Cyber Security Manager

In July 2021 we formed the University Hospitals of Northamptonshire NHS Group, bringing together the constituent organisations of Kettering General Hospital NHS Foundation Trust and Northampton General Hospital NHS Trust. We have agreed an ambitious Group Strategy 'Dedicated to Excellence' which sets out our strategic ambitions and priorities for the next five years and we have also launched our Group Digital Strategy, which sets out our ambitions to become the most digital hospital in England.
Across our Digital portfolio we are working to the following principles:
+ Putting users' needs first
+ Designing for simplicity
+ Working in an agile way
+ Doing things once across the Group
+ Communicating and engaging throughout
The post holder will lead on Cyber Security for the Group and be an enabler to the delivery of the Group Digital Strategy ambitions.
The post holder will develop and build on current Cyber Security policies and processes providing a significant level of assurance.
The post holder will be responsible for the leadership and effective management of the Cyber Security team for the Group, ensuring the protection of all data held within the Group.
The post holder will ensure that processes are documented, and they are managed to effectively deliver the performance required within an ICT security setting and following industry best practice.
There will be a requirement to be part of an on-call 24

• 7 rota., + Be responsible, on behalf of the Digital function across the Group, for providing evidence for the achievement of Information Governance Toolkit standards in relation to Data Protection, Confidentiality, Information Security and National Cyber Security Centre (NCSC).

+ Responsible and accountable for the ongoing management and reporting of security alerts and vulnerabilities in line with NHS Digital CareCert.
+ Responsible for reviewing and continually improving Cyber Security to that ensure robust systems are in place for monitoring data protection and information security incidents across the Group.
+ Provide expert advice to the Group on Cyber Security.
+ Responsible for ensuring that all risks and issues relating to Cyber Security are fully documented, risk assessments undertaken and recorded on the Group's risk management systems as well as the Digital risk register.
+ Responsible for co-ordinating the necessary response and resolution activities following a suspected or actual security incident or breach. Keeping the SIRO and information asset owners (IAO's) informed of security incidents, impacts and causes, resulting actions and learning outcomes.
+ Create, maintain, and adopt continuous service improvement in relation to the Information Governance Data Security Protection Toolkit (DSPT) action plans for the Group. This involves the assessment of Group systems, processes, and policies against the toolkit assertions.
+ Participate in an on-call rota for ICT., + Support Information Governance and Data protection functions for the Group to achieve the highest standards of information security, emphasising data protection issues.
+ Contribute to the Groups Electronic Information Asset Register to include auditing of all information systems, providing a significant level of assurance.
+ Be responsible, on behalf of the Digital function across the Group, for providing evidence for the achievement of Information Governance Toolkit standards in relation to Data Protection, Confidentiality, Information Security and National Cyber Security Centre (NCSC).
+ Responsible and accountable for the ongoing management and reporting of security alerts and vulnerabilities in line with NHS Digital CareCert.
+ Responsible for reviewing and continually improving Cyber Security to that ensure robust systems are in place for monitoring data protection and information security incidents across the Group.
+ Take a lead on Cyber Security and represent the Group in leadership forums as necessary.
+ Provide expert advice to the Group on Cyber Security.
+ Complete Information Security risk assessments on, sometimes, highly intricate business decisions and systems.
+ To create, distribute and manage information security plans that will feed into the wider Digital and Group strategies.
+ Responsible for the formulation and development of information security plans and strategies to enable the successful completion and implementation of new systems.
+ Responsible for ensuring that all risks and issues relating to Cyber Security are fully documented, risk assessments undertaken and recorded on the Group's risk management systems as well as the Digital risk register.
+ Develop information security strategies, roadmaps, business cases and remediation plans.
+ Create and maintain specialist Cyber Security Awareness training for use by the Group.
+ Responsible for co-ordinating the necessary response and resolution activities following a suspected or actual security incident or breach. Keeping the SIRO and information asset owners (IAO's) informed of security incidents, impacts and causes, resulting actions and learning outcomes.
+ Manage and commission regular penetration tests for the Group providing reports and action plans based on the complex testing reports.
+ Create, maintain, and adopt continuous service improvement in relation to the Information Governance Data Security Protection Toolkit (DSPT) action plans for the Group. This involves the assessment of Group systems, processes, and policies against the toolkit assertions.
+ To regularly create reports and present them on the Groups Cyber Security stance for governance forums such as, but not limited to Group Digital Hospital Committee (GDHC), Group Digital Operational Meeting (GDOM), Information Governance Group (IGG) and Data Governance Group (DGG).
+ Ability and capacity to quickly absorb and understand large amounts of complex, service, financial, legal and policy information, whether in written, verbal, numerical, analytical, and electronic forms.
+ Contribute to the successful recruitment and retention for staff.
+ Work with the Digital Leadership Team to develop, and gain approval for, sound business cases in support of strategic ICT investments.
+ Participate in an on-call rota for ICT.
Management and Leadership
+ Proactively and positively contribute to the ICT leadership team by taking part in appropriate planning & development and providing digital services & solutions leadership.
+ Work closely with the Head of Clinical Systems and Head of Digital Transformation and Innovation on upgrades and policies/procedures.
+ Working with the Head of ICT, Deputy ICT and other ICT Senior Managers, support the development and implementation of the Group Digital Strategy, in line with Group, Trust and National priorities and initiatives, and leading digital techniques. Ensure implementation in functional area of responsibility.
+ Develop, line manage, and support individuals and teams that are highly skilled, effective, engaged and highly motivated.
+ Ensure best practice in managing staff is adopted and maintained, including regular performance appraisal, effective two-way communication, and implementation of processes to ensure personnel work in a responsible, safe manner and have due regard for health & safety regulations.
+ Take shared responsibility for the financial performance of the Cyber Security team, including achievement of financial targets, balancing potentially conflicting demands of budgetary requirements and service requirements.
+ Act as authorised signatory for timesheets, travel expenses etc. for staff within the ICT function.
+ Drive through the delivery of ambitious targets to continually improve performance within the Cyber Security team.
+ As a member of the ICT leadership team, collaborate closely with other leading colleagues to support the efficient functioning of the ICT department.
+ Champion and role model the Group's values and behaviours and support others in doing so to deliver the Group Vision and Mission successfully
+ Deputise for the Head of ICT as necessary and where appropriate.
Technical Service Delivery
+ The post holder will have a broad understanding of ICT and specialist knowledge in several key technologies such as firewalls, SIEM, vulnerability scanning and detection, anti-virus, and intrusion detection.
+ Management and delivery of Cyber Security technical and infrastructure services to the Group.
+ Research the ICT supplier market and advances in cyber technical developments, with the aim of utilising new approaches and technologies to benefit the Group and ultimately clinical and patient services.
+ Ensure appropriate procedures are in place for testing new ICT security systems and applications and ensure these comply with relevant NHS standards.
+ Ensure that progressive solutions, which consider models of best practice, are incorporated into service plans.
+ Manage the Cyber Security team and their budgets and relevant project / capital budgets ensuring excellent financial control and forward planning.
+ Review service needs with users and other stakeholders. Evaluate and continuously improve performance and ensure all service KPIs are met or exceeded. Resolve complex service issues and conflicting priorities. Work within available resource to achieve optimum performance.
+ To ensure cyber security arrangements are in place to protect the Group; to monitor the effectiveness of arrangements; to have robust processes in place to address emergence of threats; initiate regular security testing and ensuring resulting action plans are addressed.
+ Ensure that routine maintenance and remedial work is appropriately scheduled and undertaken so that it does not adversely impact the availability of business-critical systems.
+ Ensure that all digital systems & services that are managed by the Cyber Security team have an appropriate degree of robustness, and disaster recovery plans in line with agreed priorities based upon likelihood and impact.
Performance
+ Set performance standards for the Cyber Security team, including KPIs, report on achievement against these, assist in reviewing working practices and contribute in devising improved ways of working where necessary to enhance the efficiency and effectiveness of services delivered.
+ Ensure systems are in place to routinely analyse and manage ICT resource utilisation in the Cyber Security team in order to provide efficient and optimised digital services.
+ Work closely with the hardware and software asset analyst to ensure that software license usage is managed within authorized limits, and that regular compliance auditing is undertaken to assure that the Group does not breach contractual or legal obligations.
Advice, guidance, and partnerships
+ Provide expert technical and professional advice regarding Cyber Security.
+ Provide leadership and expert knowledge in the implementation and delivery of Cyber Security modelled around agreed methodologies.
+ Represent the Digital portfolio at local levels, developing partnerships, sharing best practice, and integrating knowledge across the Group.
+ Represent the Group, where appropriate, in dealings with partner organisations and outside bodies on Cyber Security and technical issues.
+ Build good relationships and ensure effective ICT partnerships with other organisations across the ICS, locally, regionally, and nationally.
+ Forming constructive relationships with suppliers to optimise the delivery of solutions and maximise the Group's influence on the future direction of the suppliers' products
Policies and procedures
+ Ensure that the Cyber Security team has in place appropriate and up to date policies, guidelines, standard operating procedures, and standards covering the use and management of all ICT services, resources, and assets (physical and data). Ensure that policies are kept up to date, are in line with National policy, standards, and guidance, and comply with all relevant legislative requirements.
+ Ensure the security of ICT assets (physical and data). Identify and evaluate risks, formulate plans / contingencies to mitigate risks, and agree plans with stakeholders.
+ Ensure that appropriate disaster recovery and business continuity procedures are in place for critical systems within the responsibility of the Cyber Security team and that disaster recovery testing is performed in line with scheduled plans.
+ Liaise with internal and external auditors to ensure that an appropriate Cyber Security audit programme is in place, commensurate with risk and all accepted audit recommendations are completed promptly
Professional and Personal Development
+ The post holder will need to develop and maintain their own knowledge of developments and legislation relevant to the service area and ensure that each function reflects current professional guidance and standards., Applications will be transferred to TRAC system, by completing an application your are giving authorisation for the transfer of your data.
Correspondence regarding your application will be sent to you via a TRAC system account.
Please submit your application as soon as possible; due to the high volumes of applications we receive and we reserve the right to close any adverts before the closing date once we have received sufficient applications.
We are an equal opportunities employer, which aims to employ a workforce that reflects the diverse communities we serve. We welcome applications from all suitably qualified persons from all backgrounds.
We welcome applications from members of our black and minority ethnic (BME) communities, especially in relation to senior posts within at KGH.
Applicants who have a disability and meet the essential criteria for the job will be interviewed if you indicate you wish to be considered under the Guaranteed Interview Scheme. If you require a reasonable adjustment at any stage of the recruitment process please make the recruitment services team aware as soon as possible.
Appointments will be made on merit.
In submitting an application form, you authorise Kettering General Hospital (KGH) NHS Foundation Trust to confirm any previous NHS service details via the Electronic Staff Record (ESR) Inter Authority Transfer (IAT) process. Including factual reference, occupational health clearance and statutory and mandatory training record.
If you need to have a Disclosure Barring Service (DBS) check, as a requirement of the role, you will be required to repay the cost of obtaining a DBS check (£50) and this amount will be reclaimed from your first salary. From 1st February 2019 all new starters to the Trust are required to join the DBS update service as per Trust DBS Re-checking Policy which has an annual cost of £13. New employees who do not join the update service will be required to pay £50 for a new DBS check in 3 years time.
Please note that news starters with KGH are subject to a six month probationary period.
Please ensure that the information you provide on your application form is correct, accurate and that nothing has been omitted. Any information that is stated in your application form in relation to qualifications/training courses/work/education experience/references must be able to be evidenced. Failure to do so may result if your offer being withdrawn.
"Safeguarding is everyone's business. KGH considers Safeguarding a priority amongst its citizen's and a key value for all employed to the service."
We want to recruit the best people to deliver our services across the University Hospitals of Northamptonshire and help to unleash everyone's full potential. As an organisation, we value how we communicate and promote our vacancies to all communities. The Hospital Group encourages applications from people who identify from all protected groups, especially those from BAME, Disabled and LGBTQ+ backgrounds as these are underrepresented in our hospitals. We understand that we need to work with colleagues from diverse backgrounds and make sure the environment they work in is inclusive and collaborative. We have active Networks that promote and support colleagues from all backgrounds. This ensures everyone feels supported and has a sense of belonging working for Kettering and Northampton General Hospitals.