Job summary
The Cyber Security Manager will act as the Trusts expert on cyber security protection, detection, response, and recovery. The Cyber Security Manager will be responsible for the strategic approach to cyber threat management and will lead the strategic planning of current and future IT security solutions, researching and reviewing industry best practice and upcoming changes to technology.
The Cyber Security Manager will own and be responsible for the completion of the Data Security Assessment Toolkit in addition to working towards and maintaining Cyber Essentials (Plus) certification.
- Interview Date: 26th September 2023
- 37 Hours 30 Minutes /Week
- You will be redirected to Trac to apply for the vacancy. Please expand the job details section and read all of the information before applying for the vacancy
Main duties of the job
This role will require the post holder to work in the Service Management Team under the direction of Head of IT Service Management, and
- Lead the strategic planning of current and future IT security solutions, researching and reviewing recognised best practice and upcoming changes to technology.
- Define and agree an appropriate target security posture with key stakeholders giving due regard to risks threats and vulnerabilities.
- Lead on audit and audit preparation relating to IT security
- Maintaining compliance with various standards in place e.g. Data Security and Protection Toolkit, CareCERT, Cyber Essentials, Network and Information Systems Regulations etc.
- Act as the Trusts advisor on cyber security protection, detection, response, and recovery.
- Analyse complex data and oversee the production of detailed information reports and develop processes to disseminate this information to all levels of the organisation.
- Develop and advise in the implementation of policies, procedures, and guidance documentation for all relevant Cyber and IT security related systems / process
About us
Newcastle Hospitals NHS Foundation Trust is one of the busiest, largest and most successful teaching NHS foundation trusts in the country, with over 18,000 staff and an annual income of £1 billion.
Rated 'Outstanding' by theCQC for the second consecutive time in 2019, we have a long history of providing high quality care, clinical excellence, and innovation in medical research regionally, nationally and internationally.
We're also proud to be the second largest provider of specialised services in the country. This means we support people with a range of rare and complex medical, surgical and neurological conditions, cancers and genetic orders.
Our staff oversee around 1.84 million patients 'contacts' each year, delivering high standards of healthcare.
Please see attached information on what Staff Benefits we have to offer at our Trust.
We are committed to promoting equality and diversity and recognise the benefit in providing an inclusive environment. We value and respect the diversity of our employees and aim to recruit a workforce which reflects the communities we serve, and is equipped to deliver the best service to our patients. We welcome all applications irrespective of people's race, disability, gender, sexual orientation, religion or belief, age, gender identity, marriage and civil partnership, pregnancy and maternity and in particular those from under- represented groups.
Job description
Job responsibilities
- The Cyber Security Manager will act as the Trusts expert on cyber security protection, detection, response, and recovery. The Cyber Security Manager will be responsible for the strategic approach to cyber threat management and will lead the strategic planning of current and future IT security solutions, researching and reviewing industry best practice and upcoming changes to technology.
- The Cyber Security Manager will own and be responsible for the completion of the Data Security Assessment Toolkit in addition to working towards and maintaining Cyber Essentials Plus certification.
- This post will require the post holder to work in the Service Management Team under the direction of Head of IT Service Management.
- Lead a team of Cyber Security Analysts.
- Lead the strategic planning of current and future cyber security solutions, researching and reviewing recognised best practice and upcoming changes to technology.
- Define and agree an appropriate target security posture with key stakeholders giving due regard to risks threats and vulnerabilities.
- Lead on audit and audit preparation relating to cyber security.
- Maintain compliance with various standards in place e.g., Data Security and Protection Toolkit, CareCERT, Cyber Essentials, Network, and Information Systems Regulations etc.
- Act as the Trusts advisor on cyber security protection, detection, response, and recovery.
- Analyse complex data and oversee the production of detailed information reports and develop processes to disseminate this information to all levels of the organisation.
- Develop and advise in the implementation of policies, procedures, and guidance documentation for all relevant cyber security related systems / process.
- Provide advice to the Head of IT Service Management to influence the creation of a robust cyber security service to support numerous data rich applications for use within the Trust both on-premises and cloud hosted.
- Work in conjunction with the technical teams to maintain security tools and technology.
- Educate individual departments to reduce cyber security risk.
- Undertake scoping and delivery of penetration tests and ensure actions from vulnerability assessments are resolved.
- Supporting wider IT functions in the evaluation and implementation of new technology and controls.
- Maintain the Cyber Security and IT security policies, procedures, and SOPs.
- Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements.
- Produce a monthly cyber security report of KPIs to be made available to the CIO and wider Trust.
As a flexible working friendly organisation, we want to be sure that you can work in a way that is best for us and for our patients, and for you. Speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.
Please note it is a requirement of The Newcastle upon Tyne Hospitals NHS Foundation Trust that all successful candidates who require a DBS for the post they have been offered pay for their DBS certificate.The method of payment is a salary deduction from your first months pay.
Job description
Job responsibilities
- The Cyber Security Manager will act as the Trusts expert on cyber security protection, detection, response, and recovery. The Cyber Security Manager will be responsible for the strategic approach to cyber threat management and will lead the strategic planning of current and future IT security solutions, researching and reviewing industry best practice and upcoming changes to technology.
- The Cyber Security Manager will own and be responsible for the completion of the Data Security Assessment Toolkit in addition to working towards and maintaining Cyber Essentials Plus certification.
- This post will require the post holder to work in the Service Management Team under the direction of Head of IT Service Management.
- Lead a team of Cyber Security Analysts.
- Lead the strategic planning of current and future cyber security solutions, researching and reviewing recognised best practice and upcoming changes to technology.
- Define and agree an appropriate target security posture with key stakeholders giving due regard to risks threats and vulnerabilities.
- Lead on audit and audit preparation relating to cyber security.
- Maintain compliance with various standards in place e.g., Data Security and Protection Toolkit, CareCERT, Cyber Essentials, Network, and Information Systems Regulations etc.
- Act as the Trusts advisor on cyber security protection, detection, response, and recovery.
- Analyse complex data and oversee the production of detailed information reports and develop processes to disseminate this information to all levels of the organisation.
- Develop and advise in the implementation of policies, procedures, and guidance documentation for all relevant cyber security related systems / process.
- Provide advice to the Head of IT Service Management to influence the creation of a robust cyber security service to support numerous data rich applications for use within the Trust both on-premises and cloud hosted.
- Work in conjunction with the technical teams to maintain security tools and technology.
- Educate individual departments to reduce cyber security risk.
- Undertake scoping and delivery of penetration tests and ensure actions from vulnerability assessments are resolved.
- Supporting wider IT functions in the evaluation and implementation of new technology and controls.
- Maintain the Cyber Security and IT security policies, procedures, and SOPs.
- Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements.
- Produce a monthly cyber security report of KPIs to be made available to the CIO and wider Trust.
As a flexible working friendly organisation, we want to be sure that you can work in a way that is best for us and for our patients, and for you. Speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.
Please note it is a requirement of The Newcastle upon Tyne Hospitals NHS Foundation Trust that all successful candidates who require a DBS for the post they have been offered pay for their DBS certificate.The method of payment is a salary deduction from your first months pay.
Person Specification
Qualifications & Education
Essential
- Possess a master's degree/ OR has acquired skills and knowledge via an extensive portfolio of practical experience in Cyber Security
Desirable
- Hold a security industry recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP)
- Prince 2 Foundation
- ITIL Foundation
Knowledge & Experience
Essential
- Broad based technical knowledge covering all aspects of infrastructure from networking, end user devices through to servers and data centres
- Understanding of Information Security principles
- Knowledge of the Data Protection Act and associated regulations (NIS, CMA, GDPR)
- Experience of producing business cases and executive papers
- Good stakeholder management
Desirable
- Experience of working in an NHS environment
Skills & Abilities
Essential
- Ability to converse fluently, logically, and confidently with a wide range of levels of staff; possess good interpersonal and communication skills
- Strong interpersonal and influencing skills
- Strong presentation skills
- Strong analytical skills are required to interpret, analyse, and present highly complex multi stranded information of varying quality from a number of diverse sources
Person Specification
Qualifications & Education
Essential
- Possess a master's degree/ OR has acquired skills and knowledge via an extensive portfolio of practical experience in Cyber Security
Desirable
- Hold a security industry recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP)
- Prince 2 Foundation
- ITIL Foundation
Knowledge & Experience
Essential
- Broad based technical knowledge covering all aspects of infrastructure from networking, end user devices through to servers and data centres
- Understanding of Information Security principles
- Knowledge of the Data Protection Act and associated regulations (NIS, CMA, GDPR)
- Experience of producing business cases and executive papers
- Good stakeholder management
Desirable
- Experience of working in an NHS environment
Skills & Abilities
Essential
- Ability to converse fluently, logically, and confidently with a wide range of levels of staff; possess good interpersonal and communication skills
- Strong interpersonal and influencing skills
- Strong presentation skills
- Strong analytical skills are required to interpret, analyse, and present highly complex multi stranded information of varying quality from a number of diverse sources
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
