Band 8d Chief Information Security Officer

Job responsibilities

Core Duties and Responsibilities (Key Result Areas)

Key responsibilities will include:

Planning & Organising

Be accountable for developing, delivering and maintaining the ICSs cyber security strategy and annual delivery plans that support its implementation, promoting innovation and supporting operational excellence.

Be responsible for the system wide cyber security risk register and plan actions to mitigate risks and provide assurance to partner member cyber risk registers.

Be responsible for action planning that meets the objectives of each ICSs cyber security strategy by:

1) Ensuring appropriate structures, policies and processes are in place to manage risks to systems supporting essential functions

2) Protect against cyber attacks, ensuring proportionate measures are in place to protect systems supporting essential functions from cyber attack

3) Detect cyber security events, ensuring capabilities effectively defend and detect cyber security events with potential to affect essential functions

4) Minimise the impact of cyber security incidents, ensuring capabilities exist to minimise adverse impact of a cyber security incident on the operation of essential functions

Participate in regional and national Cyber Assurance Network (CAN) activities, cascading relevant information and creating a set of tools and techniques for adoption within each ICS.

Ensure effective ICS cyber security monitoring and alerting tools that allow rapid and proportionate response to be made to threats and vulnerabilities that are identified; including the need to formally report these as necessary to meet compliance regulations.

Provide expertise of best practice to the digital leadership team methodologies regulatory requirements, policy imperatives, innovation and technological developments, threat levels and both proactive and reactive defence measures.

Partner with the business to ensure that information management needs are met in order to enable effective planning and monitoring of quality in relation to business continuity/resilience and emergency response activities and exercises.

You will work own and maintain the ICS cyber security roadmap and collate the individual provider cyber security roadmaps ensuring these are monitored and reported through to each ICSs Digital Board.

You will engage with and support both the clinical safety leads including the Caldicott Guardian and the information governance leads including the system Senior Information Risk Owner ensuring good alignment between these functions and cyber security.

Chair or attend as appropriate, meetings with varied internal and external key stakeholders to facilitate the delivery of the strategic objectives.

Service Improvement

Ensuring that a joint LLRNR cyber security network are updated and informed on current research and emerging tools and techniques to enhance cyber security.

Observe the dynamic threat environment encompassing local and national attack patterns and understand the repercussions of successful cyber attacks on internal/external ICSs.

Ensure ICSs are aware of the regulatory compliance regime and are equipped to respond to cyber attacks and have awareness of appropriate reporting procedures.

Identify examples of national and international best practice and to ensure that the ICSs benefit from relevant innovations.

Be responsible for the development, management and maintenance of information systems and frameworks across the organisation.

Develop innovative, creative solutions to business challenges being able to analyse highly complex issues.

Analysis & Judgment

Ability to understand the threat levels involved with cyber security and to develop proportionate responses that mitigate risk; balancing the risks of proposed cyber security measures with the impact they may have on the business in terms of time, cost and effort or on out citizens in terms of how they navigate the health and care ecosystem.

Interpret cyber issues and threats to determine course of action such as resolution at operational levels, escalation to digital leadership and/or senior business managers and notification to national health and wider cyber security regulators.

Ability to navigate conflicting and competing demands between cyber security and other objectives, working with stakeholders to develop pragmatic approaches to manage and minimise cyber security risks.

Continuously review, evaluate and improve cyber security systems and procedures and undertake assessment of options to make recommendations for adoption.

Responsible for implementing an accountability culture/system fostering responsibility among partners for the effective implementation of local and system-wide cyber security measures, with the capability to identify potential gaps in security.

Communication

Lead as the expert; across the LLNR ICS digital team and managing effective working relationships with the appropriate stakeholders such as Chief Information and Chief Clinical Information Officers and the senior digital teams, in particular their cyber security leads on a range of business sensitive issues.

Link with managers and members of other initiatives such as those involved with risk management and emergency planning to address inter-dependencies, ensure alignment and embedding in such plans.

Effective communication of cyber security strategy, its policies and practices for all staff and build organisation wide cyber security safety cultures.

Effective stakeholder management across different departments and at all levels, maintaining relationships with key and high-profile stakeholders, such as key strategic regional and national policy makers.

Ensure that each ICS has full sight of mandatory requirements, adopts the what good looks like framework with respect to safety and that any cyber security concerns or issues are raised at national or regional level for resolution in accordance with the cyber security regulatory compliance regime.

Demonstrate, influence and motivate organisations to contribute to practical delivery of good cyber security policies and practices within mainstream operations activities, to ensure we maintain effective cyber defence mechanisms, both technical and cultural.

Provide oversight and assurance, resolve issues or conflicts on individual partner cyber security operations and plans and convene the system wide cyber security operational management group.

Model collaborative and influencing style, provide advice and guidance on cyber security strategy, policies and practice; and with those involved with both clinical safety and information governance using strong negotiation skills to achieve best outcomes.

Financial Management

Budget setting and management across a range of services/areas, managing, monitoring and supporting related activity, liaising with finance colleagues to ensure appropriate preparation and costing and ensure compliance with Standing Financial instructions and Standing Orders.

Constantly strive for value for money and greater efficiency in the use of these budgets and to ensure that they operate in recurrent financial balance year on year.

People Management

Transfer expertise and knowledge as appropriate, regarding innovation issues throughout the system, including developing and delivering formal briefing / training to promote innovation.

To manage, motivate, inspire and develop staff within the team to ensure that they can deliver the required responsibilities.

Responsible for the recruitment and development of the team, including undertaking appraisal, staff develop and where appropriate progressing employee relation matters.

Research & Development

Conduct thorough review and analysis of national health challenges to develop the optimum approach to improvement for cyber security.

Develop an innovation strategy including research and development to identify, develop and promote best practice.

Regularly highlight, promote and report innovative approaches to education and training, particularly their impact on cyber security.

Policy & Service Development

Engage with key strategic regional and national policy makers to inform development of corporate strategy and policies.

To develop and implement the system cyber security strategy and its associated policies and practices and provide expert strategic and policy advice and guidance on all areas of the cyber security.

Develops plan for the delivery of the roles responsibilities including identifying interdependencies, managing risks, modelling the potential impacts on the wider organisation, determining resource requirements and building in contingency where required.

Contribute to the strategic planning process and delivery of priorities and manages consequential adjustments to activities.

Promote the adoption of innovative strategies and techniques.

Be responsible for compiling strategic and operational policies for the team and the wider organisation, ensuring they are understood by all stakeholders and are delivered utilising all available resources efficiently and effectively.

Skills and Abilities

Essential

• Able to make a connection between their work and the benefit to patients and the public.
• Consistently thinks about how their work can help and support clinicians and frontline staff deliver better outcomes for patients.
• Leadership, vision, strategic and critical thinking and planning with highly developed political skills.
• Ability to demonstrate a high level of expertise in providing senior leadership with the ability to influence.
• High level analytical skills and the ability to draw qualitative and quantitative data from a wide range of sources and present in a clear concise manner.
• Demonstrates sound judgement in the absence of clear guidelines or precedent, seeking advice as necessary from more senior management when appropriate.
• Ability to analyse numerical and written data, assess verbal, written, numerical and draw appropriate conclusions.
• Ability to develop, maintain and monitor information systems to support innovation initiatives.
• Ability to work on own initiative and organise workload, allocating work as necessary, working to tight and often changing deadlines.
• Ability to make decisions autonomously, when required, on difficult issues.
• Commitment to and focused on quality, promotes high standards in all they do.
• Consistently looks to improve what they do, looks for successful tried and tested ways of working, and also seeks out innovation.
• Working knowledge of Microsoft Office with intermediate keyboard skills.
• Highly developed communication skills with the ability to communicate on highly complex matters and difficult situations.
• Ability to provide and present highly complex, sensitive and/or contentious information to large groups, responding openly to questions to ensure full understanding and engagement in a hostile or antagonistic environment.
• Ability to communicate effectively with clinical, academic and all levels of staff.
• Works well with others, is positive and helpful, listens, involves, respects and learns from the contribution of others and supports the building of compassionate cultures where individuals and teams thrive at organisation, partnership and system level.
• Actively develops themselves and supports others to do the same.
• Demonstrable commitment to partnership working with a range of external organisations.
• Determination, perseverance, and resilience.
• Flexibility, and the ability to handle a rapidly changing and ambiguous environment.
• Commitment to equality of opportunity, focussed on removing barriers to full participation
• Fosters good working relationships and values diversity and difference
• Understands the importance of diversity and inclusion in delivering our role in the health and care system
• Adherence to the Data Protection Act 2018 / General Data Protection Regulation (GPDR)
• Upholds the Equality Act 2010 and the Public Sector Equality Duty

Qualifications

Essential

• Educated to Masters level or equivalent level or equivalent experience of working at a senior level in specialist area.
• Formal Management Qualification and / or proven and significant leadership experience at post graduate level.

Desirable

• Cyber Security professional accreditation.

Experience

Essential

• In depth additional expert knowledge acquired over a significant period in developing and delivering cyber security strategy, policy and action plans.
• Extensive experience in developing and implementing effective cyber security defences and controls, systems and processes in a large organisation, or across a network of organisations.
• Proven Board level experience of leading and delivering complex change and strategy development programmes in a politically sensitive and complex environment.
• Experience in providing oversight and assurance of cyber security measures and of navigating the cyber security compliance and reporting regulations.
• Experience and robust skills in leading and developing cyber security teams, supporting their professional development.
• Ability to deal with challenging situations in a formal setting.
• Proven experience in preparing investment cases for cyber security measures.
• An appreciation of the relationship between the ICBs, NHS England / NHS Improvement and provider organisations.
• Previously responsible for a budget, involved in budget setting and working knowledge of financial processes.
• Evidence of post qualifying and continuing professional development.

Desirable

• Delivering effective cyber security in a health and care setting working with clinical leaders; aligned with clinical safety measures.
• Leadership of a cyber security community practice.
• Proven working Knowledge of the Security of Network and Information Systems (NIS} regulations.