Skip to main content
Please wait, loading
  1. Sector
  2. Administrative Services job search
  3. Job list
  4. Job details

Job summary

Main area
Cyber Security Manager
Grade
NHS AfC: Band 8a
Contract
Permanent
Hours
Full time - 37.5 hours per week (Participation in an oncall service)
Job ref
390-COR-SO-0277
Employer
Mid and South Essex NHS Foundation Trust
Employer type
NHS
Site
Britannia House
Town
Southend
Salary
£50,952 Per Annum (excluding oncall enhancements)
Salary period
Yearly
Closing
26/07/2024 23:59

Employer heading

Mid and South Essex NHS Foundation Trust logo

Cyber Security Manager

NHS AfC: Band 8a

Mid and South Essex NHS Foundation Trust is now one of the largest trusts in the country, serving a population of 1.2 million people. Our newly formed Trust, comprising acute hospital sites at Broomfield in Chelmsford, Basildon and Southend,  is determined to provide the best health services for its local population. We are a well-led, high-performing and innovative organisation working in the best interests of the people we serve.

 

Job overview

You will work in our busy team, delivering an outcome-focused, professional and high-quality service at all times.

As the primary point of contact for all IT security related queries, you will play a key role in the team, managing operational responsibilities, and be accountable for the day to day running of the cyber security team. 

You will utilise your broad working knowledge of the field, and as a subject matter expert, provide expert advice to the cyber and senior leadership team. Liaise with the Information Governance to ensure there is a joined-up approach between security and governance.

As a critical service for the organisation, participation in an on-call rota will be required once you have acquired sufficient organisational knowledge and experience within your role.

Main duties of the job

You will build working relationships with ease and work with a diverse group of stakeholders, communicating in a clear, concise, timely and effective manner.  

You will participate in larger pieces of security work, including the monitoring of security controls/processes and policies, provide assurance that existing controls are maintained, as well as a being proactive subject matter expert in team projects.

As a service lead you will take ownership of complex problems and drive to a successful, timely and secure resolution.

You will oversee cyber risk assessments including supply chain risk management, ensuring that security monitoring controls are robust and effective, and ensure that audit or remediation actions are completed in a timely manner.

Working for our organisation

With a workforce of approximately 15,000 staff, we can now do more and go further in delivering health services to our local communities.  

Our ambition is to deliver excellent local and specialist services, to improve the health and wellbeing of our patients, and provide a vibrant place for staff to develop, innovate and build careers.

Patients will experience improved care as well as fewer delays and cancellations.  We are able to provide more once-in-a-lifetime specialist care region-wide. With our new trust size will come more opportunities for development, research, networking and innovation.

We aim to make the most of our skills and experiences so we can become the best we can be. As one organisation we will recruit the finest and retain more specialist staff due to more employment opportunities across our Trust.

Detailed job description and main responsibilities

A summary of responsibilities are as follows, please also refer to full job description.

Communication

  • Strong verbal and written communication skills and able to chair cyber meetings, and respond to technical and non-technical cyber security enquiries.
  • Responsible for communicating, developing and maintaining effective relationships with staff at all levels in the organisation and relevant external parties.
  • Develop and manage a communication strategy to the relevant staff members impacted or Trust wide when delivering on short and long term strategies, relating to IT security.
  • Engaging with SME’s agree, prioritise and monitor the delivery of mitigation actions

Analytical and Planning

  • Work with methods such as user-centred design, Agile or Lean, ensuring that you set appropriate security expectations at different phases of discover, test, build/buy, deploy and decommission. You will assess the risk and deliver the right amount of security and governance to mitigate it. 
  • Review cyber threats and vulnerabilities, evaluate and report potential risks to senior colleagues in the organisation, together with remediation plans
  • Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders. 
  • Co-ordinate maintenance, development, and testing of the organisations cyber security incident response plan to ensure that it is effective, aligned with industry standard best practice guidance and is robustly tested on a regular basis. 
  • Share security findings to Digital SLT, as well as KPIs, KRIs, and cascade threat briefs to both technical and non-technical staff which may Including board level escalations. 
  • Identify the need for and organise Cybersecurity related training in the wider organisation. 
  • Provide leadership and management for the team.   
  • Proactively plan and review systems and process to reduce operational and security risks.  
  • Be responsible for ensuring the operation and security of the Trust’s IT systems and infrastructure is in line with current best practice, UK legislation and national guidelines, including admin rights to some systems. (these information systems are utilised by several services and this is a major part of job responsibility) 
  • Provide assurance to the CISO & Board that controls are working, and patch statuses are good

Policy and Service Development

  • Lead on the development and implementation of policies that encourage secure working and protect data across the Trust.
  • Responsible for coordinating any future security accreditation and delivery of local, ICS and National Cyber Security strategies.
  • Develop and deliver on structured short- and long-term strategic plans to address gaps in security across the Trust and meet recommended standards in Cyber Security within the organisation
  • Regularly present and report to the Chief Information Security Officer (CISO) on the progress of short- and long-term strategic plans.
  • Implement and monitor the progress of the short- and long-term strategic plans ensuring that adjustments are made, and issues are resolved efficiently and effectively to avoid delays with successful completion of the strategic plans.

Financial and Physical Resources

  • Responsible for specification and development of costed proposals and business cases for IT Security development projects.
  • Develop and support comprehensive business cases and funding bids to secure necessary internal and/or external funding to reduce cyber security risk to the organisation. 
  • This is a technical management role that requires the ability to both manage a technically focused service and develop the strategy for that service. Take responsibility for delegated budget, ensuring effective planning and allocation of costs and resources relating to IT security systems.
  • Engaging and organising external resources that have been recruited or commissioned to complete cyber security related work.

Staff Management

  • Responsible for the direct line management of Cyber Security related job roles that sit under the organisational structure for this role.
  • Monitor and manage functions/responsibilities that are carried out by staff outside of the direct line management structure. I.E., if a function or responsibility that comes under the control of the Cyber Security service sits within another staff structure the post holder will monitor and manage those staff following the appropriate escalation processes
  • Participate and actively contribute, providing highly specialists advice during the negotiations between parties relating to clinical and non-clinical system designs and development process across the Trust

Information Resources

  • Required to prepare reports that evaluate Cyber Threats and propose appropriate course of action to mitigate the risk
  • Regularly undertakes survey, audits or research to support service development
  • Modification of Cyber Security system setting to ensure appropriate monitoring is undertaken for all new digital assets and systems
  • Perform root cause analysis (RCA) on security incidents and update knowledge base for future learning.

Person specification

Qualifications

Essential criteria
  • Master’s degree level qualification relevant for the role or demonstrable equivalent level of experience.
  • CISSP (or other relevant security certification) or equivalent education, training, and experience.
Desirable criteria
  • Professional qualification or membership in Cyber Security (ISC2, BSC, NSSC, CompTIA etc.)
  • ITIL Security Management Qualification

Knowledge & Experience

Essential criteria
  • Significant experience of working in a senior or management level security role.
  • Experience of working in a large and complex multi-tiered environment
  • Previous experience of defining and implementing KPI’s/KRI’s
  • Experience in planning, implementation and upgrade of security measures and controls.
  • Strong Knowledge of technical security controls, threats and vulnerabilities and current IT and security best practice approaches and frameworks
  • Excellent analytical and troubleshooting skills, including the ability to clarify a problem, seek all relevant information, detect trends and link cause and effect, and identify the critical issues in a complex situation.
Desirable criteria
  • Previous experience of working in digital in the NHS or a healthcare setting.

Communication

Essential criteria
  • Excellent verbal and written communication skills with the ability to work with personnel at all levels, within all disciplines of the Trust
  • Proven ability for exceptional attention to detail.
  • Strong communication skills able to explain matters that are often complex and obscure to non-specialists and, good at listening and sensitively interpreting others.

Personal & People Development

Essential criteria
  • Able to anticipate wider consequences of decisions and know when to refer upwards.
  • The ability to work under pressure, manage changing priorities, whilst meeting targets and deadlines to expected levels of quality.

Employer certification / accreditation badges

Trust IDNHS Employers Diversity and Inclusion PartnersApprenticeships logoNo smoking policyMenopause Friendly EmployerArmed Forces Covenant (Silver Award)https://www.gov.uk/government/publications/kickstart-scheme-employer-resources/kickstart-scheme-brand-guidelinesStonewall Silver 2022Disability confident employerNHS Rainbow badgeNHS Pastoral CareNHS 75th Birthday

Applicant requirements

The postholder will have regular contact with vulnerable people and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.

Documents to download

Apply online now

Further details / informal visits contact

Name
Kate Thompson
Job title
Chief Information Security Officer
Email address
[email protected]
Telephone number
07758221733

List jobs with Mid and South Essex NHS Foundation Trust in Administrative Services or all sectors

Apply online nowAlert me to similar vacancies
  1. Sector
  2. Administrative Services job search
  3. Job list
  4. Job details