Employer King's College Hospital NHS Foundation Trust
Employer type NHS
Site Denmark Hill
Town London
Salary £70,387 - £80,465 per annum inc HCA's
Salary period Yearly
Closing 09/04/2025 23:59
King’s College Hospital NHS Foundation Trust is one of the UK’s largest and busiest teaching Trusts with a turnover of c£1.8 billion, 1.5 million patient contacts a year and more than 15,000 staff based across 5 main sites in South East London. The Trust provides a full range of local hospital services across its different sites, and specialist services from King’s College Hospital (KCH) sites at Denmark Hill in Camberwell and at the Princess Royal University Hospital (PRUH) site in the London Borough of Bromley.
We encourage all our staff to have a healthy work/life balance. In doing so, you can apply for flexible working from the beginning of your employment. We offer a range of options which are designed to suit different circumstances and priorities in line with service requirements.
The ICT Head of Cyber Security will act as the Trust's expert on cyber security protection, detection, response, and recovery. The ICT Head of Cyber Security will be responsible for the strategic approach to cyber threat management, the strategic planning of current and future IT security solutions. The post holder will manage, support and develop the Trust cyber security team.
The ICT Head of Cyber Security will own and be responsible for the completion of parts of the Data Security Assessment Toolkit in relation to ICT cyber security obligations in addition to maintaining our ISO 27001 certification, and supporting our ambition to gain HIMMS 7 accreditation. The post holder will work closely with a range of ICT departments, plus key stakeholders in the Trust such as the Head of IG, the Trust SIRO and the Trust Information Governance Committee. Close working relationship with other Trusts and external organisations will be required.
Main duties of the job
* Lead the strategic planning of current and future IT security solutions, researching and reviewing recognised best practice and upcoming changes to technology.
* Define and agree an appropriate target security structure with key stakeholders giving due regard to risks threats and vulnerabilities.
* Lead on internal and external audits and audit preparation relating to IT security.
* Maintain compliance with various standards in place e.g. Data Security and Protection Toolkit, CareCERT, Cyber Essentials+, Network and Information Systems Regulations etc. ISO 27001, HIMSS.
* Act as the Trust's advisor on cyber security protection, detection, response and recovery.
* Develop and advise in the implementation of policies, procedures and guidance documentation for all relevant Cyber and IT security related systems / processes.
* Provide advice to the ICT senior leaders group to influence the creation of a robust IT security service across the ICT department and its application estate.
* Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence.
* Work in conjunction with the Technical teams to maintain all security tools and technology used in the department.
* Work in conjunction with the Technical teams to develop, deploy and manage Cyber Security and legal / regulatory compliance across the internal infrastructure and externally hosted systems ensuring systems are operational 24x7, monitored and restricted.
Working for our organisation
King’s College Hospital NHS Foundation Trust is one of the UK’s largest and busiest teaching Trusts with a turnover of c£1.8 billion, 1.5 million patient contacts a year and more than 15,000 staff based across South East London. The Trust provides a full range of local and specialist services across its five sites. The trust-wide strategy of Strong Roots, Global Reach is our Vision to be BOLD, Brilliant people, Outstanding care, Leaders in Research, Innovation and Education, Diversity, Equality and Inclusion at the heart of everything we do. By being person-centred, digitally-enabled, and focused on sustainability, we aim to take Team King’s to another level.
We are at a pivotal point in our history and we require individuals who are ready to join a highly professional team and make a real, lasting difference to our patients and our people.
King’s is committed to delivering Sustainable Healthcare for All via our Green Plan. In line with national Greener NHS ambitions, we have set net zero carbon targets of 2040 for our NHS Carbon Footprint and 2045 for our NHS Carbon Footprint Plus. Everyone’s contribution is required in order to meet the goals set out in our Green Plan and we encourage all staff to work responsibly, minimising their contributions to the Trust’s carbon emissions, waste and pollution wherever possible.
Detailed job description and main responsibilities
* Undertake scoping and delivery of penetration tests and ensure actions from vulnerability assessments are resolved.
* Supporting wider IT functions in the evaluation and implementation of new technology and controls.
* Defining and documenting a security incident response program.
* Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements.
* Produce a monthly cyber security report of KPI’s to be made available to the Trust Information Governance Steering Group and ICT senior leaders group.
* Lead on the Change Management process within the ICT Department.
Policy and Service Development
* Maintain, update and implement Trust policies in scope of the ICT department covering all aspects of information security and Cyber activities.
* Draft, develop, implement and maintain a portfolio of policies relating to all aspects of Cyber Security within ICT.
* Ensure compliance with Trust policy and procedures are fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums.
* Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live.
* Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures.
* Identify, propose and implement any changes to practices, procedures required in departmental and user environment to improve service levels.
* Ensuring that all cyber security risks are updated and managed via the Trust risk and issues process.
Financial and Physical Resources
* Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure.
* Advise departments on the security of IT equipment.
* Monitor and advise on software licence compliance in association with the Software Asset Manager.
* Advice and guidance on the purchase of IT security equipment.
* Exercise duty of care when using Trust equipment i.e. computers and software.
* Advise ICT senior leaders group on the most cost effective method for maintaining the integrity and security of data and equipment.
Research and Development
* Regularly research security developments and requirements, linking into national forums and support from the National Cyber security Centre.
* Regularly research Virus and security alerts provided by NHS information security service.
* Keep up to date with developments in IT Infrastructure and related technologies.
* Contribute to the ICT Cyber security approach and strategy.
* To undertake surveys and compliance audits determined by legislation and national guidelines, using both online and developed information systems when necessary, to ascertain scores against the standards.
Staff Management
* Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.
* Line management of the technical staff within the cyber security team. Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.
* Ensure the team is compliant with all statutory, mandatory training together with any professional training requirements, ensuring they are up to date and fully compliant.
* Manage team absences including sickness in line with Trust policy ensuring the appropriate return to work meetings occur, e-roster is updated and productivity is at the highest possible level.
* Identify and fill any vacancies that arise within the team in line with the Trust’s recruitment policy and process.
* Identify talent and support the internal talent management process in order to attract and retain and succession plan for your people. Participate in a combination of knowledge transfer and training initiatives to support both personal development and service enhancement.
* Review skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up to date.
* Ensure overall wellbeing of the team is maintained. Continuously support in improving the morale of the team and implementing a culture of zero-tolerance for bullying and harassment.
* Ensuring performance issues are dealt with in an appropriate and timely manner and follow the Trust's Disciplinary or Performance Procedures where formal action is necessary.
* Ensuring that working practice complies with the Trust's policies and procedures for Data Protection, Confidentiality and Health and Safety ensuring the environment in which you and your staff work is safe, clean and tidy.
* Observing and continually promoting equal opportunities in compliance with the Trust's policies and values.
* Developing team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure.
Person specification
Education and Qualifications
* Educated to Degree Level or significant Cyber Security Experience plus Master’s Level or equivalent experience.
* Hold and retain a security industry recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP).
* ITIL Foundation, Prince 2 Foundation, Knowledge of the full product development lifecycle.
Knowledge and Experience
* Broad based technical knowledge covering all aspects of infrastructure from networking, end user devices through to servers and data centres.
* Ability to converse fluently, logically and confidently with a wide range of levels of staff; possess good interpersonal and communication skills.
* Broad experience using a range of cyber security software and applications (Access control software, anti-virus software, network monitoring tools, Microsoft security features, PAMs, internet monitoring tools, email monitoring tools).
* Experience of working in NHS cyber security regulatory environments or similar organisations.
* Staff management and development experience of complex technical teams.
Skills and Competencies
* Excellent communication, interpersonal and influencing skills.
IMPORTANT
* Check your email account regularly as this is how we will communicate with you.
* If you delete the job from any of your accounts, you may be prevented from accessing further communications.
* To enquire about your application or inform us of any changes in your circumstances, please contact the named person on this advert.
* Please provide email addresses for referees where possible.
* Please review the documentation on our recruitment microsite, particularly the Trust’s criminal records checking policy.
* All staff have a responsibility for safeguarding children and vulnerable adults and for ensuring they are aware of the specific duties relating to their role.
* Please note that the closing date is given as a guide. On occasion, we might close a vacancy early due to a high number of applications being received. You are advised to submit your application as early as possible to avoid disappointment.
#J-18808-Ljbffr