Cyber Security Manager

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Calderdale and Huddersfield NHS Foundation Trust (CHFT) are committed to equal opportunities and welcome applications from all sections of the community, regardless of any protected characteristics.

We are committed to recruiting to our values. Leading One Culture of Care underpins our values by creating an environment, tone and behaviours across all parts of the Trust that are fundamentally rooted in compassionate care.

We are open to considering a wide range of flexible working arrangements. There are opportunities to flex the days of the week, hours and times of work and place of work including: part-time, job-share, flexible working hours and the possibility to work from home when appropriate. Please talk to us during the interview process to discuss any flexibility that you may require.

We received our Silver Award from the Defence Employer Recognition Scheme which is helping actively promote SaBRE - Supporting Britain's Reservists and Employers. This means that we provided its statement of intent to support all Defence personnel and we welcome application to work for us. Find out more - Why Choose CHFT?

Our Future Plans

The Department of Health and Social Care has awarded capital funding to invest in local health services at both Calderdale Royal Hospital and Huddersfield Royal Infirmary. This is a significant investment and an opportunity to enhance services for our populations in Calderdale and Huddersfield and West Yorkshire for generations to come. To find out more, please visit https://future.cht.nhs.uk/

Job overview

The Health Informatics Service (THIS), hosted by Calderdale and Huddersfield NHS Foundation Trust (CHFT), provides a broad range of IM&T services across many diverse customer organisations. A significant part of this provision reports to the Chief Technology Officer (which accompany Operational Support and Business Intelligence services). These services are based around those functions that provide people, who have highly developed specialist knowledge, skills and experience, allowing them to facilitate, train, manage and advise across a whole range of IM&T related areas. The Cyber & IT Security Service (CITS) is one of these principal service areas.

The post holder will be a key member of the Chief Technology Officers staff and have responsibility for leading the design, delivery and continuous improvement of the CITS service, ensuring that the strategic vision for the service is developed and delivered in line with mandated national policy and our internal Governance, Risk and Compliance (GRC) Framework.

Specifically, the post holder will direct and support the Operational Technical Managers with the implementation of the strategic vision for Cyber & IT Security, across THIS, CHFT and the wider customer base, ensuring professionalisation and commercialisation are embedded as central values throughout all levels of the service.

Main duties of the job

1. To lead the development and to direct the implementation of the overall strategic vision of the CITS Service, including service/personnel development/improvement, professionalisation and commercialisation.

1. Lead on the development and implementation of the GRC Programme from a CITS perspective, ensuring all current and emerging national and locally mandated compliancy areas are encompassed (ISO27001:2013, Cyber Essentials Plus, NIS Regulation, GDPR, DATA Protection Act 2018, ENISA, DSPToolkit, OWASP top 10).

1. Lead on the strategic development of the THIS Cyber Security Service.

1. Be responsible for remaining up to date on current security threats (threat actors/attack vectors) and ensure risk assessments are applied to promote mitigation.

1. Be responsible for the research and evaluation of the latest Cyber Security, Information Security and IT Governance products and protocols.

1. Lead on the development and delivery of a range of Cyber & IT Security awareness sessions/workshops/presentations that will focus on improving cyber safety throughout the business, customer base and wider regional footprint.

1. Be responsible for the management, development, support and delivery of all CITS services delivered to both internal and external customers.

1. To create and continually develop a structure that will consistently deliver excellent service and meet all customers' requirements.

Working for our organisation

We employ more than 6,500 staff who deliver compassionate care from our two main hospitals, Calderdale Royal Hospital and Huddersfield Royal Infirmary as well as in community sites, health centres and in patients' homes. We also are incredibly proud to have almost 150 volunteers here at CHFT.

We provide a range of services including urgent and emergency care; medical; surgical; maternity; gynaecology; critical care; children's and young people's services; end of life care and outpatient and diagnostic imaging services.

We provide community health services, including sexual health services in Calderdale from Calderdale Royal and local health centres. These include Todmorden Health Centre and Broad Street Plaza.

We continue to modernise and invest in our health services to build on our strong reputation. Foundation trusts are public leaders in improving quality in health services. They are part of the NHS - yet decisions about what they do and how they do it are driven by independent boards. Boards listen to their Council of Governors and respond to the needs of their members - patients, staff and the local community.

Foundation trusts provide what the health service wants, yet are also free to invest quickly in the changes to the local community needs, in striving to be the best, and in putting their patients first.

Detailed job description and main responsibilities

Please note: This role requires Security Check (SC) clearance. Candidates must already hold this clearance or be eligible to obtain it.

Applicants must either currently hold SC clearance or be eligible and willing to undergo the Security Check vetting process.

Due to the security-sensitive nature of this role, SC clearance is required.

Strategic

• Formulate and implement the long term Cyber & IT Security Strategy and dependant Policies and Procedures, in line with THIS, CHFT, customer and national requirements

• Formulate the Health Informatics Cyber & IT Security business plan

• Scope, design and implement GRC Methodologies in conjunction with the DPO across all Trust departments

• Design CITS policies in line with existing and upcoming nationally and locally mandated compliancy requirements

• Support the senior leadership team to plan the long term development of The Health Informatics Service

• Maintain all business level certifications/accreditations - e.g. Cyber Essentials, IASME, IASME Gold, Relevant accreditations in line with DSP Toolkit.

Advisory

• Provide advice, guidance and auditing regarding:

• Audit and guide Business Asset Risk Assessments across the Trusts technical estate

• ISO27001:2013

• GDPR/NIS Regulation Technical requirements

• Cyber Essentials Plus

• Data Security and Protection Toolkit

• Cyber Incident Response, including ability to host regional calls during outages/attacks/significant vulnerabilities

• Designing and directing the internal CareCert implementation and response process across all technical teams

• CareCert/NHS England alerts and evidential reports

• Product and Service analysis pre-procurement

• Lead on security analysis of products and services pre-implementation across a wide range of service users, including Financial, Clinical, and Operational systems

• Compliance and Compensating control scoping and design

• Advise the ISMS Group on technical aspects of Trust Risk

• Tracking and reporting security performance in terms of finance, quality and key milestones to the Trust Board, ISMS Group, and GRC Governance Groups.

• Internal Management process and change management security requirement

• Advise all technical teams around mandatory actions (patching etc) as well as best practice

• Provide technical and security guidance to Project Management Boards

• Provide Technical Guidance to the Information Governance Team and DPO

• Advise on Disciplinary cases of computer misuse

• Investigate and report serious or highly sensitive security breaches.

• Facilitate and deliver appropriate security reporting across all levels of the organisation and customer base.

Educational

• Responsible for the design delivery and evaluation of:

• Technical Awareness Training

• Board Awareness Training

• Customer Organisation Awareness Training

• Skills Development Network Workshops and Seminars

Area's covered within this training included Password Design and use, Account Safety, SPAM and Phishing awareness, Open WiFi safety, Dark Web overview.

• Internal Staff Awareness of GRC principles and the interoperability of Governance Risk and Compliance.

Technical

• Across THIS, CHFT and the wider customer base, responsibility for the design, maintenance, and monitoring of:

• Corestream (GRC Business Assurance tool)

• End-point protection

• Email Protection

• Encryption Technologies

• Web Filtering

• Application control

• Data Leakage

• Mobile Device Management

• Vulnerability Testing

• Penetration Testing

• Phishing simulation campaigns

• SIEM and logging systems

• Cyber Incident Response

• OWASP top 10 compliance analysis

• Forensic Investigation/Breaches

Managerial Duties

• Line manage a number of direct reports.

• To ensure all direct reports have up to date PDR's and half yearly reviews carried out in line with relevant policy of the host.

• To ensure that all direct reports have up to date Job Descriptions and Personal Specifications outlining the expectations of their role.

• Apply and participate in effective performance review and personal development planning.

• Apply all key employment policies and guidelines.

• Minimise risk and maintain a healthy and safe working environment.

• Contribute to and ensure the smooth running of the Health Informatics Service.

• Support colleagues within the Health Informatics Service in achievement of their own and team objectives.

• Keep up to date by developing a network of personal contacts.

Financial Duties

• Ensure adherence to financial policy and practice.

• Ensure adherence to quality control mechanisms.

• Contribute to The Health Informatics Service's service development and continuous improvement strategies as/where appropriate.

• Ensure all mandatory requirements are delivered and ensure Health Informatics Service delivers best value.

• Maintain budgetary controls.

Managing Self

• Participate in regular supervision.

• Attend all mandatory training.

• Participate annually identifying, developing and agreeing your own development plan with your Line Manager using the Trust Appraisal.

• Comply with all Trust policies, procedures and protocols.

• Carry out duties with due regard to the Trust's Equal Opportunity Policy.

• Seek advice and support from Line Manager whenever necessary.

• Maintain professional conduct including appearance at all times.

• Ensure maintenance of Professional Registration.

• Willingness to work across a national footprint and throughout a multitype organisational customer base, including Primary and Secondary Care settings, Prisons, 3rd sector etc.

Person specification

QUALIFICATIONS / TRAINING

Essential criteria

• Degree standard or equivalent level of knowledge acquired through experience
• Leadership/management qualification or relevant experience
• Cyber Security Certification (e.g. C|EH, CISSP, HCISPP, CISA etc.)
• ITIL Framework Qualification or equivalent level of knowledge acquired through experience
• Professional Qualification in Governance Risk and Compliance (eg GRCP)
• Evidence of continuing professional development
• Willingness to undertake professional training relating to the role

Desirable criteria

• Forward planning to support your Personal/Professional Development Plan (PDP)

KNOWLEDGE, EXPERIENCE & EXPERTISE

Essential criteria

• A senior service delivery position within a large public/private sector organisation
• Experience of working across a complex range of health or social care organisations
• A substantial proven track record of IT Security; planning and implementation of multiple complex systems - gained from working in a range of organisations in an NHS setting
• A demonstrable understanding of the principles of modernisation in the NHS, including experience around service improvement and re-design, monitoring change and facilitating staff in changing their working practices, CareCert, GDPR etc
• An understanding of corporate governance and risk management systems and processes
• Able to develop, put in place and oversee progress tracking and reporting mechanisms which mitigate and manage delivery and operational risks
• Experience of benefits realisation
• Budget management experience, utilising standard financial budgetary controls
• Experience of Vulnerability testing methodologies
• Experience of Pen Testing Methodologies
• Experience in the use of an Enterprise level Security portfolio
• In-depth professional knowledge of relevant IM&T developments and programmes within the NHS environment and beyond, including European wide Cyber related Law
• In-depth professional knowledge of the National and Local NHS Digital Health agenda
• Flexible approach to work self-motivated and able to work on own initiative with minimum supervision and be able to handle many different competing priorities at once
• Excellent interpersonal skills. Able to effectively communicate with all levels of staff both verbally and in writing
• Ability to work nationally (with occasional overnight stays).
• Ability to work in various locations throughout the network of services provided by Calderdale and Huddersfield NHS Foundation Trust.
• Able to fulfil the health requirements of the post as identified in the Job Description, taking into account any reasonable adjustments recommended by Occupational Health.
• Ability to source, assimilate and analyse extremely complex data and information relating to wide range of services and translate into an easily understood format

Desirable criteria

• Experience of Firewall configuration and audit criteria

Our vision is to provide One Culture of Care for one another in order that we can provide compassionate care for the people who use our services. We are passionate about creating a workplace where we work together to get results, encouraging colleagues to have their say, in order to co create the change we want to see. We take pride in the diversity of our workforce that's why we encourage applications from all. Reasonable adjustments will be made for disabled applicants.

Please ensure your application is submitted with referees who can verify your employment/education history over the last three years and include valid email addresses for them. We will request electronic Factual Employment References from your previous employers. These references will be requested before you are issued with an unconditional offer of employment letter.

Candidates who require a Skilled Worker visa to work in the United Kingdom can determine the likelihood of obtaining a Certificate of Sponsorship for this position by assessing their circumstances against the criteria specified on the Check if you need a UK visa - GOV.UK website. We encourage all applicants to review these criteria carefully to understand their eligibility for sponsorship.

If you are appointed to a post, information will also be transferred into the NHS Electronic Staff Records system. The Inter-Authority Transfer (IAT) process is a critical and beneficial component of ESR and following interview your previous NHS employment data, if applicable will be transferred from your current / most recent employer.

You may be required to undertake a DBS. The Trust will administer the DBS check on your behalf and will recover the cost (Enhanced £54.40, Standard £26.40 or Basic £26.40) from your salary when you commence in post (including Internal staff). You will also be required to participate in the DBS Update Service and pay the £16 cost per year. This is a condition of your employment.

CHFT is part of the West Yorkshire Association of Acute Trusts (WYAAT), a collaborative of the NHS hospital trusts from across West Yorkshire and Harrogate working together to provide the best possible care for our patients.

If you have any questions please contact ask.recruitment@cht.nhs.uk for assistance.

Employer certification / accreditation badges

Applicant requirements

You must have appropriate UK professional registration.

Documents to download

• Cyber IT Security Manager (PDF, 480.3KB)
• person spec (PDF, 480.3KB)
• Job Description Appendix A (PDF, 259.2KB)