Cyber Security Manager

Job description

Job responsibilities

Main Duties

• Support Information Governance and Data protection functions for the Group to achieve the highest standards of information security, emphasising data protection issues.
• Contribute to the Groups Electronic Information Asset Register to include auditing of all information systems, providing a significant level of assurance.
• Be responsible, on behalf of the Digital function across the Group, for providing evidence for the achievement of Information Governance Toolkit standards in relation to Data Protection, Confidentiality, Information Security and National Cyber Security Centre (NCSC).
• Responsible and accountable for the ongoing management and reporting of security alerts and vulnerabilities in line with NHS Digital CareCert.
• Responsible for reviewing and continually improving Cyber Security to that ensure robust systems are in place for monitoring data protection and information security incidents across the Group.
• Take a lead on Cyber Security and represent the Group in leadership forums as necessary.
• Provide expert advice to the Group on Cyber Security.
• Complete Information Security risk assessments on, sometimes, highly intricate business decisions and systems.
• To create, distribute and manage information security plans that will feed into the wider Digital and Group strategies.
• Responsible for the formulation and development of information security plans and strategies to enable the successful completion and implementation of new systems.
• Responsible for ensuring that all risks and issues relating to Cyber Security are fully documented, risk assessments undertaken and recorded on the Groups risk management systems as well as the Digital risk register.
• Develop information security strategies, roadmaps, business cases and remediation plans.
• Create and maintain specialist Cyber Security Awareness training for use by the Group.
• Responsible for co-ordinating the necessary response and resolution activities following a suspected or actual security incident or breach. Keeping the SIRO and information asset owners (IAOs) informed of security incidents, impacts and causes, resulting actions and learning outcomes.
• Manage and commission regular penetration tests for the Group providing reports and action plans based on the complex testing reports.
• Create, maintain, and adopt continuous service improvement in relation to the Information Governance Data Security Protection Toolkit (DSPT) action plans for the Group. This involves the assessment of Group systems, processes, and policies against the toolkit assertions.
• To regularly create reports and present them on the Groups Cyber Security stance for governance forums such as, but not limited to Group Digital Hospital Committee (GDHC), Group Digital Operational Meeting (GDOM), Information Governance Group (IGG) and Data Governance Group (DGG).
• Ability and capacity to quickly absorb and understand large amounts of complex, service, financial, legal and policy information, whether in written, verbal, numerical, analytical, and electronic forms.
• Contribute to the successful recruitment and retention for staff.
• Work with the Digital Leadership Team to develop, and gain approval for, sound business cases in support of strategic ICT investments.
• Participate in an on-call rota for ICT.

Management and Leadership

• Proactively and positively contribute to the ICT leadership team by taking part in appropriate planning & development and providing digital services & solutions leadership.
• Work closely with the Head of Clinical Systems and Head of Digital Transformation and Innovation on upgrades and policies/procedures.
• Working with the Head of ICT, Deputy ICT and other ICT Senior Managers, support the development and implementation of the Group Digital Strategy, in line with Group, Trust and National priorities and initiatives, and leading digital techniques. Ensure implementation in functional area of responsibility.
• Develop, line manage, and support individuals and teams that are highly skilled, effective, engaged and highly motivated.
• Ensure best practice in managing staff is adopted and maintained, including regular performance appraisal, effective two-way communication, and implementation of processes to ensure personnel work in a responsible, safe manner and have due regard for health & safety regulations.
• Take shared responsibility for the financial performance of the Cyber Security team, including achievement of financial targets, balancing potentially conflicting demands of budgetary requirements and service requirements.
• Act as authorised signatory for timesheets, travel expenses etc. for staff within the ICT function.
• Drive through the delivery of ambitious targets to continually improve performance within the Cyber Security team.
• As a member of the ICT leadership team, collaborate closely with other leading colleagues to support the efficient functioning of the ICT department.
• Champion and role model the Groups values and behaviours and support others in doing so to deliver the Group Vision and Mission successfully
• Deputise for the Head of ICT as necessary and where appropriate.

Technical Service Delivery

• The post holder will have a broad understanding of ICT and specialist knowledge in several key technologies such as firewalls, SIEM, vulnerability scanning and detection, anti-virus, and intrusion detection.
• Management and delivery of Cyber Security technical and infrastructure services to the Group.
• Research the ICT supplier market and advances in cyber technical developments, with the aim of utilising new approaches and technologies to benefit the Group and ultimately clinical and patient services.
• Ensure appropriate procedures are in place for testing new ICT security systems and applications and ensure these comply with relevant NHS standards.
• Ensure that progressive solutions, which consider models of best practice, are incorporated into service plans.
• Manage the Cyber Security team and their budgets and relevant project / capital budgets ensuring excellent financial control and forward planning.
• Review service needs with users and other stakeholders. Evaluate and continuously improve performance and ensure all service KPIs are met or exceeded. Resolve complex service issues and conflicting priorities. Work within available resource to achieve optimum performance.
• To ensure cyber security arrangements are in place to protect the Group; to monitor the effectiveness of arrangements; to have robust processes in place to address emergence of threats; initiate regular security testing and ensuring resulting action plans are addressed.
• Ensure that routine maintenance and remedial work is appropriately scheduled and undertaken so that it does not adversely impact the availability of business-critical systems.
• Ensure that all digital systems & services that are managed by the Cyber Security team have an appropriate degree of robustness, and disaster recovery plans in line with agreed priorities based upon likelihood and impact.

Performance

• Set performance standards for the Cyber Security team, including KPIs, report on achievement against these, assist in reviewing working practices and contribute in devising improved ways of working where necessary to enhance the efficiency and effectiveness of services delivered.
• Ensure systems are in place to routinely analyse and manage ICT resource utilisation in the Cyber Security team in order to provide efficient and optimised digital services.
• Work closely with the hardware and software asset analyst to ensure that software license usage is managed within authorized limits, and that regular compliance auditing is undertaken to assure that the Group does not breach contractual or legal obligations.

Advice, guidance, and partnerships

• Provide expert technical and professional advice regarding Cyber Security.
• Provide leadership and expert knowledge in the implementation and delivery of Cyber Security modelled around agreed methodologies.
• Represent the Digital portfolio at local levels, developing partnerships, sharing best practice, and integrating knowledge across the Group.
• Represent the Group, where appropriate, in dealings with partner organisations and outside bodies on Cyber Security and technical issues.
• Build good relationships and ensure effective ICT partnerships with other organisations across the ICS, locally, regionally, and nationally.
• Forming constructive relationships with suppliers to optimise the delivery of solutions and maximise the Groups influence on the future direction of the suppliers products

Policies and procedures

• Ensure that the Cyber Security team has in place appropriate and up to date policies, guidelines, standard operating procedures, and standards covering the use and management of all ICT services, resources, and assets (physical and data). Ensure that policies are kept up to date, are in line with National policy, standards, and guidance, and comply with all relevant legislative requirements.
• Ensure the security of ICT assets (physical and data). Identify and evaluate risks, formulate plans / contingencies to mitigate risks, and agree plans with stakeholders.
• Ensure that appropriate disaster recovery and business continuity procedures are in place for critical systems within the responsibility of the Cyber Security team and that disaster recovery testing is performed in line with scheduled plans.
• Liaise with internal and external auditors to ensure that an appropriate Cyber Security audit programme is in place, commensurate with risk and all accepted audit recommendations are completed promptly

Professional and Personal Development

• The post holder will need to develop and maintain their own knowledge of developments and legislation relevant to the service area and ensure that each function reflects current professional guidance and standards.

Person Specification

Education, Training & Qualifications

• Certified Information Security Manager (CISM) or equivalent level or equivalent experience

• Certified Information Security Systems Professional (CISSP)

Knowledge & Experience

• Expert knowledge of Cloud and on-premise security standards.
• A broad understanding of ICT and specialist knowledge in several key Cyber Security technologies such as firewalls, SIEM, vulnerability scanning and detection, anti-virus, and intrusion detection.
• Experience of security incident management reporting and resolution - with appropriate communication to external and internal bodies as required by legislation
• Experience of putting in place appropriate procedures for testing new ICT security systems and applications.
• Significant experience working and managing Cyber Security on both strategic & operational matters and managing ICT services preferably in the public sector
• Knowledge & experience of a variety of technology platforms (e.g. server virtualisation, datacentres, desktop virtualisation, client-server architecture, data networking, TCP/IP & internet, cloud services & solutions, messaging, Storage Area Networks, security and mobility)

Skills

• Effective leadership and people management skills
• Highly developed verbal and written communication and presentation skills suitable for a range of audiences, including chairing of meetings
• Ability to critically analyse highly complex data sets
• Wide range of IT skills including change management, negotiating, influencing skill, detailed knowledge of ITIL framework, agile methodologies

Key Competencies/ Personal Qualities & Attributes

• Able to perform confidently in stressful situations
• Ability to participate in an On-Call rota
• Can constructively challenge and effectively manage conflict to reach a positive conclusion

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.

Employer details

Employer name

Kettering General Hospital NHS Foundation Trust

Address

Kettering General Hospital

Rothwell Road

Kettering

NN16 8UZ

https://www.kgh.nhs.uk/working-for-us