Job summary
An exciting opportunity has arisen to join the NHS Wales Cyber Resilience Unit as aCompliance Manager. We are looking for someone with a proven background in Information/Cyber security, a flexible 'can do' attitude and approach to work and the ability toprovideadvice andassurance that security riskacross NHS Walesisbeingmanagedappropriately.
Whoarethe CRU?
The NHS Wales Cyber Resilience Unit (CRU),is an independent team hosted by Digital Health and Care Wales (DHCW).It'score purpose is to increase the security and resiliency of information systems across NHS Wales.
The CRU has been delegated responsibility by the WelshGovernmentto leadtheimplementation and monitoringofcompliance with the Network and Information Systems Regulations (NIS)across the NHS in Wales.
Whatyou'llbe doing
The role of the Compliance Manager is to provide direction to the CRU team and ensure its compliance and incident reporting activities across NHS Wales are of an excellent standardin order toestablishthe CRU as world-class national service.
The Compliance Manager willbe responsible forensuring that incident reporting and auditing process are carried out in a consistent,conciseand professional manner,in accordance withcyber security legislation such as the NIS regulations, best practice and Welsh Government requirements.
Please see the attached Job Description for a more complete picture of the post.
Main duties of the job
As a Compliance Manager, you will:
The ability to speak Welsh is desirable for this post; English and/or Welsh speakers are equally welcome to apply.
About us
Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We are also giving patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care.
Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.
Job description
Job responsibilities
Whatwe arelooking for?
A Compliance Managerin cyber resiliencewillhold a Bachelors Honours degree, preferablyBusiness,ICT or Cyber Security,and hold professional Information Systems certification such as CISA, CIS, CISSP orQiCA, or significant relevant experience whichdemonstratesequivalent technical knowledge, or CISA exam passed and progressing towards experience requirements.
Candidates will have a broad level of knowledge gained throughcontinuous professional development,trainingandpractical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage:
There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
How to Apply:
Please send CVs and letters of interest todhcw.recruitment@wales.nhs.uk by midnight 11/01/2024
If you have any questionsregardingthe application process or if yourequireanyassistancesubmittingyour application, please contact:
dhcw.recruitment@wales.nhs.uk
Job description
Job responsibilities
Whatwe arelooking for?
A Compliance Managerin cyber resiliencewillhold a Bachelors Honours degree, preferablyBusiness,ICT or Cyber Security,and hold professional Information Systems certification such as CISA, CIS, CISSP orQiCA, or significant relevant experience whichdemonstratesequivalent technical knowledge, or CISA exam passed and progressing towards experience requirements.
Candidates will have a broad level of knowledge gained throughcontinuous professional development,trainingandpractical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage:
There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
How to Apply:
Please send CVs and letters of interest todhcw.recruitment@wales.nhs.uk by midnight 11/01/2024
If you have any questionsregardingthe application process or if yourequireanyassistancesubmittingyour application, please contact:
dhcw.recruitment@wales.nhs.uk
Person Specification
Qualifications
Essential
- Hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA/CISSA exam passed and progressing towards experience requirements.
- Practical experience, working at this level, across the range of work procedures and practices.
- Educated to degree level, preferably within Business or IT (or equivalent qualification / experience).
- Excellent knowledge of the NIS and NIS2 Directives (Cyber Security legislation).
Desirable
- Recognised qualification in Management or Leadership.
- Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor).
Knowledge and Experience
Essential
- Good knowledge and experience of security compliance auditing processes and best practice, using recognised standards such as ISO 27001, CAF or Cyber Essentials.
- Extensive understanding of the principles, processes and challenges of cyber security compliance and its practical application in a multi-disciplinary environment.
- Good knowledge and experience of security compliance auditing standards, audit controls and best practice.
- Proficient in managing and motivating successful technical teams.
- Expert at delivering concise, accurate, high-quality written reports, providing complex and sensitive data, to tight deadlines.
- Excellent understanding of the Cyber Assessment Framework (CAF).
Desirable
- A clear understanding and appreciation of the processes supporting clinical care and the approaches required to design and implement the supporting IT Security environment.
- Experience of auditing IT solutions in a large, complex environments such as NHS/Healthcare or wider Public Sector.
- A clear understanding and appreciation of NHS Wales' national infrastructure and organisational structures.
- Proficient in coaching and mentoring staff.
Skills and Attributes
Essential
- Technical agility to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
- Communication skills to effectively influence, negotiate and mediate when presenting highly technical information to a wide range of stakeholders across organisational boundaries.
- Interpersonal Skills to develop and maintain effective working relationships across multi-functional teams engaging with users (technical and nontechnical) presenting credible and compelling arguments when defining requirements and implementing solutions.
- Analytical Thinking to acquire a proper understanding of a highly complex problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
- Organisational skills to effectively manage complex workloads and multi-task in complex and sensitive environments.
- Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
Desirable
- Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
- Knowledge of NHS Wales or the Health sector.
Person Specification
Qualifications
Essential
- Hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA/CISSA exam passed and progressing towards experience requirements.
- Practical experience, working at this level, across the range of work procedures and practices.
- Educated to degree level, preferably within Business or IT (or equivalent qualification / experience).
- Excellent knowledge of the NIS and NIS2 Directives (Cyber Security legislation).
Desirable
- Recognised qualification in Management or Leadership.
- Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor).
Knowledge and Experience
Essential
- Good knowledge and experience of security compliance auditing processes and best practice, using recognised standards such as ISO 27001, CAF or Cyber Essentials.
- Extensive understanding of the principles, processes and challenges of cyber security compliance and its practical application in a multi-disciplinary environment.
- Good knowledge and experience of security compliance auditing standards, audit controls and best practice.
- Proficient in managing and motivating successful technical teams.
- Expert at delivering concise, accurate, high-quality written reports, providing complex and sensitive data, to tight deadlines.
- Excellent understanding of the Cyber Assessment Framework (CAF).
Desirable
- A clear understanding and appreciation of the processes supporting clinical care and the approaches required to design and implement the supporting IT Security environment.
- Experience of auditing IT solutions in a large, complex environments such as NHS/Healthcare or wider Public Sector.
- A clear understanding and appreciation of NHS Wales' national infrastructure and organisational structures.
- Proficient in coaching and mentoring staff.
Skills and Attributes
Essential
- Technical agility to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
- Communication skills to effectively influence, negotiate and mediate when presenting highly technical information to a wide range of stakeholders across organisational boundaries.
- Interpersonal Skills to develop and maintain effective working relationships across multi-functional teams engaging with users (technical and nontechnical) presenting credible and compelling arguments when defining requirements and implementing solutions.
- Analytical Thinking to acquire a proper understanding of a highly complex problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
- Organisational skills to effectively manage complex workloads and multi-task in complex and sensitive environments.
- Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
Desirable
- Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
- Knowledge of NHS Wales or the Health sector.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
