Job summary An exciting, fixed term opportunity has arisen for a Cyber Security Manager within the Digital directorate at Health Education and Improvement Wales. The post holder will be responsible for planning, organising, and managing cyber security tasks. This includes leading on security initiatives, implementing solutions to secure HEIW's environment, and promoting a culture of security awareness. The ideal candidate will need to demonstrate excellent planning and administrative skills, technical prowess and a practical knowledge of cyber security concepts. An excellent communicator is required to build and establish close working relationships throughout HEIW and the wider NHS Wales community. This post is Fixed Term/Secondment for 12 months due to maternity cover. If you are interested in applying for the secondment position, you must obtain permission from your current line manager prior to applying for this post. Main duties of the job The post holder will be responsible for planning, organising, and managing cyber security tasks. This includes leading on security initiatives, implementing solutions to secure HEIW's environment, and promoting a culture of security awareness. The role involves working both as part of a team and independently on projects, providing essential input, feedback, and progress reports to stakeholders, while collaborating closely with team members and other departments across the organisation. The post holder will offer expert advice to develop and implement effective security risk management strategies, playing a crucial role in integrating pragmatic security controls into operational processes. Moreover, the individual will be tasked with developing, monitoring, maintaining, supporting, and optimising the cyber security service. This position will also entail the day-to-day line management of HEIW's cyber security team. The ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply. About us Health Education and Improvement Wales (HEIW) is the strategic workforce body for NHS Wales with statutory functions that include education and training, workforce planning, workforce development and transformation, leadership and succession planning, and careers. Our purpose is to develop a workforce that delivers excellent care to patients/service users and excellent population health. We are a Special Health Authority working closely with our partners; Social Care Wales, education providers, professional and regulatory bodies and Welsh Government. HEIW's is committed to developing an internal culture of choice. Our Values reflect our thoughts, feelings and beliefs in how we will, and will not, behave and treat others: - Respect for All in every contact we have with others, - Ideas that Improve: Harnessing creativity and continuously innovating, evaluating and improving, - Together as a Team: Working with colleagues across NHS Wales and with partner organisations. HEIW received the HPMA Award for Employee Engagement in 2019. What you can expect: - a corporate induction and 90 day Welcome itinerary, - compassionate leadership, - a meaningful values based performance appraisal process, - the opportunity to impact upon health and social care services and the lives and wellbeing of the people of Wales. Many of our colleagues and stakeholders have commented on the buzz and atmosphere we create by working together as "One HEIW Team". Do you want to join that team? Date posted 23 January 2025 Pay scheme Agenda for change Band Band 7 Salary £46,840 to £53,602 a year per annum Contract Fixed term Duration 12 months Working pattern Full-time, Flexible working Reference number 082-AC006-0125 Job locations Ty Dysgu Cefn Coed Nantgarw CF15 7QQ Job description Job responsibilities You will be able to find a full Job Description and Person Specification attached within the supporting documents or please click Apply now to view in Trac. Job description Job responsibilities You will be able to find a full Job Description and Person Specification attached within the supporting documents or please click Apply now to view in Trac. Person Specification Qualifications and Knowledge Essential Educated to Degree Level in a relevant IT subject (preferable cyber security) or equivalent experience. Cyber security qualifications (e.g. CISSP, CISM, SSCP, CISMP) or equivalent level of work experience and knowledge. Detailed knowledge of endpoint, server and/or network security. Comprehensive understanding of cloud computing, service models (e.g. IaaS, PaaS, SaaS) and deployment models. Understanding of the Network and Information Systems Regulations. Excellent understanding of cyber security best practices, frameworks, standards, guidelines and terminology (e.g. ISO/IEC 27001, NIST CSF, CE, CE Plus, NCSC). Evidence of continual professional development. Desirable Applied knowledge of cyber security domains (e.g. risk management, asset management, security architecture, communications and network security, identity & access management, security operations and cyber incident response. Application of cyber security in a healthcare and educational environment. ITIL Foundation. Recognised Project Management Qualification. Experience Essential Relevant experience working in cyber security, using relevant industry standards, security products and tools. Experience implementing cyber security controls, process and performance monitoring. Experience of implementing cyber security controls and measures across local and wide area networks to protect resources (e.g. devices, infrastructure networks, systems and services) from cyber security threats. Thorough knowledge of a range of ICT domains acquired through qualification or relevant industry experience. Experience of working with cyber security solutions. Specific experience of working with Security Information and Event Management (SIEM) solutions, vulnerability scanning solutions, threat protection solutions etc. Evidence of cyber security or other relevant work outside formal training or employment (voluntary, research, academia, social media etc). Desirable Leadership and team management experience. Experience of working in fields other than cyber security. Delivery of training to technical and non-technical employees. Report writing, procedure development and presentation delivery. Skills and Attributes Essential Excellent communication and interpersonal skills. Excellent problem solving and analytical skills. The ability to effectively communicate complex technical information to technical and non-technical stakeholders. Develop and maintain effective working relationships across multifunctional departments and teams. Ability to work with service providers and colleagues throughout NHS Wales to deliver projects. Able to manage complex workloads, multi-task in complex and sensitive environments. Ability to effectively communicate with stakeholders when defining requirements and implementing solutions. Effective document writing and presentation skills (e.g. letters, reports, presentation). Ability to quickly understand and apply new technologies. Ability to complete lessons learnt and root cause analysis of cyber security incidents. The ability to assess and assist in the selection of good and best practice security controls and measures. The ability to champion and embrace change in the drive towards continuous improvement. Excellent organisational skills, the ability to work on own initiative, organise workload, organise team workload, work to tight deadlines and deliver projects with minimal support. Desirable Detailed understanding of ICT. Ability to speak Welsh. Other Essential The ability to work independently and as part of a team. Self-motivated and committed to self-development and improvement. Friendly and helpful nature when engaging with stakeholders. Enthusiastic, committed, proactive and innovative. Shows respect for others' views and appreciate others' inputs. Willing to seek out learning opportunities. The ability to provide and receive constructive feedback. Flexible and adaptable approach to working. Self-motivated and uses initiative to recognise problems and seek-out solutions. The ability to work well with others, independently and work well under pressure. Ability to travel within geographical area. Person Specification Qualifications and Knowledge Essential Educated to Degree Level in a relevant IT subject (preferable cyber security) or equivalent experience. Cyber security qualifications (e.g. CISSP, CISM, SSCP, CISMP) or equivalent level of work experience and knowledge. Detailed knowledge of endpoint, server and/or network security. Comprehensive understanding of cloud computing, service models (e.g. IaaS, PaaS, SaaS) and deployment models. Understanding of the Network and Information Systems Regulations. Excellent understanding of cyber security best practices, frameworks, standards, guidelines and terminology (e.g. ISO/IEC 27001, NIST CSF, CE, CE Plus, NCSC). Evidence of continual professional development. Desirable Applied knowledge of cyber security domains (e.g. risk management, asset management, security architecture, communications and network security, identity & access management, security operations and cyber incident response. Application of cyber security in a healthcare and educational environment. ITIL Foundation. Recognised Project Management Qualification. Experience Essential Relevant experience working in cyber security, using relevant industry standards, security products and tools. Experience implementing cyber security controls, process and performance monitoring. Experience of implementing cyber security controls and measures across local and wide area networks to protect resources (e.g. devices, infrastructure networks, systems and services) from cyber security threats. Thorough knowledge of a range of ICT domains acquired through qualification or relevant industry experience. Experience of working with cyber security solutions. Specific experience of working with Security Information and Event Management (SIEM) solutions, vulnerability scanning solutions, threat protection solutions etc. Evidence of cyber security or other relevant work outside formal training or employment (voluntary, research, academia, social media etc). Desirable Leadership and team management experience. Experience of working in fields other than cyber security. Delivery of training to technical and non-technical employees. Report writing, procedure development and presentation delivery. Skills and Attributes Essential Excellent communication and interpersonal skills. Excellent problem solving and analytical skills. The ability to effectively communicate complex technical information to technical and non-technical stakeholders. Develop and maintain effective working relationships across multifunctional departments and teams. Ability to work with service providers and colleagues throughout NHS Wales to deliver projects. Able to manage complex workloads, multi-task in complex and sensitive environments. Ability to effectively communicate with stakeholders when defining requirements and implementing solutions. Effective document writing and presentation skills (e.g. letters, reports, presentation). Ability to quickly understand and apply new technologies. Ability to complete lessons learnt and root cause analysis of cyber security incidents. The ability to assess and assist in the selection of good and best practice security controls and measures. The ability to champion and embrace change in the drive towards continuous improvement. Excellent organisational skills, the ability to work on own initiative, organise workload, organise team workload, work to tight deadlines and deliver projects with minimal support. Desirable Detailed understanding of ICT. Ability to speak Welsh. Other Essential The ability to work independently and as part of a team. Self-motivated and committed to self-development and improvement. Friendly and helpful nature when engaging with stakeholders. Enthusiastic, committed, proactive and innovative. Shows respect for others' views and appreciate others' inputs. Willing to seek out learning opportunities. The ability to provide and receive constructive feedback. Flexible and adaptable approach to working. Self-motivated and uses initiative to recognise problems and seek-out solutions. The ability to work well with others, independently and work well under pressure. Ability to travel within geographical area. Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Certificate of Sponsorship Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab). From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab). Additional information Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Certificate of Sponsorship Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab). From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab). Employer details Employer name Health Education and Improvement Wales Address Ty Dysgu Cefn Coed Nantgarw CF15 7QQ Employer's website https://heiw.nhs.wales/ (Opens in a new tab)