HTA IT Cyber & Security Compliance Manager- Human Tissue Authority

Salary: Grade 2: £30,000- £42,000 per annum, successful candidates can be expected to be appointed at the minimum of the band.

Contracted Hours: Fulltime – 36 hours per week

Contract Type: Permanent

Location: Homebased or Hybrid working (London-based office)

Closing Date: Tuesday 15th July 2025 at 11.59pm

Telephone Interviews: W/C 4th August 2025

Final Interview: W/C 21st August 2025

Please note CQC are advertising this role on behalf of the Human Tissue Authority. This role is NOT open to applications from those who will require sponsorship under the points-based system. Should you apply for this role and be found to require sponsorship, your application will be rejected, and any provisional offer of employment withdrawn.

About the Human Tissue Authority… The Human Tissue Authority’s (HTA’s) primary goal is to protect public and professional confidence in the safe and ethical use of human tissue. We are the national independent regulator for organisations that remove, store and use tissue for research, medical treatment, post-mortem examination, teaching and public display. We also approve organ and bone marrow donations from living people. With the interests of the public and those we regulate at the centre of our work, we aim to maintain confidence by ensuring that human tissue is used safely and ethically, with proper consent.

Why this could be a great role for you…. An opportunity has become available within HTA’s Data, Technology & Development team for an experienced IT professional to join the team. The role will be responsible for ensuring best practices against Cyber Security Frameworks, identifying and managing cyber security threats and maintaining a strong IT security posture. This role is hands-on with the successful candidate being able to generate accurate reporting and bring proposed solutions to the Head of IT to mitigate any identified threats. This role will also work closely with our third-party to support the delivery of a safe and secure network infrastructure.

What you will bring….. To succeed in the role, you will have experience as an IT professional (or similar) with working experience and technical expertise, strong data analytical knowledge and application, with a passion for Cyber Security. You will be an effective communicator who is willing to make challenging and fair decisions about potential risk identified in our Cyber Landscape, produce evidential based reporting to back up the identification and present suitable mitigation solutions to manage the potential risk. As the role is varied, you will also be able to manage multiple tasks and workstreams simultaneously, ensuring effective prioritisation in line with emerging needs. Your role is vital in ensuring the HTA remains secure and that our people, data and technology are protected from Cyber Threats and potential Attack.

In summary you will:

• Complete daily proactive checks of our core essential functions, recording any potential threats and advising the Head of IT on mitigations and remediations.
• Guide, inform and support the submission of compliance-based assessments mandated by the Government such as the Cyber Assessment Framework.
• Attend and engage as an advocate for the HTA in forums and conferences to help gauge knowledge and experiences across other ALB organisations.
• Proactively analyse and report against potential third-party threats from external sources.
• Maintain and record potential risks against the IT Risk Register, escalating these to the Head of IT where appropriate.
• Support other business leaders within the organisation around their security posture.
• Aid and support their development in enhancing their knowledge.
• Supporting on the reporting mechanisms for the Director of Data, Technology and Development, Head of IT and ARAC.
• Identify and implement new security measures to improve the Cyber Security posture of the HTA.
• Analyse and monitor inbound and outbound mail flow to identify any potential risks and escalate accordingly.
• Work closely with our Third-Party support on all aspects of IT in collaboration with the IT Business Systems and Operations Manager.
• Lead on the annual Penetration and Vulnerability Assessment, working with potential stakeholders and suppliers to ratify any potential threats.
• In conjunction with the IT Business Systems and Operations Manager provide support, guidance and cover as necessary to maintain the provision of a core IT service.
• Evaluate and analyse tools that operate within an Artificial Intelligent framework.
• Contribute as instructed in the review and implementation of HTA IT policies to ensure compliance and adherence across all policies.
• Lead on the development and implementation of a programme of regular Cyber Security and wider system spot checks reviewing the resilience and reliability of systems, analysing access controls and elevated security rights.
• Analyse and review the usage of our Data across all HTA Core Systems to ensure that data is stored, managed and transmitted in line with GDPR and HTA policies.
• Gather and maintain working evidence of good security management to align with the requirements and assurances within the Cyber Assessment Framework.
• Lead on the development of a programme to perform regular recovery validation exercises to analyse the validity of our backups and ensure that these are fit for purpose.
• Monitor user account activity to provide assurance on adherence to policies and respond to any activity that may appear suspicious.
• Manage any Cyber Security Incident working with any associated third parties, reporting these through the business hierarchy.
• Work closely with our Third-Party on any Respond to an NHS Cyber Alert (RTANCA) notification.

Essential Criteria:

• A degree or equivalent qualification in IT.
• A minimum of 3 years work experience in IT and within a Cyber Security based role.
• Excellent communication and interpersonal skills to write and verbalise potential complex issues and reports.
• Ability to work independently and across multi-functional teams in a homeworking environment, with collaboration to help deliver secure services.
• Strong interpersonal skills, including the ability to influence and collaborate with stakeholders and establish good working relationships.
• Experience of being able to effectively prioritise and organise work, including while under pressure.

Desirable criteria:

• Knowledge of the NHS digital frameworks and being a member of the CAN.
• Understanding of project management methodologies and previous experience of project delivery and support.
• Previous delivery of the Data Protection Security Toolkit and understanding of compliance-based frameworks.

What we can offer you…. Your health and wellbeing is important to us and we support you through generous annual leave (32.5 days, plus eight Bank Holidays), a cycle to work scheme, a subsidised gym membership and an eye care initiative. We also offer membership of the NHS pension scheme. While our office is based in Stratford, London, we offer a flexible office-based contract (requiring a minimum of 1 day a week in the office) or a remote-working home-based contract (requiring you to attend the office when there is a business need). We ensure that our home-based workers are also kitted out with what they need to comfortably work from home. We welcome candidates from all backgrounds, and especially welcome individuals from underrepresented groups.

Individual adjustments... We are committed to being open and transparent around our processes and we endeavour to offer every candidate the opportunity to perform at their best throughout the recruitment process. We seek to support candidates to identify potential challenges and work with them to identify and facilitate reasonable adjustments as appropriate. Should you require assistance and/or would like to request a reasonable adjustment at any stage of the recruitment process, please contact a member of the team via email: recruitment@cqc.org.uk