Job summary
As a Cyber Security Lead your role is to develop and implement Cyber Security Risk Management activities within the ICB that support the safe development, introduction, and deployment of clinical digital systems.
The post-holder will be responsible for coordinating with other ICS partner organisation, digital clinical risk teams, to develop a common cooperative approach to Cyber security management and optimise use of resources across the ICS.
As part of the dynamic and friendly digital team, the post-holder will plan and organise a digital cyber strategy across the ICB and the wider ICS and formulate long term and strategic plans within the rapidly changing local organisation and wider health economy.
This role is essentially a facilitation role across the sector and central to this is collaboration between the provider organisations, the ICB and the wider health economy.
Main duties of the job
1. Working with the Deputy Director for Enterprise and Technical Architecture and ICS stakeholders to ensure there is an ICS-wide approach to cyber security and recovery from cyber-attacks,
2. Developing and maintaining the cyber security vision and strategy as part of the infrastructure Target Operating Model (TOM) to support the delivery of the ICS's objectives, NHS National direction and guidance, statutory responsibilities and business continuity.
3. Maintaining an accurate understanding of the status of cyber security across the ICS organisations and external parties, the level of any risks and the status of actions to address risks,
4. Leading on the coordination of cyber security work across ICS organisations to move from current status to TOM,
5. Creating and supporting development of business cases for improving cyber security,
6. Creating and supporting the development of funding bids for improving cyber security,
7. Developing stakeholder relationships to ensure buy-in and ongoing engagement in cyber security activities,
8. Developing relationships with external SMEs to keep abreast of current developments in cyber security and understand current threats,
9. Leading on keeping cyber security expertise up-to-date across the ICS organisations.
About us
NHS South West London Integrated Care Board (ICB), as part of South West London Integrated Care System (ICS), is a partnership of organisations that come together to plan and deliver joined up health and care services to improve the lives of people in our six boroughs: Croydon, Merton, Kingston, Richmond, Sutton and Wandsworth.
Each ICS consists of two statutory elements:
- an Integrated Care Board, bringing the NHS together with its partners locally to improve health and care services
- an Integrated Care Partnership (ICP): the broad alliance of organisations and representatives concerned with improving the care, health and wellbeing of the population, jointly convened by the ICB and local authorities in the area.
ICBs are statutory NHS bodies responsible for planning and allocating resources to meet the four core purposes of integrated care systems (ICSs):
- to improve outcomes in population health and healthcare;
- tackle inequalities in outcomes, experience and access;
- enhance productivity and value for money and;
- help the NHS support broader social and economic development.
NHS South West London Integrated Care Board decides how the South West London NHS budget is spent and develops plans to improve people's health, deliver higher quality care, and better value for money.
Job description
Job responsibilities
See Job Description and Person Specification attached for a more detailed outline of the main responsibilities
Job description
Job responsibilities
See Job Description and Person Specification attached for a more detailed outline of the main responsibilities
Person Specification
Education / Qualifications
Essential
- Educated to masters level or equivalent level of experience of working at a senior level in specialist area.
- Extensive knowledge of specialist areas, acquired through post graduate diploma or equivalent experience or training plus further specialist knowledge or experience to master's level equivalent
- Evidence of continuing professional development; CISSP, CISM
- Subject matter expert in risk management and cyber security
Desirable
- ITIL Service Management
- SABSA, TOGAF Security Architecture
Knowledge and Experience
Essential
- Highly developed specialist knowledge, underpinned by theory and experience Knowledge of health service management, including change management and workforce re-design, acquired through training and experience
- An understanding of the background and aims of current healthcare policy and appreciate the implications of this on engagement.
- Significant experience of managing a Security Operations team within a large and complex organisation.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience of patch management processes and procedures.
- Significant experience of protective monitoring and incident management.
- Significant experience in supporting users with varying knowledge of the use of a multitude of technologies.
- Practical experience of working in an IT Service organisation which has adopted ITIL best practice processes and procedures.
- Proven experience in delivery of improvements to Security Operations.
- Broad based technical ability across a wide range of IT technologies
- In-depth knowledge of the fundamental surrounding Cyber security controls and practices, and applying to the platform
- Experience and knowledge the fundamentals of the infrastructure platform, which comprises of Windows Server, Active Directory, SQL Server, Firewalls, and Cisco Networking
- Must be able to provide and receive highly complex, sensitive or contentious information, negotiate with senior stakeholders on difficult and controversial issues, and present complex and sensitive information to large and influential groups
- Significant experience of successfully operating in a politically sensitive environment
- Problem solving skills and ability to respond to sudden unexpected demands
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Experience of setting up and implementing internal processes and procedures.
- Experience of managing and motivating a team and reviewing performance of the individuals.
Skills and Abilities
Essential
- Developed communication skills for delivering key messages to a range of stakeholders both internal and external (including outside the NHS) to the organisation, some at very senior level
- Good presentational skills for conveying complex concepts and use persuasion to influence others
- Ability to understand a broad range of highly complex information quickly and making decisions where opinions differ/no obvious solution
- Intermediate (or advanced) Keyboard skill - ability to use Microsoft Office package at intermediate (or advanced) level.
- Ability to identify risks, anticipate issues and create solutions and to resolve problems in relation to project or service delivery
- Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly;
- Ability to work without supervision, providing specialist advice to the organisation, working to tight and often changing timescales Interpreting national policy for implementation
Other
Essential
- Ability to work as part of a team and work flexibly to provide support to other departments and teams as and when necessary
- Ability to seek out good practice case studies, innovations, lessons learned and peer review, and applying it locally
- Demonstrates commitment to NHS and organisational values and behaviours
- Demonstrate commitment and role model behaviours and actions that support equality, diversity, belonging and inclusion
- Strong compassionate and inclusive leadership
Person Specification
Education / Qualifications
Essential
- Educated to masters level or equivalent level of experience of working at a senior level in specialist area.
- Extensive knowledge of specialist areas, acquired through post graduate diploma or equivalent experience or training plus further specialist knowledge or experience to master's level equivalent
- Evidence of continuing professional development; CISSP, CISM
- Subject matter expert in risk management and cyber security
Desirable
- ITIL Service Management
- SABSA, TOGAF Security Architecture
Knowledge and Experience
Essential
- Highly developed specialist knowledge, underpinned by theory and experience Knowledge of health service management, including change management and workforce re-design, acquired through training and experience
- An understanding of the background and aims of current healthcare policy and appreciate the implications of this on engagement.
- Significant experience of managing a Security Operations team within a large and complex organisation.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience of patch management processes and procedures.
- Significant experience of protective monitoring and incident management.
- Significant experience in supporting users with varying knowledge of the use of a multitude of technologies.
- Practical experience of working in an IT Service organisation which has adopted ITIL best practice processes and procedures.
- Proven experience in delivery of improvements to Security Operations.
- Broad based technical ability across a wide range of IT technologies
- In-depth knowledge of the fundamental surrounding Cyber security controls and practices, and applying to the platform
- Experience and knowledge the fundamentals of the infrastructure platform, which comprises of Windows Server, Active Directory, SQL Server, Firewalls, and Cisco Networking
- Must be able to provide and receive highly complex, sensitive or contentious information, negotiate with senior stakeholders on difficult and controversial issues, and present complex and sensitive information to large and influential groups
- Significant experience of successfully operating in a politically sensitive environment
- Problem solving skills and ability to respond to sudden unexpected demands
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Experience of setting up and implementing internal processes and procedures.
- Experience of managing and motivating a team and reviewing performance of the individuals.
Skills and Abilities
Essential
- Developed communication skills for delivering key messages to a range of stakeholders both internal and external (including outside the NHS) to the organisation, some at very senior level
- Good presentational skills for conveying complex concepts and use persuasion to influence others
- Ability to understand a broad range of highly complex information quickly and making decisions where opinions differ/no obvious solution
- Intermediate (or advanced) Keyboard skill - ability to use Microsoft Office package at intermediate (or advanced) level.
- Ability to identify risks, anticipate issues and create solutions and to resolve problems in relation to project or service delivery
- Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly;
- Ability to work without supervision, providing specialist advice to the organisation, working to tight and often changing timescales Interpreting national policy for implementation
Other
Essential
- Ability to work as part of a team and work flexibly to provide support to other departments and teams as and when necessary
- Ability to seek out good practice case studies, innovations, lessons learned and peer review, and applying it locally
- Demonstrates commitment to NHS and organisational values and behaviours
- Demonstrate commitment and role model behaviours and actions that support equality, diversity, belonging and inclusion
- Strong compassionate and inclusive leadership
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.