Information Security Manager | Guy's and St Thomas' NHS Foundation Trust

The specific responsibilities of the role will include developing and raising awareness of the Trust’s cyber security strategy, policy, standards and frameworks, embedding robust cyber security risk controls within Trust systems and services, and providing assurance that patient services and systems are being safely and securely operated in alignment with required policies and standards.

The Information Security Manager will need to form a large number of senior relationships across the Trust and more broadly across the health and care system, including clinical Strategic Business Units, key IT suppliers and Internal Audit, and will be frequently called-upon to explain the security-preparedness and cyber risk environment to Trust senior management and to key external stakeholders.

The Information Security Manager is accountable for ensuring that Guy’s and St. Thomas’ NHS Foundation Trust can protect patient data and services from cyber risk, and can meet national NHS standards for cyber security, specifically in relation to development and delivery of cyber policy and assurance.

The post holder will provideleadership and guidance on cyber risk management and reporting,and will lead on the development and delivery of the Trust’s cyber audit andassurance framework, working closely with internal business units, DT&I colleagues, key IT systems suppliers and Internal Audit.

The work will be mainly based in the Trust’s locations in central London with some travel to partner Trusts and supplier sites as necessary.

We support the personal development of our team members and offer extensive training opportunities to ensure our team operates at the forefront of cybersecurity. With a supportive environment and focus on continuous learning, you will have the opportunity to grow your career while contributing to a secure digital workplace that puts patients front and centre to all we do.

• Protect and assure patient data and services against cyber security risk, while enabling secure delivery of new patient services and systems
• Provide leadership and guidance to the Trust on cyber security policy, risk and compliance issues
• Provide leadership and support to the Cyber Security Risk Manager and team
• Deputise for the Head of Information Security when required
• Develop and drive adoption of the Trust’s cyber security strategy, policy, standards and procedures, including policy exception management, in alignment with Trust strategic objectives and with legal and NHS Digital requirements for cyber security and data protection
• Development of cyber security portfolio, including alignment with clinical and IT strategic objectives and initiatives
• Partner with business and IT leaders and key decision makers to ensure that appropriate cyber security controls are deployed and operated to time and budget
• Develop and ensure delivery of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements in cyber capability and maturity
• Shape commercially acceptable business cases and propositions for Cyber Security investment which balance cyber security risk control with accessibility, usability and cost considerations
• Lead for providing formal response to cyber security compliance elements of the NHS Digital Data Security & Protection Toolkit
• Develop and drive adoption of the Trust security risk and assurance framework
• Lead for embedding cyber risk and assurance controls within development lifecycle for Trust services and systems
• Provide direction and assurance for cyber security service development and operation, including assurance on cyber security services and systems provided by suppliers
• Lead the Trust response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals
• Assess and report on cyber security risk posture and compliance through specification and collection of relevant cyber security metrics and KPIs
• Ensure that the Trust can meet the requirements of national cyber security standards and legislation, including the Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems
• Monitor and audit Trust processes to identify gaps or weaknesses in current policy and practice, for manual and or electronic systems. Ensure all recommendations are implemented to deliver a continuous improvement in Trust service delivery
• Agree an annual audit programme with the Trust’s Internal Audit department and external auditors.
• Ensure senior Trust engagement and support for cyber initiatives through regular briefings and reports to senior management boards and forums on cyber risk posture, action planning, and compliance with required standards
• Provide colleague education and awareness on cyber threat and how to safely respond to cyber incidents
• As a member of the Trust’s senior cyber security team, ensure that cyber security considerations are effectively raised and addressed within appropriate IT and business management forums
• Set objectives for the Cyber Security Risk team, monitoring performance to assure delivery of the cyber security work programme
• Develop the skills and foster the career paths for cyber security professionals within the Cyber Risk team.
• Responsible for overseeing information security systems in place.
• Reporting on security systems in place and producing reports and audits for relevant governance forums.

This advert closes on Wednesday 19 Feb 2025