Job summary We have an exciting opportunity to work in an evolving and busy Information Security and Governance team, working closely with our Digital Colleagues. This role plays an important part in supporting front line NHS staff such as Paramedics, 999 and 111 call takers, Patient transport services, as well as to our corporate enablers such as finance, estates and HR. No two days are the same, but you will be part of a vital organisation helping to save lives, covering a wide area with a population of 7 million from Oxfordshire, Buckinghamshire, Berkshire to Hampshire. We also cover Sussex for Patient Transport Services. The role will also work alongside technical specialists and third-party services including NCSC and NHS England's CareCERT service, drawing on their skills and knowledge to provide a cohesive support service and to help deliver the future Digital roadmap to this respected NHS Ambulance Service. If you have a good work ethic, are a great team worker, flexible and innovative, can think outside the box, are prepared to bring solutions to problems and have a background in Cyber Security, then we'd love to hear from you Right to work - You will be required to provide a valid right to work in the UK document. South Central Ambulance Service NHS Trust are only able to provide sponsorship to health care professionals. This role is not available for sponsorships. Main duties of the job To support the Head of Information Security and Governance in the delivery of the Information Security and Governance (ISG) activities of the Trust providing assurance that the security, confidentiality and integrity of systems and data is maintained. Support the delivery of projects to achieve both CareCERT, Cyber Essentials and the Digital Security and Protection Toolkit (DSPT) accreditation (which is based on the NCSC CAF model) for the Trust and implement processes that assure ongoing maintenance of this accreditation & provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trust's compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time. Interpret complex legislation or regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act, implementing and enforcing suitable and relevant information security policies and procedures across the Trust. The role will include supporting the implementation and development of systems, policies and procedures which comply with ISO/IEC 27001, NHS England, CareCERT guidance, Cyber Essentials, DSPT, NHS Information Risk Management and other relevant guidance. Please see attached the Job Description About us Benefits we offer: Full training and support when you join and ongoing throughout your employment with us. Holiday entitlement is 27 days rising to 29 days after 5 years and 33 days after 10 years, plus 8 bank holidays (pro rata for part time). Enrolment into the NHS Pension Scheme. Access to continual professional development and opportunities within SCAS and the NHS. Occupational Health support along with an Employee Assistance Programme. NHS Discounts in over 200 stores including Holidays, Days out, Car insurance, Restaurants and Clothing. Staff networking and support groups. About Us South Central Ambulance Service NHS Foundation Trust provides a range of emergency, urgent care and non-emergency healthcare services, along with commercial logistics services. The Trust delivers most of these services to the populations of Berkshire, Buckinghamshire, Hampshire and Oxfordshire as well as non-emergency patient transport services in Sussex. We serve a population of over 7 million and answer over 500,000 urgent calls a year. We employ 4,551 staff who, together with over 1,100 volunteers, enable us to operate 24 hours a day, seven days a week. In SCAS, we know that colleagues who are cared for and valued are enabled to provide the right care, first time, every time. That is why we strive to foster a culture that balances fairness, compassion, learning and accountability; a 'just and learning culture'. Date posted 18 October 2024 Pay scheme Agenda for change Band Band 7 Salary £46,148 to £52,809 a year pa pro rata per annum Contract Permanent Working pattern Full-time, Part-time, Flexible working Reference number 195-24-162-TAM Job locations Northern House, Unit 6 Talisman Business Centre, Talisman Road Bicester OX26 6HR Job description Job responsibilities Ensure the delivery of projects to achieve both CareCERT, Cyber Essentials and DSPT accreditation for the Trust and implement processes that assure ongoing maintenance of this status Provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trusts compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time To assist in the ISG continuous improvement work stream within the Digital Directorate that seeks to improve the Trusts operational management of Information Security and Information Governance Interpret highly complex legislation and regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act and develop, implement, and enforce suitable and relevant information security policies and procedures across the Trust. To assist in ensuring all information systems and underlying technical architectures and changes to the technical environment are assessed against Information Security best practice to assure the Trust and external bodies that information held by the Trust is secure. Provide regular reports to the Head of Information Security and Governance on areas such as Project Progress, Security, in relation to upcoming threats, number of security incidents (detected and prevented) and compliance of ICT systems and equipment including patching levels. Provide support for Information Asset Owners (IAOs) through effective networking structures, sharing of relevant experience, provision of training and creation of information risk reporting structures, ensuring the completeness and accuracy of the Trusts information asset register. Assist in ensuring Digital staff are suitably trained and understand Digital Security including the generation and provision of IG and IS training at part of IG training, staff induction and specialist training sessions, such as for IAOs and IAAs (information Asset Administrators). Ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual information incidents are managed in accordance with NHS ISG requirements, leading on the assessment of all reported IG incidents Ensure the Trust responds to, and is protected against, all new threats identified within Information Security Notices and alerts (including those from CareCERT). Monitor Security systems for alerts and investigations Job description Job responsibilities Ensure the delivery of projects to achieve both CareCERT, Cyber Essentials and DSPT accreditation for the Trust and implement processes that assure ongoing maintenance of this status Provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trusts compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time To assist in the ISG continuous improvement work stream within the Digital Directorate that seeks to improve the Trusts operational management of Information Security and Information Governance Interpret highly complex legislation and regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act and develop, implement, and enforce suitable and relevant information security policies and procedures across the Trust. To assist in ensuring all information systems and underlying technical architectures and changes to the technical environment are assessed against Information Security best practice to assure the Trust and external bodies that information held by the Trust is secure. Provide regular reports to the Head of Information Security and Governance on areas such as Project Progress, Security, in relation to upcoming threats, number of security incidents (detected and prevented) and compliance of ICT systems and equipment including patching levels. Provide support for Information Asset Owners (IAOs) through effective networking structures, sharing of relevant experience, provision of training and creation of information risk reporting structures, ensuring the completeness and accuracy of the Trusts information asset register. Assist in ensuring Digital staff are suitably trained and understand Digital Security including the generation and provision of IG and IS training at part of IG training, staff induction and specialist training sessions, such as for IAOs and IAAs (information Asset Administrators). Ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual information incidents are managed in accordance with NHS ISG requirements, leading on the assessment of all reported IG incidents Ensure the Trust responds to, and is protected against, all new threats identified within Information Security Notices and alerts (including those from CareCERT). Monitor Security systems for alerts and investigations Person Specification Qualifications Essential Masters level degree or equivalent level of experience Hold a security recognised qualification (e.g CISSP, CIPR) Knowledge Essential Knowledge of relevant information security and privacy related legislation and regulation - such as Data Protection Act 2018, Freedom of Information Act, etc. Working knowledge of the Data Security and Protection Toolkit (DSPT) Knowledge if IT systems implementation. Skills Essential Demonstrable experience in ICT/ Information Security Role Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management. Excellent working knowledge of all MS Office applications. Person Specification Qualifications Essential Masters level degree or equivalent level of experience Hold a security recognised qualification (e.g CISSP, CIPR) Knowledge Essential Knowledge of relevant information security and privacy related legislation and regulation - such as Data Protection Act 2018, Freedom of Information Act, etc. Working knowledge of the Data Security and Protection Toolkit (DSPT) Knowledge if IT systems implementation. Skills Essential Demonstrable experience in ICT/ Information Security Role Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management. Excellent working knowledge of all MS Office applications. Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Employer details Employer name South Central Ambulance Service NHS Foundation Trust Address Northern House, Unit 6 Talisman Business Centre, Talisman Road Bicester OX26 6HR Employer's website https://scasjobs.co.uk/ (Opens in a new tab)