Information Assurance Officer

Job description

Job responsibilities

JOB DETAILS

JOB TITLE: Information Assurance Officer

BAND: 5

HOURS: 37.5 hours per week

DEPARTMENT: Information Governance

LOCATION: Trust HQ Stafford with some home working

REPORTS TO: Information Governance and Security Manager

ACCOUNTABLE TO: Head of Information Governance and Records Management

RESPONSIBLE FOR: N/A

WORKING RELATIONSHIPS

INTERNAL: Head of Information Governance and Records Management, Deputy Director of Quality and Clinical Performance, Chief Digital Information Officer, Head of Service Development, Head of Application Development, SSHIS.

EXTERNAL: ICS Cyber Security and Information Governance or Digital roles as well as digital suppliers.

In addition to all Trust personnel, you will be expected to maintain professional working relationships with partner organisations and other external agencies as required.

JOB PURPOSE

The post holder will support the Trust in delivering the Cyber Strategy by collating information and supporting key roles to ensure that the Trust Board and Senior Information Risk Owner are assured that the strategy is being delivered.

The role will be placed within the Information Governance and Records Management Service with a strong link to the Digital Team within the Trust via regular meetings and work reviews relevant to supplier assurance and population of central digital and IG systems with the Service Development Team

KEY RESPONSIBILITIES

Main duties and responsibilities

1. Ensure that phishing tests are scheduled on a bi-monthly basis.

2. Ensure that phishing test results are reviewed, compiling reports for senior management.

3. Ensure that the Trusts Cyber Security Action Cards are reviewed every three months and updated as required for sign-off by senior management. This will include ensuring that meetings are arranged, and items of concern are added to an agenda. The post holder will also compile the agenda as directed by the Head of Information Governance and Records Management and other key stakeholders.

4. On a monthly basis support in the review the vulnerability reports via logging tickets to receive a report on SMT and then raising any areas of risk with the MPFT Digital Service Development Team if it relates to a third party supplier or raise any HIS related matters with the Head of IG and Records Management.

5. Ensure that internal application vulnerability testing takes place via liaising with the Head of Application Development and managing a calendar of testing, providing the results via a report to the Information Governance Steering Group.

6. Ensure all application requests are logged on SMT for the security team to review any security issues.

7. Maintain a list of approved applications, making it available to all staff. This will include listing any not approved alongside the rationale.

8. Supporting the coordination of work on SMT relating to applications between Information Governance, MPFT Digital and SSHIS.

9. Review all digital suppliers on a monthly basis to ensure their security accreditation (such as ISO27001 and Cyber Essentials Plus) is up to date, contacting account managers where there is a document which has expired and updating MPFT Digital Service Development with their responses.

10. Compile a report of any suppliers without security accreditation, producing a report for the Information Governance Assurance Group.

11. Act as a liaison point between staff within Information Governance and MPFT Digital, attending meetings for both areas to ensure workstreams with cross over receive consistent advice and that timescales are known to both teams.

12. Schedule annual desktop cyber security exercises with the support of the SSHIS IG Lead or EPRR team. This will include ensuring invites go out, an agenda is created and actions are taken on the day.

13. Support in the completion of audits by third parties on compliance with current business practices and policies. This will ensure making information available on the day and acting as a point of contact for the auditor when required.

14. Support on collating and returning information related to Digital Freedom of Information (FOI) requests.

15. Attend face to face Cyber Security Training when run by the central Digital Training Team, offering advice where required and collating any questions and issues for reporting back to senior management.

16. To review monthly the number of staff using their own devices.

17. Attend project meetings monitoring the Trusts Cyber Essentials Plus Accreditation taking away actions relevant to role.

18. Collate information as directed by the Information Governance and Security Manager relating to the Data Security and Protection Toolkit.

19. Support in the collation and dissemination of Cyber Policy changes (in collaboration with SSHIS and MPFT Digital) across the Trust working with the Digital Communications Team and Trust Communications Team where necessary.

20. When directed to request and receive reports related to Role Based Access Codes (RBAC).

21. Attend weekly Change Advisory Board meetings providing input and updates on any applications assessed by members of the Information Governance Team.

22. Ensure risks relevant to the role are reported to the Information Governance Steering Group via liaising with the Digital Service Development Team to gather reports.

23. Support in arranging the annual board cyber security training, liaising with providers and senior managers as necessary.

24. Plan dates for annual testing of key electronic systems and report on any issues highlighted as part of the testing to the Information Governance Steering Group.

25. Ensure all Information Governance Policies are up to date by identifying when they are due to expire.

26. Annually ensure a list of users with enhanced permissions is reviewed and kept up to date alongside SSHIS.

27. Maintain the Trust Information Asset Register ensuring it is updated and asset owners are aware of their responsibilities.

28. In collaboration with MPFT Digital, support the scheduling of back up testing and high availability testing of key Trust systems.

Systems and equipment

29. Advanced use of Microsoft Outlook.

30. Advanced use of MS Excel.

31. Extensive use of PC and associated software, especially Microsoft office packages e.g. Outlook, Word, Excel, PowerPoint and Visio.

32. Use of manual and electronic systems to prioritise own work load and that of other administrative staff.

33. Ensuring adherence to Health and Safety legislation at all times.

34. Provide a full range of office tasks as appropriate to the role.

Decisions and judgements

35. Act as lead for all security requests received within the department, providing advice and guidance to other administrative staff and colleagues or escalating to SSHIS for further support.

36. Responsible for ensuring SMT tickets directed to Information Governance receive a response go to the correct department for further support.

37. To actively plan testing.

38. To identify issues and escalate as required.

39. To participate in own appropriate training courses/updates in accordance with Trust mandatory requirements and/or individual Personal Development Plans.

40. Work on own initiative with minimal supervision to prioritise and deliver own work

Communication and relationships

41. Attend team meetings within the Information Governance Team and wider Service.

42. Attend meetings within the Service Development function as required.

43. Maintain regular communication with others within the Digital and SSHIS Teams.

44. Experience in communicating complex information and concepts at an appropriate level in a clear way.

45. Develop and maintain well-functioning working relationships with account managers from external suppliers.

Physical demands of the job

46. Advanced keyboard skills, or alternate method of computer input.

47. There is a frequent requirement for sitting in a restricted position for a substantial proportion of the working time either, for example at a computer desk or in meetings.

48. Occasional lifting and handling requirements.

49. The post holder will need to be able to meet the travel requirements to fulfil the duties of the role.

Most challenging/difficult parts of the job

50. Frequent periods of concentration are required when planning and organising work.

51. Working in an extremely busy environment, with constant interruptions by way of phone calls, messages, emails, meetings and urgencies, working to meet deadlines with complete accuracy and managing own and others workload accordingly.

Person Specification

Qualifications and Experience

• oDegree level qualification or demonstrate equivalent experience, ideally within an IT or Cyber Security discipline
• oExperience of planning, organising and scheduling activities of self and team in a pressured working environment with changing priorities
• oEvidence of understanding, producing and analysing complex data sets or information to ensure compliance with a range of targets
• oAble to produce documents, reports to high standards and to meet deadlines, including drafting documents on behalf of senior management
• oExcellent organisational skills, including the ability to prioritise, forward plan, operate to deadlines and to design modern office administration systems
• oAnalytical and problem-solving skills

• oCyber Security Qualification
• oPrevious NHS experience
• oExperience of leading on the design, development and evaluation of new IT systems
• oStrong information and IT based service management skills
• oKnowledge of NHS policies and procedures
• oKnowledge of data protection legislation

Experience

• o Able to produce documents, reports to high standards and to meet deadlines, including drafting documents on behalf of senior management

• Preferably within an NHS environment

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.

Employer details

Employer name

Midlands Partnership NHS Foundation Trust

Address

Mellor House, St Georges Hospital

Corporation Street

Stafford

ST16 3SR

https://www.mpft.nhs.uk