The ICT Head of Cyber Security will act as the Trust’s expert on cyber security protection, detection, response, and recovery. The ICT Head of Cyber Security will be responsible for the strategic approach to cyber threat management, and for the strategic planning of current and future IT security solutions. The post holder will manage, support and develop the Trust cyber security team.
The ICT Head of Cyber Security will own and be responsible for the completion of parts of the Data Security Assessment Toolkit in relation to ICT cyber security obligations in addition to working towards and maintaining Cyber Essentials Plus and ISO27001 certification. The post holder will work closely with a range of ICT departments, plus key stakeholders in the Trust such as the Head of IG, the Trust SIRO and the Trust Information Governance Committee. Close working relationships with other Trusts and external organisations will be required.
Main duties of the job
- Lead strategic planning for current and future IT security solutions, aligning with best practice and emerging technologies.
- Collaborate with teams to ensure compliance with security standards.
- Lead on internal and external audits and audit preparation relating to IT security.
- Maintain compliance with standards including DSPT, CareCERT, Cyber Essentials+, NIS, and ISO 27001.
- Act as the Trust’s advisor on cyber security protection, detection, response and recovery.
- Develop and advise on implementing policies, procedures, and guidance for cyber and IT security systems and processes.
- Advise ICT senior leaders to shape a robust IT security service across the department and its systems.
- Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence.
- Work with the Technical teams to maintain all security tools and technology used in the department.
- Work with technical teams to deliver and manage cyber security and compliance across internal and externally hosted systems.
- Undertake scoping and delivery of penetration tests and ensure actions are resolved.
- Support wider IT functions in the evaluation and implementation of new technology and controls.
- Define and document a security incident response program.
- Respond to high priority NHS Digital Care Cert alerts in line with NHS Digital requirements.
- Produce a monthly cyber security KPI report for the Trust Information Governance Committee and ICT senior leaders.
