In July 2021 we formed the University Hospitals of Northamptonshire NHS Group, bringing together the constituent organisations of Kettering General Hospital NHS Foundation Trust and Northampton General Hospital NHS Trust. We have agreed an ambitious Group Strategy 'Dedicated to Excellence' which sets out our strategic ambitions and priorities for the next five years and we have also launched our Group Digital Strategy, which sets out our ambitions to become the most digital hospital in England.
Across our Digital portfolio we are working to the following principles:
* Putting users' needs first
* Designing for simplicity
* Working in an agile way
* Doing things once across the Group
* Communicating and engaging throughout
The post holder will lead on Cyber Security for the Group and be an enabler to the delivery of the Group Digital Strategy ambitions.
The post holder will develop and build on current Cyber Security policies and processes providing a significant level of assurance.
The post holder will be responsible for the leadership and effective management of the Cyber Security team for the Group, ensuring the protection of all data held within the Group.
The post holder will ensure that processes are documented, and they are managed to effectively deliver the performance required within an ICT security setting and following industry best practice.
There will be a requirement to be part of an on-call 24*7 rota.
Main duties of the job
* Be responsible, on behalf of the Digital function across the Group, for providing evidence for the achievement of Information Governance Toolkit standards in relation to Data Protection, Confidentiality, Information Security and National Cyber Security Centre (NCSC).
* Responsible and accountable for the ongoing management and reporting of security alerts and vulnerabilities in line with NHS Digital CareCert.
* Responsible for reviewing and continually improving Cyber Security to ensure robust systems are in place for monitoring data protection and information security incidents across the Group.
* Provide expert advice to the Group on Cyber Security.
* Responsible for ensuring that all risks and issues relating to Cyber Security are fully documented, risk assessments undertaken and recorded on the Group's risk management systems as well as the Digital risk register.
* Responsible for co-ordinating the necessary response and resolution activities following a suspected or actual security incident or breach. Keeping the SIRO and information asset owners (IAO's) informed of security incidents, impacts and causes, resulting actions and learning outcomes.
* Create, maintain, and adopt continuous service improvement in relation to the Information Governance Data Security Protection Toolkit (DSPT) action plans for the Group. This involves the assessment of Group systems, processes, and policies against the toolkit assertions.
* Participate in an on-call rota for ICT.
About us
Kettering General Hospital NHS Foundation Trust is one of the largest employers in the area and we are on an exciting journey. Our mission is to provide safe, compassionate, and clinically excellent patient care, by being an outstanding employer for our people. We have entered into a Group Model with neighbouring Northampton General Hospital and have become University Hospitals of Northamptonshire. Our Excellence Values: Compassion Respect Integrity Courageous Accountable
Job description
Job responsibilities
Main Duties
* Support Information Governance and Data protection functions for the Group to achieve the highest standards of information security, emphasising data protection issues.
* Contribute to the Groups Electronic Information Asset Register to include auditing of all information systems, providing a significant level of assurance.
* Take a lead on Cyber Security and represent the Group in leadership forums as necessary.
* Complete Information Security risk assessments on, sometimes, highly intricate business decisions and systems.
* To create, distribute and manage information security plans that will feed into the wider Digital and Group strategies.
* Responsible for the formulation and development of information security plans and strategies to enable the successful completion and implementation of new systems.
* Develop information security strategies, roadmaps, business cases and remediation plans.
* Create and maintain specialist Cyber Security Awareness training for use by the Group.
* Manage and commission regular penetration tests for the Group providing reports and action plans based on the complex testing reports.
* To regularly create reports and present them on the Groups Cyber Security stance for governance forums.
* Ability and capacity to quickly absorb and understand large amounts of complex, service, financial, legal and policy information, whether in written, verbal, numerical, analytical, and electronic forms.
* Contribute to the successful recruitment and retention for staff.
* Work with the Digital Leadership Team to develop, and gain approval for, sound business cases in support of strategic ICT investments.
* Participate in an on-call rota for ICT.
Management and Leadership
* Proactively and positively contribute to the ICT leadership team by taking part in appropriate planning & development and providing digital services & solutions leadership.
* Work closely with the Head of Clinical Systems and Head of Digital Transformation and Innovation on upgrades and policies/procedures.
* Working with the Head of ICT, Deputy ICT and other ICT Senior Managers, support the development and implementation of the Group Digital Strategy, in line with Group, Trust and National priorities and initiatives, and leading digital techniques.
* Develop, line manage, and support individuals and teams that are highly skilled, effective, engaged and highly motivated.
* Ensure best practice in managing staff is adopted and maintained, including regular performance appraisal, effective two-way communication, and implementation of processes to ensure personnel work in a responsible, safe manner and have due regard for health & safety regulations.
* Take shared responsibility for the financial performance of the Cyber Security team, including achievement of financial targets, balancing potentially conflicting demands of budgetary requirements and service requirements.
* Act as authorised signatory for timesheets, travel expenses etc. for staff within the ICT function.
* Drive through the delivery of ambitious targets to continually improve performance within the Cyber Security team.
* As a member of the ICT leadership team, collaborate closely with other leading colleagues to support the efficient functioning of the ICT department.
* Champion and role model the Groups values and behaviours and support others in doing so to deliver the Group Vision and Mission successfully.
* Deputise for the Head of ICT as necessary and where appropriate.
Technical Service Delivery
* The post holder will have a broad understanding of ICT and specialist knowledge in several key technologies such as firewalls, SIEM, vulnerability scanning and detection, anti-virus, and intrusion detection.
* Management and delivery of Cyber Security technical and infrastructure services to the Group.
* Research the ICT supplier market and advances in cyber technical developments, with the aim of utilising new approaches and technologies to benefit the Group and ultimately clinical and patient services.
* Ensure appropriate procedures are in place for testing new ICT security systems and applications and ensure these comply with relevant NHS standards.
* Manage the Cyber Security team and their budgets and relevant project / capital budgets ensuring excellent financial control and forward planning.
* Review service needs with users and other stakeholders. Evaluate and continuously improve performance and ensure all service KPIs are met or exceeded.
* To ensure cyber security arrangements are in place to protect the Group to monitor the effectiveness of arrangements to have robust processes in place to address emergence of threats initiate regular security testing and ensuring resulting action plans are addressed.
* Ensure that routine maintenance and remedial work is appropriately scheduled and undertaken so that it does not adversely impact the availability of business-critical systems.
Performance
* Set performance standards for the Cyber Security team, including KPIs, report on achievement against these, assist in reviewing working practices and contribute in devising improved ways of working where necessary to enhance the efficiency and effectiveness of services delivered.
* Ensure systems are in place to routinely analyse and manage ICT resource utilisation in the Cyber Security team in order to provide efficient and optimised digital services.
Advice, guidance, and partnerships
* Provide expert technical and professional advice regarding Cyber Security.
* Provide leadership and expert knowledge in the implementation and delivery of Cyber Security modelled around agreed methodologies.
* Represent the Digital portfolio at local levels, developing partnerships, sharing best practice, and integrating knowledge across the Group.
* Build good relationships and ensure effective ICT partnerships with other organisations across the ICS, locally, regionally, and nationally.
Policies and procedures
* Ensure that the Cyber Security team has in place appropriate and up to date policies, guidelines, standard operating procedures, and standards covering the use and management of all ICT services, resources, and assets (physical and data).
* Ensure the security of ICT assets (physical and data). Identify and evaluate risks, formulate plans / contingencies to mitigate risks, and agree plans with stakeholders.
* Ensure that appropriate disaster recovery and business continuity procedures are in place for critical systems within the responsibility of the Cyber Security team.
Professional and Personal Development
* The post holder will need to develop and maintain their own knowledge of developments and legislation relevant to the service area and ensure that each function reflects current professional guidance and standards.
Person Specification
Education, Training & Qualifications
Essential
* Certified Information Security Manager (CISM) or equivalent level or equivalent experience
Desirable
* Certified Information Security Systems Professional (CISSP)
Knowledge & Experience
Essential
* Expert knowledge of Cloud and on-premise security standards.
* A broad understanding of ICT and specialist knowledge in several key Cyber Security technologies such as firewalls.
#J-18808-Ljbffr