HealthJobsUK

Swydd ddisgrifiad a phrif gyfrifoldebau manwl

A summary of responsibilities are as follows, please also refer to full job description.

Communication

• Strong verbal and written communication skills and able to chair cyber meetings, and respond to technical and non-technical cyber security enquiries.
• Responsible for communicating, developing and maintaining effective relationships with staff at all levels in the organisation and relevant external parties.
• Develop and manage a communication strategy to the relevant staff members impacted or Trust wide when delivering on short and long term strategies, relating to IT security.
• Engaging with SME’s agree, prioritise and monitor the delivery of mitigation actions

Analytical and Planning

• Work with methods such as user-centred design, Agile or Lean, ensuring that you set appropriate security expectations at different phases of discover, test, build/buy, deploy and decommission. You will assess the risk and deliver the right amount of security and governance to mitigate it. 
• Review cyber threats and vulnerabilities, evaluate and report potential risks to senior colleagues in the organisation, together with remediation plans
• Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders. 
• Co-ordinate maintenance, development, and testing of the organisations cyber security incident response plan to ensure that it is effective, aligned with industry standard best practice guidance and is robustly tested on a regular basis. 
• Share security findings to Digital SLT, as well as KPIs, KRIs, and cascade threat briefs to both technical and non-technical staff which may Including board level escalations. 
• Identify the need for and organise Cybersecurity related training in the wider organisation. 
• Provide leadership and management for the team.   
• Proactively plan and review systems and process to reduce operational and security risks.  
• Be responsible for ensuring the operation and security of the Trust’s IT systems and infrastructure is in line with current best practice, UK legislation and national guidelines, including admin rights to some systems. (these information systems are utilised by several services and this is a major part of job responsibility) 
• Provide assurance to the CISO & Board that controls are working, and patch statuses are good

Policy and Service Development

• Lead on the development and implementation of policies that encourage secure working and protect data across the Trust.
• Responsible for coordinating any future security accreditation and delivery of local, ICS and National Cyber Security strategies.
• Develop and deliver on structured short- and long-term strategic plans to address gaps in security across the Trust and meet recommended standards in Cyber Security within the organisation
• Regularly present and report to the Chief Information Security Officer (CISO) on the progress of short- and long-term strategic plans.
• Implement and monitor the progress of the short- and long-term strategic plans ensuring that adjustments are made, and issues are resolved efficiently and effectively to avoid delays with successful completion of the strategic plans.

Financial and Physical Resources

• Responsible for specification and development of costed proposals and business cases for IT Security development projects.
• Develop and support comprehensive business cases and funding bids to secure necessary internal and/or external funding to reduce cyber security risk to the organisation. 
• This is a technical management role that requires the ability to both manage a technically focused service and develop the strategy for that service. Take responsibility for delegated budget, ensuring effective planning and allocation of costs and resources relating to IT security systems.
• Engaging and organising external resources that have been recruited or commissioned to complete cyber security related work.

Staff Management

• Responsible for the direct line management of Cyber Security related job roles that sit under the organisational structure for this role.
• Monitor and manage functions/responsibilities that are carried out by staff outside of the direct line management structure. I.E., if a function or responsibility that comes under the control of the Cyber Security service sits within another staff structure the post holder will monitor and manage those staff following the appropriate escalation processes
• Participate and actively contribute, providing highly specialists advice during the negotiations between parties relating to clinical and non-clinical system designs and development process across the Trust

Information Resources

• Required to prepare reports that evaluate Cyber Threats and propose appropriate course of action to mitigate the risk
• Regularly undertakes survey, audits or research to support service development
• Modification of Cyber Security system setting to ensure appropriate monitoring is undertaken for all new digital assets and systems
• Perform root cause analysis (RCA) on security incidents and update knowledge base for future learning.