Job summary
NHS Somerset ICB are recruiting to the following permanent CyberSecurity Risk Lead Officer post.
The Cyber Security Risk Lead Officer will be responsible for providing pragmatic, risk-based solutions to enable the Integrated Care System (ICS) to pursue its Digital, Data and Technology (DDaT) Strategy and Cyber Security Strategy objectives in a responsible and compliant manner.
Cyber Threats are an ongoing and ever-changing risk to the information and trust required to maintain health and care services for the residents of Somerset. We are seeking an individual with a passion for cybersecurity and is capable of using strong relationships across the system to spot emerging risks, insights and trends.
Key Responsibilities
* Leading the management of information security related risks and supporting across-team working with different departments and organisations, including Information Governance, and Risk teams, and Somerset ICS partners.
* Supporting business continuity planning for GP IT and the Common technology platforms for the ICS. Ensuring routine testing and documentation is in place and that teams are educated and complying with requirements.
* Working with colleagues across the ICS to ensure compliance with Cyber Security standards and to manage information security risks.
* Building a framework and reporting schedule to ensure that we are complying with Data Security standards.
* Supporting compliance (through working with Cyber Security colleagues across the ICS) with information security and data privacy across all common projects and programmes.
* Assuring that Cyber Security assessments are undertaken during the scoping of every new DDaT project or programme and during every risk mitigation options analysis.
* Advocating for a common framework to assess cyber security across the ICS.
* Ensuring all statutory notification and reporting requirements are met. Working with specialist colleagues and external organisations to obtain high-quality competent advice on cyber security requirements and risk management.
* Developing a clear cyber security compliance framework, aligned to the ICS partner risk appetite.
* Co-creating, implementing, and maintaining compliance policies and procedures in line with relevant legislation, regulations, and industry best practices.
* Overseeing all certificates and accreditations in the annual renewal process.
* Identifying and developing partnership working opportunities, and relationships both within the ICS and with its wider stakeholders.
* Implementing control processes and maintaining data quality during analysis and interpretation of security incidents and alerts.
* Planning, creating and implementing cyber information campaigns to maintain colleague awareness of cyber risks, threats and vulnerabilities.
About Us
NHS Somerset Integrated Care Board (ICB) is responsible for implementing a health and care strategy developed by the Integrated Care Partnership. It consists of approximately 350 staff across 8 directorates, each with multiple teams. We welcome applications from all backgrounds, including underrepresented groups, and are committed to equality of opportunity. We believe diverse organisations best reflect the communities they serve.
Flexible working is available from day one, including an agile home/office-based approach. However, you will be required to work from our HQ in Yeovil for 2/3 days a week and traveling to other Somerset locations for meetings may be necessary. Please consider this before applying.
Note for existing NHS Employees applying for Fixed Term vacancies at NHS Somerset
If you are an existing NHS Employee and are applying for a Fixed Term role with NHS Somerset, the role will be offered on a secondment basis only. You should gain agreement from your current employer before applying to allow you to be released on secondment.
Person Specification
Experience
Essential
* Experience working within cyber security in a health and care setting.
* An active interest in the key cyber security threats affecting the health and social care sector and can give examples of where you have implemented methodologies to identify and manage cyber security threats.
* Significant experience of leading the communication of complicated, complex or risky cyber security topics with technical and non-technical stakeholders.
* Passionate about things being done right but can showcase how you have used multiple different approaches to get that positive outcome.
* Experience of building registers (or using compliance software) to ensure certificates and assessments are kept up to date.
* Demonstrated ability to work in large, cross-functional teams influencing senior-level management and key stakeholders effectively across a partnership environment.
* Excellent communication, leadership, and stakeholder management skills.
* The ability to think strategically, solve complex problems, and drive organisational change.
Qualifications
Essential
* A master's degree in a related subject or equivalent knowledge through experience.
Desirable
* Evidence of Continued Professional Development (CPD).
Thank you for your interest. #J-18808-Ljbffr