Job overview
We have an exciting opportunity to work in an evolving and busy Information Security and Governance team, working closely with our Digital Colleagues.
This role plays an important part in supporting front line NHS staff such as Paramedics, 999 and 111 call takers, Patient transport services, as well as to our corporate enablers such as finance, estates and HR. No two days are the same, but you will be part of a vital organisation helping to save lives, covering a wide area with a population of 7 million from Oxfordshire, Buckinghamshire, Berkshire to Hampshire.
We also cover Sussex for Patient Transport Services. The role will also work alongside technical specialists and third-party services including NCSC and NHS England's CareCERT service, drawing on their skills and knowledge to provide a cohesive support service and to help deliver the future Digital roadmap to this respected NHS Ambulance Service.
If you have a good work ethic, are a great team worker, flexible and innovative, can think outside the box, are prepared to bring solutions to problems and have a background in Cyber Security, then we'd love to hear from you!
Main duties of the job
To support the Head of Information Security and Governance in the delivery of the Information Security and Governance (ISG) activities of the Trust providing assurance that the security, confidentiality and integrity of systems and data is maintained.
Support the delivery of projects to achieve both CareCERT, Cyber Essentials and the Digital Security and Protection Toolkit (DSPT) accreditation for the Trust and implement processes that assure ongoing maintenance of this accreditation & provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trust’s compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time.
Interpret complex legislation or regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act, implementing and enforcing suitable and relevant information security policies and procedures across the Trust.
The role will include supporting the implementation and development of systems, policies and procedures which comply with ISO/IEC 27001, NHS England, CareCERT guidance, Cyber Essentials, DSPT, NHS Information Risk Management and other relevant guidance.
Please see attached the Job Description
Working for our organisation
Benefits we offer:
* Full training and support when you join and ongoing throughout your employment with us.
* Holiday entitlement is 27 days rising to 29 days after 5 years and 33 days after 10 years, plus 8 bank holidays (pro rata for part time).
* Enrolment into the NHS Pension Scheme.
* Access to continual professional development and opportunities within SCAS and the NHS.
* Occupational Health support along with an Employee Assistance Programme.
* NHS Discounts in over 200+ stores including Holidays, Days out, Car insurance, Restaurants and Clothing.
* Staff networking and support groups.
About Us
South Central Ambulance Service NHS Foundation Trust provides a range of emergency, urgent care and non-emergency healthcare services, along with commercial logistics services.
The Trust delivers most of these services to the populations of Berkshire, Buckinghamshire, Hampshire and Oxfordshire as well as non-emergency patient transport services in Sussex.
We serve a population of over 7 million and answer over 500,000 urgent calls a year. We employ 4,551 staff who, together with over 1,100 volunteers, enable us to operate 24 hours a day, seven days a week.
In SCAS, we know that colleagues who are cared for and valued are enabled to provide the right care, first time, every time. That is why we strive to foster a culture that balances fairness, compassion, learning and accountability; a ‘just and learning culture’.
Detailed job description and main responsibilities
* Ensure the delivery of projects to achieve both CareCERT, Cyber Essentials and DSPT accreditation for the Trust and implement processes that assure ongoing maintenance of this status
* Provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trust’s compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time
* To assist in the ISG continuous improvement work stream within the Digital Directorate that seeks to improve the Trust’s operational management of Information Security and Information Governance
* Interpret highly complex legislation and regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act and develop, implement, and enforce suitable and relevant information security policies and procedures across the Trust.
* To assist in ensuring all information systems and underlying technical architectures and changes to the technical environment are assessed against Information Security best practice to assure the Trust and external bodies that information held by the Trust is secure.
* Provide regular reports to the Head of Information Security and Governance on areas such as Project Progress, Security, in relation to upcoming threats, number of security incidents (detected and prevented) and compliance of ICT systems and equipment including patching levels.
* Provide support for Information Asset Owners (IAOs) through effective networking structures, sharing of relevant experience, provision of training and creation of information risk reporting structures, ensuring the completeness and accuracy of the Trust’s information asset register.
* Assist in ensuring Digital staff are suitably trained and understand Digital Security including the generation and provision of IG and IS training at part of IG training, staff induction and specialist training sessions, such as for IAOs and IAAs (information Asset Administrators).
* Ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual information incidents are managed in accordance with NHS ISG requirements, leading on the assessment of all reported IG incidents
* Ensure the Trust responds to, and is protected against, all new threats identified within Information Security Notices and alerts (including those from CareCERT).
* Monitor Security systems for alerts and investigations
Person specification
Qualifications
Essential criteria
* Masters level degree or equivalent level of experience
* Hold a security recognised qualification (e.g CISSP, CIPR)
Knowledge
Essential criteria
* Knowledge of relevant information security and privacy related legislation and regulation – such as Data Protection Act 2018, Freedom of Information Act, etc.
* Working knowledge of the Data Security and Protection Toolkit (DSPT)
* Knowledge if IT systems implementation.
Skills
Essential criteria
* Minimum of 3+ years' experience in ICT/ Information Security Role
* Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management.
* Excellent working knowledge of all MS Office applications.
We actively welcome job applications from candidates who have a disability or who are members of the BAME, LGBTQ+ and Armed Forces community (including: Reservists, Veterans, Spouses and Cadets). Here at SCAS we are proud to have a workforce that reflects the diverse community we serve. Applicants who have a disability or are members of the armed forces community who meet the minimum shortlisting criteria for their post of interest will be invited for an interview and/or assessment (where applicable).
Please be assured that any requests for reasonable adjustments will not negatively affect your application.
As well as standard NHS benefits like generous holiday entitlement and an excellent pension scheme, we offer lots of extras for our staff.