Job summary
NHS Somerset ICB are recruiting to the following permanent Cyber
Security Risk Lead Officer post.
The Cyber Security Risk Lead Officer will be responsible for
providing pragmatic, risk-based solutions to enable the Integrated Care System
(ICS) to pursue its Digal, Data and Technology (DDaT) Strategy and Cyber
Security Strategy objectives in a responsible and compliant manner.
Cyber Threats are an ongoing and ever-changing risk to the
information and trust required to maintain health and care services for the
residents of Somerset. We are seeking an individual with a passion for cyber
security and is capable of using strong relationships across the system to spot
emerging risks, insights and trends.
They will lead in the areas of:
-
Working closely with ICS partners to deliver on
the objectives of the ICS Cyber Security Strategy.
-
Within that strategic context, working with partners
and providers, to provide safe and secure digital services to the Somerset
system.
-
Managing the organisations cyber security risk
programme and associated cyber security awareness activities.
Main duties of the job
We are looking for a Cyber Security Risk Lead Officer who
can demonstrate excellent risk management, and strong communication and
leadership skills.
Our ideal candidate will have experience successfully managing
information security related risks in a complex organisation, working
collaboratively with a wide range of stakeholders and professional groups.
They will ensure compliance with information security and
data privacy standards across all projects and programmes. As well as, planning,
creating and implementing cyber information campaigns to maintain colleague
awareness of cyber risks, threats and vulnerabilities.
The role involves working both as part of a team and
independently on projects, providing essential input, feedback, and progress
reports to stakeholders, while collaborating closely with team members and
other departments across the organisation. The candidate will liaise with other
Government, Non-Government organisations, statutory agencies and public and
private sector organisations to develop collaborative approaches which can
deliver the ICSs DDaT Strategy and Cyber Security Strategy goals.
Somerset ICS DDaT Strategy:
https://ddat.somerset-ics.uk/
ICS Cyber Security Strategy Objectives:
-
Developing and embedding a cyber aware culture
-
Improving cyber risk visibility and management
-
Building robust third-party assurance
-
Prioritising collaboration
-
Ensuring ongoing resilience
About us
NHS
Somerset Integrated Care Board (ICB) is responsible for implementing a health
and care strategy developed by the Integrated Care Partnership. It consists of
approximately 350 staff across 8 directorates, each with multiple teams. We
welcome applications from all backgrounds, including underrepresented groups,
and are committed to equality of opportunity. We believe diverse organisations
best reflect the communities they serve.
We
reserve the right to close the vacancy early if sufficient applications are
received before the advertised closing date.
Visa
sponsorship is not offered.
Flexible
working is available from day one, including an agile home/office-based
approach. However, you will be required to work from our HQ in Yeovil for 2/3
days a week and traveling to other Somerset locations for meetings may be
necessary. Please consider this before applying.
Note
for existing NHS Employees applying for Fixed Term vacancies at NHS Somerset
If you
are an existing NHS Employee and are applying for a Fixed Term role with NHS
Somerset, the role will be offered on a secondment basis only.
You
should gain agreement from your current employer before applying to allow you
to be released on secondment.
Please
ensure the reference section confirms your current HR Department details.
Thank you
for your interest
Job description
Job responsibilities
PURPOSE OF THE ROLE:
The Cyber Security Risk Lead Officer will be responsible for providing pragmatic, risk-based solutions to enable the ICS to pursue its Digital, Data and Technology (DDaT) Strategy and Cyber Security Strategy objectives in a responsible and compliant manner.
Cyber Threats are an ongoing and ever-changing risk to the information and trust required to maintain health and care services for the residents of Somerset. We are seeking an individual with a passion for cyber security and is capable of using strong relationships across the system to spot emerging risks, insights and trends.
KEY RESPONSIBILTIES OF THE ROLE:
The Cyber Security Risk Lead Officer is accountable for:
- Leading the management of information security related risks and supporting across-team working with different departments and organisations, including Information Governance, and Risk teams, and Somerset ICS partners.
- Supporting business continuity planning for GP IT and the Common technology platforms for the ICS. Ensuring routine testing and documentation is in place and that teams are educated and complying with requirements.
- Working with colleagues across the ICS to ensure compliance with Cyber Security standards and to manage information security risks.
- Building a framework and reporting schedule to ensure that we are complying with Data Security standards.
- Supporting compliance (through working with Cyber Security colleagues across the ICS) with information security and data privacy across all common projects and programmes.
- Assuring that Cyber Security assessments are undertaken during the scoping of every new DDaT project or programme and during every risk mitigation options analysis.
- Advocating for a common framework to assess cyber security across the ICS.
- Ensuring all statutory notification and reporting requirements are met. Working with specialist colleagues and external organisations to obtain high-quality competent advice on cyber security requirements and risk management
- Developing a clear cyber security compliance framework, aligned to the ICS partner risk appetite.
- Co-creating, implementing, and maintaining compliance policies and procedures in line with relevant legislation, regulations, and industry best practices.
- Overseeing all certificates and accreditations in the annual renewal process.
- Identifying and developing partnership working opportunities, and relationships both within the ICS and with its wider stakeholders. Liaise with other Government, Non-Government organisations, statutory agencies and public and private sector organisations to develop collaborative approaches which can deliver the ICSs DDaT Strategy and Cyber Security Strategy goals.
- Implementing control processes and maintaining data quality during analysis and interpretation of security incidents and alerts.
- Planning, creating and implementing cyber information campaigns to maintain colleague awareness of cyber risks, threats and vulnerabilities.
Communication
- You can present analysis and visualisations in clear ways to communicate complex messages to a variety of audiences.
- You can build long-term strategic relationships
- You can influence stakeholders and manage relationships effectively
- You can communicate negative and positive information to stakeholders
- You can work within a strategic context and communicate how activities meet strategic goals
Analysis & Judgement - You can identify opportunities to use new digital technologies to enhance benchmarking capability in alignment with the roles objectives
- You can describe and work within environmental constraints, finding the most appropriate solution for users.
Planning & Organisational Skills
- You can facilitate and deliver complex project outcomes within defined timescales
- You can ensure projects or initiatives are delivered on time to quality standards and in a cost-effective manner, adjusting plans as required
- You can plan training delivery for a new system that impacts on the whole organisation time
Policy & Service Development
- You can contribute to the development of strategy and policies.
Finance
- You will be a budget holder for a cross ICS budget for the programme and will be accountable to every organisation that contributed to that budget
- You will have to assess and procure software to support framework compliance
HR
- You can design and deliver training staff on new systems and processes
Information Resources
- You can design and adapt information systems from specifications of others.
- You can draft reports and information using more than one information system
Research & Development
- You can lead the collection of information and creation of recommendations for improvements
- You can check data to identify errors and check for accuracy
- Autonomy/Freedom to Act You can ensure that cyber security processes are aligned to business needs and strategy You can use initiative on a regular basis You have the ability to prioritise own work and approaches new tasks flexibly
- You can take inputs and establish coherent frameworks that work
- You can demonstrate a very strong knowledge of security and data privacy when it comes to personal and health information
Mental Effort
- You can quickly read and interpret complex documents from a range of sources and distil to what is relevant.
- You can absorb large amounts of conflicting information and use it to produce solutions.
Job description
Job responsibilities
PURPOSE OF THE ROLE:
The Cyber Security Risk Lead Officer will be responsible for providing pragmatic, risk-based solutions to enable the ICS to pursue its Digital, Data and Technology (DDaT) Strategy and Cyber Security Strategy objectives in a responsible and compliant manner.
Cyber Threats are an ongoing and ever-changing risk to the information and trust required to maintain health and care services for the residents of Somerset. We are seeking an individual with a passion for cyber security and is capable of using strong relationships across the system to spot emerging risks, insights and trends.
KEY RESPONSIBILTIES OF THE ROLE:
The Cyber Security Risk Lead Officer is accountable for:
- Leading the management of information security related risks and supporting across-team working with different departments and organisations, including Information Governance, and Risk teams, and Somerset ICS partners.
- Supporting business continuity planning for GP IT and the Common technology platforms for the ICS. Ensuring routine testing and documentation is in place and that teams are educated and complying with requirements.
- Working with colleagues across the ICS to ensure compliance with Cyber Security standards and to manage information security risks.
- Building a framework and reporting schedule to ensure that we are complying with Data Security standards.
- Supporting compliance (through working with Cyber Security colleagues across the ICS) with information security and data privacy across all common projects and programmes.
- Assuring that Cyber Security assessments are undertaken during the scoping of every new DDaT project or programme and during every risk mitigation options analysis.
- Advocating for a common framework to assess cyber security across the ICS.
- Ensuring all statutory notification and reporting requirements are met. Working with specialist colleagues and external organisations to obtain high-quality competent advice on cyber security requirements and risk management
- Developing a clear cyber security compliance framework, aligned to the ICS partner risk appetite.
- Co-creating, implementing, and maintaining compliance policies and procedures in line with relevant legislation, regulations, and industry best practices.
- Overseeing all certificates and accreditations in the annual renewal process.
- Identifying and developing partnership working opportunities, and relationships both within the ICS and with its wider stakeholders. Liaise with other Government, Non-Government organisations, statutory agencies and public and private sector organisations to develop collaborative approaches which can deliver the ICSs DDaT Strategy and Cyber Security Strategy goals.
- Implementing control processes and maintaining data quality during analysis and interpretation of security incidents and alerts.
- Planning, creating and implementing cyber information campaigns to maintain colleague awareness of cyber risks, threats and vulnerabilities.
Communication
- You can present analysis and visualisations in clear ways to communicate complex messages to a variety of audiences.
- You can build long-term strategic relationships
- You can influence stakeholders and manage relationships effectively
- You can communicate negative and positive information to stakeholders
- You can work within a strategic context and communicate how activities meet strategic goals
Analysis & Judgement - You can identify opportunities to use new digital technologies to enhance benchmarking capability in alignment with the roles objectives
- You can describe and work within environmental constraints, finding the most appropriate solution for users.
Planning & Organisational Skills
- You can facilitate and deliver complex project outcomes within defined timescales
- You can ensure projects or initiatives are delivered on time to quality standards and in a cost-effective manner, adjusting plans as required
- You can plan training delivery for a new system that impacts on the whole organisation time
Policy & Service Development
- You can contribute to the development of strategy and policies.
Finance
- You will be a budget holder for a cross ICS budget for the programme and will be accountable to every organisation that contributed to that budget
- You will have to assess and procure software to support framework compliance
HR
- You can design and deliver training staff on new systems and processes
Information Resources
- You can design and adapt information systems from specifications of others.
- You can draft reports and information using more than one information system
Research & Development
- You can lead the collection of information and creation of recommendations for improvements
- You can check data to identify errors and check for accuracy
- Autonomy/Freedom to Act You can ensure that cyber security processes are aligned to business needs and strategy You can use initiative on a regular basis You have the ability to prioritise own work and approaches new tasks flexibly
- You can take inputs and establish coherent frameworks that work
- You can demonstrate a very strong knowledge of security and data privacy when it comes to personal and health information
Mental Effort
- You can quickly read and interpret complex documents from a range of sources and distil to what is relevant.
- You can absorb large amounts of conflicting information and use it to produce solutions.
Person Specification
Experience
Essential
- experience working within cyber security in a health and care setting
- You have an active interest in the key cyber security threats affecting the health and social care sector and can give examples of where you have implemented methodologies to identify and manage cyber security threats.
- You have significant experience of leading the communication of complicated, complex or risky cyber security topics with technical and non-technical stakeholders
- You are passionate about things being done right but can showcase how you have used multiple different approaches to get that positive outcome.
- You have experience of building registers (or using compliance software) to ensure certificates and assessments are kept up to date.
- You can demonstrate working in large, cross-functional teams influencing senior-level management and key stakeholders effectively across a partnership environment.
- You have excellent communication, leadership, and stakeholder management skills.
- You have the ability to think strategically, solve complex problems, and drive organisational change.
Personal Statement / Motivation for Applying
Essential
- Please use this section to explain how you meet the additional criteria in the Personal Specification including your reasons and motivation for applying.
Qualifications
Essential
- A masters degree in a related subject or equivalent knowledge through experience
Desirable
- Evidence of Continued Professional Development (CPD)
Communication
Essential
- You have good communication skills, both written and verbally to all levels of staff and external colleagues
- You can communicate in plain English to accommodate both IT and non-IT colleagues
- You can present analysis and visualisations in clear ways to communicate complex messages
- You can build long-term strategic relationships
- You can influence stakeholders and manage relationships effectively
- You can communicate negative and positive information to stakeholders
- You can work within a strategic context and communicate how activities meet strategic goals
- You can help teams to define their project outcomes alongside security considerations, and can support the assessment with a diagnostics process
- You can listen to the needs of technical and business stakeholders, and interpret them
- You can effectively manage stakeholder expectations
- You can manage active and reactive communication
- You can support or host difficult discussions within the team or with diverse senior stakeholders
- You can expertly translate technical concepts to non-technical audiences so they are understood by all
Person Specification
Experience
Essential
- experience working within cyber security in a health and care setting
- You have an active interest in the key cyber security threats affecting the health and social care sector and can give examples of where you have implemented methodologies to identify and manage cyber security threats.
- You have significant experience of leading the communication of complicated, complex or risky cyber security topics with technical and non-technical stakeholders
- You are passionate about things being done right but can showcase how you have used multiple different approaches to get that positive outcome.
- You have experience of building registers (or using compliance software) to ensure certificates and assessments are kept up to date.
- You can demonstrate working in large, cross-functional teams influencing senior-level management and key stakeholders effectively across a partnership environment.
- You have excellent communication, leadership, and stakeholder management skills.
- You have the ability to think strategically, solve complex problems, and drive organisational change.
Personal Statement / Motivation for Applying
Essential
- Please use this section to explain how you meet the additional criteria in the Personal Specification including your reasons and motivation for applying.
Qualifications
Essential
- A masters degree in a related subject or equivalent knowledge through experience
Desirable
- Evidence of Continued Professional Development (CPD)
Communication
Essential
- You have good communication skills, both written and verbally to all levels of staff and external colleagues
- You can communicate in plain English to accommodate both IT and non-IT colleagues
- You can present analysis and visualisations in clear ways to communicate complex messages
- You can build long-term strategic relationships
- You can influence stakeholders and manage relationships effectively
- You can communicate negative and positive information to stakeholders
- You can work within a strategic context and communicate how activities meet strategic goals
- You can help teams to define their project outcomes alongside security considerations, and can support the assessment with a diagnostics process
- You can listen to the needs of technical and business stakeholders, and interpret them
- You can effectively manage stakeholder expectations
- You can manage active and reactive communication
- You can support or host difficult discussions within the team or with diverse senior stakeholders
- You can expertly translate technical concepts to non-technical audiences so they are understood by all
