Job summary
The purpose of the ICB Digital Team is to support: health and care improvement; delivery of changes; transformation and innovation; and business as usual processes, inclusive of assurance.
There is a focus on maximising benefits from Digital and efficiency in delivery, whilst remaining resolute on critical deliverables. The ICS Cyber Lead, will report to the Deputy Director for Enterprise and Technical Architecture. This is a specialist role within the ICB Digital team, relating to cyber security, to ensure there is an ICS-wide approach to cyber security and recovery from cyber-attacks.
Main duties of the job
- Working with the Deputy Director for Enterprise and Technical Architecture and ICS stakeholders to ensure there is an ICS-wide approach to cyber security and recovery from cyber attacks,
- Maintaining an accurate understanding of the status of cyber security across the ICS organisations and external parties, the level of any risks and the status of actions to address risks,
- Drive the delivery and maintenance of an ICS-wide approach and expertise to cyber security and recovery from cyber attacks, incorporating both organisations within the ICS and third parties that connect with the ICS,
- Develop and implement methods to maintain an accurate understanding of the status of cyber security across the ICS organisations and external parties, the level of any risks and the status of actions to address risks,
- Ensure there is knowledge sharing across the ICS organisations' cyber security specialists to have a common level of understanding of threats and solutions.
About us
NHS South West London Integrated Care Board works with partners from across the South West London Integrated Care System (ICS) to develop plans to meet the health needs of the population and secure the provision of health services, and is directly accountable for NHS spend and performance in South West London.
Integrated Care Systems (ICSs) are partnerships of health and care organisations that come together to plan and deliver joined up services and to improve the health of people who live and work in their area. Each ICS consists of two statutory elements.
Job description
Job responsibilities
- Work across the ICS ecosystem as a professional and technical lead ensuring that the cyber solutions in place support delivery of the ICSs operational and strategic requirements,
- Support in the identification of digital services that are not supported by in-house digital teams (or their contracted agents), and apply standard controls and rigor to these services; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear,
- Work effectively with stakeholders to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite,
- Continually seek assurances around the timely updating of existing systems to protect against new threats,
- Responsible for ICS risk and issues management against all aspects of cyber security, reporting in to the CDIO, Digital Leadership Team, and the Digital Board at minimum,
See Job Description and Person Specification for full listing
Job description
Job responsibilities
- Work across the ICS ecosystem as a professional and technical lead ensuring that the cyber solutions in place support delivery of the ICSs operational and strategic requirements,
- Support in the identification of digital services that are not supported by in-house digital teams (or their contracted agents), and apply standard controls and rigor to these services; where this is not possible, ensure that risk is reduced to the appropriate levels and ownership of this information security risk is clear,
- Work effectively with stakeholders to facilitate information security risk assessment and risk management processes, and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite,
- Continually seek assurances around the timely updating of existing systems to protect against new threats,
- Responsible for ICS risk and issues management against all aspects of cyber security, reporting in to the CDIO, Digital Leadership Team, and the Digital Board at minimum,
See Job Description and Person Specification for full listing
Person Specification
Education / Qualifications
Essential
- Educated to masters level or equivalent level of experience of working at a senior level in specialist area.
- Extensive knowledge of specialist areas, acquired through post graduate diploma or equivalent experience or training plus further specialist knowledge or experience to master's level equivalent
- Evidence of continuing professional development; CISSP, CISM
- Subject matter expert in risk management and cyber security
- ITIL Service Management.
- SABSA, TOGAF Security Architecture.
Knowledge and Experience
Essential
- Highly developed specialist knowledge, underpinned by theory and experience Knowledge of health service management, including change management and workforce re-design, acquired through training and experience
- An understanding of the background and aims of current healthcare policy and appreciate the implications of this on engagement.
- Significant experience of managing a Security Operations team within a large and complex organisation.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience of patch management processes and procedures.
- Significant experience of protective monitoring and incident management.
- Significant experience in supporting users with varying knowledge of the use of a multitude of technologies.
- Practical experience of working in an IT Service organisation which has adopted ITIL best practice processes and procedures.
- Proven experience in delivery of improvements to Security Operations.
- Broad based technical ability across a wide range of IT technologies
- In-depth knowledge of the fundamental surrounding Cyber security controls and practices, and applying to the platform
- Experience and knowledge the fundamentals of the infrastructure platform, which comprises of Windows Server, Active Directory, SQL Server, Firewalls, and Cisco Networking
- Must be able to provide and receive highly complex, sensitive or contentious information, negotiate with senior stakeholders on difficult and controversial issues, and present complex and sensitive information to large and influential groups
- Significant experience of successfully operating in a politically sensitive environment
- Problem solving skills and ability to respond to sudden unexpected demands
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Experience of setting up and implementing internal processes and procedures.
- Experience of managing and motivating a team and reviewing performance of the individuals.
Skills and Abilities
Essential
- Developed communication skills for delivering key messages to a range of stakeholders both internal and external (including outside the NHS) to the organisation, some at very senior level
- Good presentational skills for conveying complex concepts and use persuasion to influence others
- Ability to understand a broad range of highly complex information quickly and making decisions where opinions differ/no obvious solution
- Intermediate (or advanced) Keyboard skill - ability to use Microsoft Office package at intermediate (or advanced) level.
- Ability to identify risks, anticipate issues and create solutions and to resolve problems in relation to project or service delivery
- Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly;
- Ability to work without supervision, providing specialist advice to the organisation, working to tight and often changing timescales Interpreting national policy for implementation
Person Specification
Education / Qualifications
Essential
- Educated to masters level or equivalent level of experience of working at a senior level in specialist area.
- Extensive knowledge of specialist areas, acquired through post graduate diploma or equivalent experience or training plus further specialist knowledge or experience to master's level equivalent
- Evidence of continuing professional development; CISSP, CISM
- Subject matter expert in risk management and cyber security
- ITIL Service Management.
- SABSA, TOGAF Security Architecture.
Knowledge and Experience
Essential
- Highly developed specialist knowledge, underpinned by theory and experience Knowledge of health service management, including change management and workforce re-design, acquired through training and experience
- An understanding of the background and aims of current healthcare policy and appreciate the implications of this on engagement.
- Significant experience of managing a Security Operations team within a large and complex organisation.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience and in- depth knowledge in delivering and enforcing cyber security principles.
- Significant experience of patch management processes and procedures.
- Significant experience of protective monitoring and incident management.
- Significant experience in supporting users with varying knowledge of the use of a multitude of technologies.
- Practical experience of working in an IT Service organisation which has adopted ITIL best practice processes and procedures.
- Proven experience in delivery of improvements to Security Operations.
- Broad based technical ability across a wide range of IT technologies
- In-depth knowledge of the fundamental surrounding Cyber security controls and practices, and applying to the platform
- Experience and knowledge the fundamentals of the infrastructure platform, which comprises of Windows Server, Active Directory, SQL Server, Firewalls, and Cisco Networking
- Must be able to provide and receive highly complex, sensitive or contentious information, negotiate with senior stakeholders on difficult and controversial issues, and present complex and sensitive information to large and influential groups
- Significant experience of successfully operating in a politically sensitive environment
- Problem solving skills and ability to respond to sudden unexpected demands
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Previously responsible for a budget, involved in budget setting and working knowledge of financial processes
- Experience of setting up and implementing internal processes and procedures.
- Experience of managing and motivating a team and reviewing performance of the individuals.
Skills and Abilities
Essential
- Developed communication skills for delivering key messages to a range of stakeholders both internal and external (including outside the NHS) to the organisation, some at very senior level
- Good presentational skills for conveying complex concepts and use persuasion to influence others
- Ability to understand a broad range of highly complex information quickly and making decisions where opinions differ/no obvious solution
- Intermediate (or advanced) Keyboard skill - ability to use Microsoft Office package at intermediate (or advanced) level.
- Ability to identify risks, anticipate issues and create solutions and to resolve problems in relation to project or service delivery
- Demonstrated capability to plan over short, medium and long-term timeframes and adjust plans and resource requirements accordingly;
- Ability to work without supervision, providing specialist advice to the organisation, working to tight and often changing timescales Interpreting national policy for implementation
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.