We are seeking motivated and dynamic Band 8b Information Security GRC Manager to work within the newly established NELFTs Information Security (IS) Team. The IS team is responsible for the implementation, operation and continued improvements to information security controls / processes to protect The Trusts information and systems assets from the ever increasing and evolving cyber threats. Main duties of the job Establishment and operation of The Trust Information Security Governance framework for the effective implementation of information security controls and processes in line with The Trusts information security risks, compliance to NHS Englands and The Trusts security polices/standards and legal/regulatory requirements. About us 08:27 Starting with NELFT NELFT place a great deal of importance on new starters being properly welcomed and inducted into the Trust. All new starters will join the Trust on the first Monday of each month and will undertake a comprehensive induction of up to two weeks which will include mandatory training, systems training and the allocation of equipment. As part of the process new starters will have the opportunity to also meet the executive team, senior managers and attend a number of drop in sessions focussing in engagement, health and wellbeing and key processes. The induction will be held at our head office in Rainham, Essex. Probationary Period This post will be subject to a probationary period. Internal applicants are exempt from the probationary period (unless you are an internal applicant currently part way through a probationary period or currently a bank member of staff). High Cost Area Supplement This post also attracts payment for High Cost Area Supplement of 15% of the basic salary (with a minimum of £4,551 to a maximum of £5,735). COVID-19 Vaccination We continue to encourage all staff to ensure that they have been double vaccinated and received their booster. We recognise that taking the vaccine provides the best defence against COVID 19 for our patients, our staff and their families. We reserve the right to close this vacancy early should sufficient applications be received. Job responsibilities E Establishing and delivering the key frameworks for driving the risk/compliance-based implementation, maintenance, monitoring and continuously improving information security controls and processes within The Trust. Facilitate the Information Governance and Health Records team providing Information Security guidance and promote Informatics to improve patient experience by ensuring clinicians have the appropriate tools to support patient care in a secure manner and to meet quality targets. This is a senior position within the IS team, reporting to the Head of Information Security & Compliance, that requires specialist skills in stakeholder management. Of importance is the ability to build strong and effective working relationships with internal and external stakeholders and the skill to manage conflicting demands and tensions of a broad range of stakeholders. The post holder is expected to be an experienced information security risk and compliance professional with at least 5 years experience including but not limited to (please see full Job Description) : • Information security governance frameworks • ISO27001 and Cyber Essentials Plus • Performing information security risk assessments • Establishing and reporting on information security KPIs and KRIs • Creation of information security polices and standards • Legal/regulatory requirements such as GDPR • Qualified in relevant professional security qualification Please see the attached job description and person specification for more information about this role and working at North East London NHS Foundation Trust. We encourage you to refer closely to this when completing your application. We welcome your application even if you do not meet all the criteria listed in the person specification. Any development needs to help you succeed in the role, can be discussed at the interview stage. Person Specification Shortlisting Essential • ISO27001 Desirable • N/A Shortlisting Essential • Experienced in Security Risk and Compliance Desirable • N/A Shortlisting Essential • At Least 2 years experience Desirable • N/A