Head of Cyber Security

Job Description

Woodrow Mercer is recruiting a Head of Cyber Security for a not–for–profit community interest company providing a diverse range of services to the NHS frontline, including urgent and emergency care, primary care, out of hours services and NHS111. Theycare for patients across the West and East Midlands – a population totalling around 14 million. As a socially conscious organisation, they provide compassionate, high–quality care to their patients and offer a supportive work environment.About the roleAs the Head of Cyber Security, you will be responsible for ensuring that the technology, infrastructure, systems and supporting processes, collectively provide appropriate and cost–effective protection against cyber threats and all identified security risksfor the benefit of the organisation and wider regional / national bodies.Responsibilities:

• Delivery of a cyber safe and compliant environment with ability to deliver assurance to the business.
• Manage, monitor, and improve business processes towards the delivery of a safe cyber environment for the business.
• Lead, support and deliver certification / assurance of nationally mandated requirements of DSPT, CyberEssentials & Cyber related ISO standards.
• To act as the designated specialist on Cyber Security for the Business and to provide an expert specialist advice service, in accordance with national and local digital security standards and best practice.
• Has good technical understanding and the aptitude to remain up to date with digital security developments.
• Possesses an in–depth understanding of the digital security services used by the Business.
• Is effective and persuasive in both non–technical language written and oral communication.
• Uses security management systems software and appropriate analysis equipment to collect routine threat statistics to model Business vulnerabilities, creating management reports, including proposals for improvement.
• Investigates and diagnoses complex security problems, working with users, other staff, and suppliers as appropriate to maintain the integrity of the Businesss digital security.
• Possess a broad understanding of business and technical issues. Possesses well developed management skills, with particular emphasis on interpersonal skills and the ability to motivate staff.
• Shows the ability to delegate effectively to technical staff, whilst maintaining full management control.
• Demonstrates the special leadership skills needed to handle innovation and change resulting from the implementation of new security solutions and services.
• Possess the ability to analyse, interpret and resolve highly complex digital security problems where there is no precedent and where other leading opinions may conflict, against a backdrop of changing operational priorities.
• To be responsible for the development, production, review, and update of Digital related security documentation including, and not limited to:

– Information Security Policy (Owned by Information Governance, Cyber Input)– Internet Policy (Owned by Information Governance, Cyber Input)– Email policy (Owned by Information Governance, Cyber Input)– Anti–virus Policy– Network & Remote Access Security Policies– Bring Your Own Device (BYOD) Policy– Logging and monitoring policy.Essential Skills:

• Educated to masters degree level, equivalent in an IT professional qualification or equivalent experience.
• Qualification in Information / Cyber Security (CISB, CISSP) or equivalent experience.
• Extensive experience of managing security improvement programmes within a healthcare / NHS setting
• Experience of developing Information Security policies in a complex environment where confidential information is stored.
• Experience of delivering an Information Security service to a large complex organisation using confidential information
• Prior experience performing security reviews and risk assessment.
• Experience of managing cyber incidents, response, and actions
• Ability to generate statistics/analysis and write reports on Business security environment.
• Knowledge of the Information Governance Toolkit (or equivalent standards)
• Ability to explain complex technical or legal issues to a non–technical audience (Essential)
• Ability to prepare and produce concise yet insightful communications for dissemination to senior stakeholders and a broad range of stakeholders as required (Essential)
• Ability to analyse very complex issues where material is conflicting and drawn from multiple sources.
• Experience of setting up and implementing internal policies, processes, and procedures
• Knowledge of common technologies such as Windows OS, email infrastructure, datacentres, network administration
• Demonstrated ability to perform phishing and Malware analysis. System and/or network administration (Windows/UNIX/Cisco)

Desirable Skills:

• Project Management Knowledge (Prince 2)
• Certified Ethical Hacker Experience of NHS structures and systems Contract & supplier management
• Understanding of the role of health informatics
• Appreciation of the strategic implications of IM&T in the NHS & Associated Healthcare providers
• Appreciation of common Healthcare HR policies, Health & Safety policies, Data Protection Act, Freedom of Information Act, Caldicott guidelines
• Car owner

In return, we can offer:Joining means you will receive some great benefits. This will include access to the NHS pension scheme – alongside a generous annual leave allowance that grows with your length of service or recognises your existing NHS commitment. We provide an incrementalsick pay scheme and family friendly policies like maternity and paternity pay that match the NHS offer, alongside working enhancements including an additional 30 – 45% of annual salary for unsociable hours benefit (earning potential will vary on shift days/ times). We will also support your health and wellbeing – with complementary Westfield Health Insurance membership which covers basic costs like your dental care, glasses, physiotherapy, chiropody and many more.