Job summary NHS Somerset ICB are recruiting to the following permanent Cyber Security Risk Lead Officer post. The Cyber Security Risk Lead Officer will be responsible for providing pragmatic, risk-based solutions to enable the Integrated Care System (ICS) to pursue its Digal, Data and Technology (DDaT) Strategy and Cyber Security Strategy objectives in a responsible and compliant manner. Cyber Threats are an ongoing and ever-changing risk to the information and trust required to maintain health and care services for the residents of Somerset. We are seeking an individual with a passion for cyber security and is capable of using strong relationships across the system to spot emerging risks, insights and trends. They will lead in the areas of: Working closely with ICS partners to deliver on the objectives of the ICS Cyber Security Strategy. Within that strategic context, working with partners and providers, to provide safe and secure digital services to the Somerset system. Managing the organisations cyber security risk programme and associated cyber security awareness activities. Main duties of the job We are looking for a Cyber Security Risk Lead Officer who can demonstrate excellent risk management, and strong communication and leadership skills. Our ideal candidate will have experience successfully managing information security related risks in a complex organisation, working collaboratively with a wide range of stakeholders and professional groups. They will ensure compliance with information security and data privacy standards across all projects and programmes. As well as, planning, creating and implementing cyber information campaigns to maintain colleague awareness of cyber risks, threats and vulnerabilities. The role involves working both as part of a team and independently on projects, providing essential input, feedback, and progress reports to stakeholders, while collaborating closely with team members and other departments across the organisation. The candidate will liaise with other Government, Non-Government organisations, statutory agencies and public and private sector organisations to develop collaborative approaches which can deliver the ICSs DDaT Strategy and Cyber Security Strategy goals. Somerset ICS DDaT Strategy: https://ddat.somerset-ics.uk/ ICS Cyber Security Strategy Objectives: Developing and embedding a cyber aware culture Improving cyber risk visibility and management Building robust third-party assurance Prioritising collaboration Ensuring ongoing resilience About us NHS Somerset Integrated Care Board (ICB) is responsible for implementing a health and care strategy developed by the Integrated Care Partnership. It consists of approximately 350 staff across 8 directorates, each with multiple teams. We welcome applications from all backgrounds, including underrepresented groups, and are committed to equality of opportunity. We believe diverse organisations best reflect the communities they serve. We reserve the right to close the vacancy early if sufficient applications are received before the advertised closing date. Visa sponsorship is not offered. Flexible working is available from day one, including an agile home/office-based approach. However, you will be required to work from our HQ in Yeovil for 2/3 days a week and traveling to other Somerset locations for meetings may be necessary. Please consider this before applying. Note for existing NHS Employees applying for Fixed Term vacancies at NHS Somerset If you are an existing NHS Employee and are applying for a Fixed Term role with NHS Somerset, the role will be offered on a secondment basis only. You should gain agreement from your current employer before applying to allow you to be released on secondment. Please ensure the reference section confirms your current HR Department details. Thank you for your interest Date posted 05 March 2025 Pay scheme Agenda for change Band Band 7 Salary £46,148 to £52,809 a year Contract Permanent Working pattern Full-time, Flexible working Reference number D9462-SOMICB007-25 Job locations NHS Somerset ICB Wynford House, Lufton Way Yeovil Somerset BA22 8HR Job description Job responsibilities PURPOSE OF THE ROLE: The Cyber Security Risk Lead Officer will be responsible for providing pragmatic, risk-based solutions to enable the ICS to pursue its Digital, Data and Technology (DDaT) Strategy and Cyber Security Strategy objectives in a responsible and compliant manner. Cyber Threats are an ongoing and ever-changing risk to the information and trust required to maintain health and care services for the residents of Somerset. We are seeking an individual with a passion for cyber security and is capable of using strong relationships across the system to spot emerging risks, insights and trends. KEY RESPONSIBILTIES OF THE ROLE: The Cyber Security Risk Lead Officer is accountable for: Leading the management of information security related risks and supporting across-team working with different departments and organisations, including Information Governance, and Risk teams, and Somerset ICS partners. Supporting business continuity planning for GP IT and the Common technology platforms for the ICS. Ensuring routine testing and documentation is in place and that teams are educated and complying with requirements. Working with colleagues across the ICS to ensure compliance with Cyber Security standards and to manage information security risks. Building a framework and reporting schedule to ensure that we are complying with Data Security standards. Supporting compliance (through working with Cyber Security colleagues across the ICS) with information security and data privacy across all common projects and programmes. Assuring that Cyber Security assessments are undertaken during the scoping of every new DDaT project or programme and during every risk mitigation options analysis. Advocating for a common framework to assess cyber security across the ICS. Ensuring all statutory notification and reporting requirements are met. Working with specialist colleagues and external organisations to obtain high-quality competent advice on cyber security requirements and risk management Developing a clear cyber security compliance framework, aligned to the ICS partner risk appetite. Co-creating, implementing, and maintaining compliance policies and procedures in line with relevant legislation, regulations, and industry best practices. Overseeing all certificates and accreditations in the annual renewal process. Identifying and developing partnership working opportunities, and relationships both within the ICS and with its wider stakeholders. Liaise with other Government, Non-Government organisations, statutory agencies and public and private sector organisations to develop collaborative approaches which can deliver the ICSs DDaT Strategy and Cyber Security Strategy goals. Implementing control processes and maintaining data quality during analysis and interpretation of security incidents and alerts. Planning, creating and implementing cyber information campaigns to maintain colleague awareness of cyber risks, threats and vulnerabilities. Communication You can present analysis and visualisations in clear ways to communicate complex messages to a variety of audiences. You can build long-term strategic relationships You can influence stakeholders and manage relationships effectively You can communicate negative and positive information to stakeholders You can work within a strategic context and communicate how activities meet strategic goals Analysis & Judgement You can identify opportunities to use new digital technologies to enhance benchmarking capability in alignment with the roles objectives You can describe and work within environmental constraints, finding the most appropriate solution for users. Planning & Organisational Skills You can facilitate and deliver complex project outcomes within defined timescales You can ensure projects or initiatives are delivered on time to quality standards and in a cost-effective manner, adjusting plans as required You can plan training delivery for a new system that impacts on the whole organisation time Policy & Service Development You can contribute to the development of strategy and policies. Finance You will be a budget holder for a cross ICS budget for the programme and will be accountable to every organisation that contributed to that budget You will have to assess and procure software to support framework compliance HR You can design and deliver training staff on new systems and processes Information Resources You can design and adapt information systems from specifications of others. You can draft reports and information using more than one information system Research & Development You can lead the collection of information and creation of recommendations for improvements You can check data to identify errors and check for accuracy Autonomy/Freedom to Act You can ensure that cyber security processes are aligned to business needs and strategy You can use initiative on a regular basis You have the ability to prioritise own work and approaches new tasks flexibly You can take inputs and establish coherent frameworks that work You can demonstrate a very strong knowledge of security and data privacy when it comes to personal and health information Mental Effort You can quickly read and interpret complex documents from a range of sources and distil to what is relevant. You can absorb large amounts of conflicting information and use it to produce solutions. Job description Job responsibilities PURPOSE OF THE ROLE: The Cyber Security Risk Lead Officer will be responsible for providing pragmatic, risk-based solutions to enable the ICS to pursue its Digital, Data and Technology (DDaT) Strategy and Cyber Security Strategy objectives in a responsible and compliant manner. Cyber Threats are an ongoing and ever-changing risk to the information and trust required to maintain health and care services for the residents of Somerset. We are seeking an individual with a passion for cyber security and is capable of using strong relationships across the system to spot emerging risks, insights and trends. KEY RESPONSIBILTIES OF THE ROLE: The Cyber Security Risk Lead Officer is accountable for: Leading the management of information security related risks and supporting across-team working with different departments and organisations, including Information Governance, and Risk teams, and Somerset ICS partners. Supporting business continuity planning for GP IT and the Common technology platforms for the ICS. Ensuring routine testing and documentation is in place and that teams are educated and complying with requirements. Working with colleagues across the ICS to ensure compliance with Cyber Security standards and to manage information security risks. Building a framework and reporting schedule to ensure that we are complying with Data Security standards. Supporting compliance (through working with Cyber Security colleagues across the ICS) with information security and data privacy across all common projects and programmes. Assuring that Cyber Security assessments are undertaken during the scoping of every new DDaT project or programme and during every risk mitigation options analysis. Advocating for a common framework to assess cyber security across the ICS. Ensuring all statutory notification and reporting requirements are met. Working with specialist colleagues and external organisations to obtain high-quality competent advice on cyber security requirements and risk management Developing a clear cyber security compliance framework, aligned to the ICS partner risk appetite. Co-creating, implementing, and maintaining compliance policies and procedures in line with relevant legislation, regulations, and industry best practices. Overseeing all certificates and accreditations in the annual renewal process. Identifying and developing partnership working opportunities, and relationships both within the ICS and with its wider stakeholders. Liaise with other Government, Non-Government organisations, statutory agencies and public and private sector organisations to develop collaborative approaches which can deliver the ICSs DDaT Strategy and Cyber Security Strategy goals. Implementing control processes and maintaining data quality during analysis and interpretation of security incidents and alerts. Planning, creating and implementing cyber information campaigns to maintain colleague awareness of cyber risks, threats and vulnerabilities. Communication You can present analysis and visualisations in clear ways to communicate complex messages to a variety of audiences. You can build long-term strategic relationships You can influence stakeholders and manage relationships effectively You can communicate negative and positive information to stakeholders You can work within a strategic context and communicate how activities meet strategic goals Analysis & Judgement You can identify opportunities to use new digital technologies to enhance benchmarking capability in alignment with the roles objectives You can describe and work within environmental constraints, finding the most appropriate solution for users. Planning & Organisational Skills You can facilitate and deliver complex project outcomes within defined timescales You can ensure projects or initiatives are delivered on time to quality standards and in a cost-effective manner, adjusting plans as required You can plan training delivery for a new system that impacts on the whole organisation time Policy & Service Development You can contribute to the development of strategy and policies. Finance You will be a budget holder for a cross ICS budget for the programme and will be accountable to every organisation that contributed to that budget You will have to assess and procure software to support framework compliance HR You can design and deliver training staff on new systems and processes Information Resources You can design and adapt information systems from specifications of others. You can draft reports and information using more than one information system Research & Development You can lead the collection of information and creation of recommendations for improvements You can check data to identify errors and check for accuracy Autonomy/Freedom to Act You can ensure that cyber security processes are aligned to business needs and strategy You can use initiative on a regular basis You have the ability to prioritise own work and approaches new tasks flexibly You can take inputs and establish coherent frameworks that work You can demonstrate a very strong knowledge of security and data privacy when it comes to personal and health information Mental Effort You can quickly read and interpret complex documents from a range of sources and distil to what is relevant. You can absorb large amounts of conflicting information and use it to produce solutions. Person Specification Experience Essential experience working within cyber security in a health and care setting You have an active interest in the key cyber security threats affecting the health and social care sector and can give examples of where you have implemented methodologies to identify and manage cyber security threats. You have significant experience of leading the communication of complicated, complex or risky cyber security topics with technical and non-technical stakeholders You are passionate about things being done right but can showcase how you have used multiple different approaches to get that positive outcome. You have experience of building registers (or using compliance software) to ensure certificates and assessments are kept up to date. You can demonstrate working in large, cross-functional teams influencing senior-level management and key stakeholders effectively across a partnership environment. You have excellent communication, leadership, and stakeholder management skills. You have the ability to think strategically, solve complex problems, and drive organisational change. Personal Statement / Motivation for Applying Essential Please use this section to explain how you meet the additional criteria in the Personal Specification including your reasons and motivation for applying. Qualifications Essential A masters degree in a related subject or equivalent knowledge through experience Desirable Evidence of Continued Professional Development (CPD) Communication Essential You have good communication skills, both written and verbally to all levels of staff and external colleagues You can communicate in plain English to accommodate both IT and non-IT colleagues You can present analysis and visualisations in clear ways to communicate complex messages You can build long-term strategic relationships You can influence stakeholders and manage relationships effectively You can communicate negative and positive information to stakeholders You can work within a strategic context and communicate how activities meet strategic goals You can help teams to define their project outcomes alongside security considerations, and can support the assessment with a diagnostics process You can listen to the needs of technical and business stakeholders, and interpret them You can effectively manage stakeholder expectations You can manage active and reactive communication You can support or host difficult discussions within the team or with diverse senior stakeholders You can expertly translate technical concepts to non-technical audiences so they are understood by all Person Specification Experience Essential experience working within cyber security in a health and care setting You have an active interest in the key cyber security threats affecting the health and social care sector and can give examples of where you have implemented methodologies to identify and manage cyber security threats. You have significant experience of leading the communication of complicated, complex or risky cyber security topics with technical and non-technical stakeholders You are passionate about things being done right but can showcase how you have used multiple different approaches to get that positive outcome. You have experience of building registers (or using compliance software) to ensure certificates and assessments are kept up to date. You can demonstrate working in large, cross-functional teams influencing senior-level management and key stakeholders effectively across a partnership environment. You have excellent communication, leadership, and stakeholder management skills. You have the ability to think strategically, solve complex problems, and drive organisational change. Personal Statement / Motivation for Applying Essential Please use this section to explain how you meet the additional criteria in the Personal Specification including your reasons and motivation for applying. Qualifications Essential A masters degree in a related subject or equivalent knowledge through experience Desirable Evidence of Continued Professional Development (CPD) Communication Essential You have good communication skills, both written and verbally to all levels of staff and external colleagues You can communicate in plain English to accommodate both IT and non-IT colleagues You can present analysis and visualisations in clear ways to communicate complex messages You can build long-term strategic relationships You can influence stakeholders and manage relationships effectively You can communicate negative and positive information to stakeholders You can work within a strategic context and communicate how activities meet strategic goals You can help teams to define their project outcomes alongside security considerations, and can support the assessment with a diagnostics process You can listen to the needs of technical and business stakeholders, and interpret them You can effectively manage stakeholder expectations You can manage active and reactive communication You can support or host difficult discussions within the team or with diverse senior stakeholders You can expertly translate technical concepts to non-technical audiences so they are understood by all Employer details Employer name NHS Somerset Integrated Care Board Address NHS Somerset ICB Wynford House, Lufton Way Yeovil Somerset BA22 8HR Employer's website https://nhssomerset.nhs.uk/ (Opens in a new tab)