Go back

Cyber Security Manager

NHS Wales Shared Services Partnership

Information:

This job is now closed

Job summary

Your role willinitially be based at Companies House, until we relocate to our new base in early 2024 to CP2, Welsh Government Offices, King Edward VII Avenue Cardiff CF10 3NQ

NHS Wales Shared Services Partnership (NWSSP) is looking to recruit a Cyber Security Manager to support our growing demand for digital assurance and security management.

This is an exciting opportunity to shape a newly configured team to drive our response to Welsh Government's Cyber Assessment Framework and work closely with peers, service leads and corporate support functions to embed secure by design and secure lifecycle management principles in our digital infrastructure.

The post holder will be an advocate for knowledge sharing and collaboration across a broad range of stakeholders within our organisation and across NHS Wales.

To be successful you will have experience across a range of digital security disciplines including anti-virus, perimeter security, encryption and patching and have a broad knowledge of cyber regulatory frameworks and accreditations such as the Security of Network & Information Systems Regulations 2018, ISO 27001 and Cyber Essentials+.

Main duties of the job

You will be required to take the lead on monitoring Cyber Security Systems, response to Cyber Incidents and contribute to the development of policy, processes and procedures to reduce the likelihood of a Cyber Security incident. You will also work with 3rd parties and commercial suppliers to assure the organisation that their services meet the required security standards and that they have appropriate accreditations in place.

You will act as an escalation point for cyber security incidents and provide specialist advice and knowledge to support our digital services and work with the Head of Cyber Security to assist in the development of processes and cyber security training packages for the team and organisation wide.

You will also manage a small team of cyber security specialists, shaping the team and setting work plans to deliver effective cyber security services.

The ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.

About us

At NHS Wales Shared Services Partnership we have high standards and expect everyone to embrace our values of Listening & Learning, Working Together, Taking Responsibility & Innovating, whilst ensuring trust, honesty and compassion are implicit in everything that we do. We are adaptable, agile and flexible and pride ourselves on being a learning organisation - one where it is safe to make mistakes, where blame is replaced by opportunity, learning and improvement. innovation is built into everything that we do. We recognise our people regularly and have an Appreciation Station, to encourage staff to applaud exemplary behaviour in one another, alongside an Annual Staff Recognition Award ceremony aligned to our values. We respect and value our people and strive for a culture of compassion and inclusivity. We are a bilingual organisation, and we have a team of Change Champions who advocate 'This is Our NWSSP' our principal change programme. Similarly, PROUD is our new staff network welcoming LGBT+ colleagues and allies to come together in a safe space for discussions, event planning and the opportunity to build supportive networks. We have a comprehensive benefits package where there is something for everyone, supporting health, engagement and wellbeing and includes an Employee Assistance Programme. We have over 30 Mental Health First Aiders and work in partnership with local and national organisations to ensure the well-being and resilience of our people.

Date posted

26 August 2023

Pay scheme

Agenda for change

Band

Band 7

Salary

£44,398 to £50,807 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

043-AC244-0823

Job locations

Initially based at Companies House and relocating to CP2, Cardiff CF10 3NQ

Crown Way

Cardiff

CF14 3UZ


Job description

Job responsibilities

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac

This post will take the lead for all security related activities within the Informatics Directorate ensuring the confidentialityand integrity of NWSSP information in compliance with organisational and national policies and procedures.The post-holder will be responsible for the operational overview of the following security technologies within NWSSP andliaising with DHCW client services in the support of them: - Perimeter security such as mail filtering and firewalls Anti-Virus Encryption Security Patching Network Security Internet Security Vulnerability ManagementAssist in the implementation of NIS Compliance in accordance with the NWSSP Informatics Strategy covering the followingareas:- Development of Standard Operating Procedures and Work Instructions ensuring Informatics staff work torecognized best practices for security management. Provide advice on security of the IT infrastructure in line with NHS standards and recognized best practice wherethe subject matter will be highly complex and multi-stranded covering a range of IT systems and hardware. Development and management of security related policies within NWSSP.Responsible for the management of security incidents through to resolution and ensuring relevant incident reviews andreports are undertaken following a security inciden

Job description

Job responsibilities

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac

This post will take the lead for all security related activities within the Informatics Directorate ensuring the confidentialityand integrity of NWSSP information in compliance with organisational and national policies and procedures.The post-holder will be responsible for the operational overview of the following security technologies within NWSSP andliaising with DHCW client services in the support of them: - Perimeter security such as mail filtering and firewalls Anti-Virus Encryption Security Patching Network Security Internet Security Vulnerability ManagementAssist in the implementation of NIS Compliance in accordance with the NWSSP Informatics Strategy covering the followingareas:- Development of Standard Operating Procedures and Work Instructions ensuring Informatics staff work torecognized best practices for security management. Provide advice on security of the IT infrastructure in line with NHS standards and recognized best practice wherethe subject matter will be highly complex and multi-stranded covering a range of IT systems and hardware. Development and management of security related policies within NWSSP.Responsible for the management of security incidents through to resolution and ensuring relevant incident reviews andreports are undertaken following a security inciden

Person Specification

QUALIFICATIONS

Essential

  • Educated to Degree level (preferably Cyber Security) or equivalent and a recognised qualification in Cyber Security e.g. CISMP, CompTIA or equivalent level of work experience and knowledge
  • Evidence of Continual Professional Development

Desirable

  • Professional qualification or membership in cyber security (ISC2, BCS, NCSC, Tiger, CHECK, CREST, CompTIA etc.)

EXPERIENCE

Essential

  • Relevant experience working in Cyber Security
  • Evidence of Cyber Security or other relevant work outside formal training or employment (voluntary, research, academia, social media etc.)
  • Working with SIEM solutions.
  • Development of training packages

Desirable

  • Experience of ICT service provision in a health care setting
  • Evidence of Cyber Security or other relevant work outside formal training or employment (voluntary, research, academia, social media etc.)
  • Delivery of training to technical and non-technical staff
  • Report writing
  • Procedure development

Skills

Essential

  • Ability to provide guidance and support to less experienced team members.
  • Ability to communicate clearly with non-technical staff and end users.
  • Ability to challenge poor behaviour
  • Sound judgment, decision making, and organisational skills.
  • Ability to work on own initiative, organise own workload, and deliver projects with minimal support.
  • Work with 3rd parties and suppliers to deliver projects
  • Ability to execute vulnerability scans, and understand and present results.
  • Provide clear reports to senior management.
  • Able to evaluate and assist in selection of best practice security tools
  • Root Cause Analysis of security incidents
  • Good keyboard skills and application use.

Desirable

  • A broad range of ICT skills and understanding
  • Ability to speak Welsh

PERSONAL ATTRIBUTES

Essential

  • Enthusiastic, self-motivated, looks for opportunities to improve services, staff and self.
  • Cares about the service and service continuity and is willing to go the extra mile when necessary.
  • Ability to communicate with all levels of the organisation.
  • Able to meet travel requirements of the role
  • Flexible and adaptable to meet all aspects of the work.
Person Specification

QUALIFICATIONS

Essential

  • Educated to Degree level (preferably Cyber Security) or equivalent and a recognised qualification in Cyber Security e.g. CISMP, CompTIA or equivalent level of work experience and knowledge
  • Evidence of Continual Professional Development

Desirable

  • Professional qualification or membership in cyber security (ISC2, BCS, NCSC, Tiger, CHECK, CREST, CompTIA etc.)

EXPERIENCE

Essential

  • Relevant experience working in Cyber Security
  • Evidence of Cyber Security or other relevant work outside formal training or employment (voluntary, research, academia, social media etc.)
  • Working with SIEM solutions.
  • Development of training packages

Desirable

  • Experience of ICT service provision in a health care setting
  • Evidence of Cyber Security or other relevant work outside formal training or employment (voluntary, research, academia, social media etc.)
  • Delivery of training to technical and non-technical staff
  • Report writing
  • Procedure development

Skills

Essential

  • Ability to provide guidance and support to less experienced team members.
  • Ability to communicate clearly with non-technical staff and end users.
  • Ability to challenge poor behaviour
  • Sound judgment, decision making, and organisational skills.
  • Ability to work on own initiative, organise own workload, and deliver projects with minimal support.
  • Work with 3rd parties and suppliers to deliver projects
  • Ability to execute vulnerability scans, and understand and present results.
  • Provide clear reports to senior management.
  • Able to evaluate and assist in selection of best practice security tools
  • Root Cause Analysis of security incidents
  • Good keyboard skills and application use.

Desirable

  • A broad range of ICT skills and understanding
  • Ability to speak Welsh

PERSONAL ATTRIBUTES

Essential

  • Enthusiastic, self-motivated, looks for opportunities to improve services, staff and self.
  • Cares about the service and service continuity and is willing to go the extra mile when necessary.
  • Ability to communicate with all levels of the organisation.
  • Able to meet travel requirements of the role
  • Flexible and adaptable to meet all aspects of the work.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

NHS Wales Shared Services Partnership

Address

Initially based at Companies House and relocating to CP2, Cardiff CF10 3NQ

Crown Way

Cardiff

CF14 3UZ


Employer's website

https://nwssp.nhs.wales/ (Opens in a new tab)

Employer details

Employer name

NHS Wales Shared Services Partnership

Address

Initially based at Companies House and relocating to CP2, Cardiff CF10 3NQ

Crown Way

Cardiff

CF14 3UZ


Employer's website

https://nwssp.nhs.wales/ (Opens in a new tab)

For questions about the job, contact:

Head of cyber security NWSSP

Nick Lewis

nicholas.lewis@wales.nhs.uk

07557915130

Date posted

26 August 2023

Pay scheme

Agenda for change

Band

Band 7

Salary

£44,398 to £50,807 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

043-AC244-0823

Job locations

Initially based at Companies House and relocating to CP2, Cardiff CF10 3NQ

Crown Way

Cardiff

CF14 3UZ


Supporting documents

Privacy notice

NHS Wales Shared Services Partnership's privacy notice (opens in a new tab)