EPR Cyber Security Lead

Job overview

Assist the Cybersecurity Manager with technical matters in relation to the Trusts IT Security work programme, with specific focus on supporting the Electronic Patient Record (EPR) implementation.

Act as technical reference point for all matters related to cybersecurity and take responsibility for implementation and administration of Trust IT security systems and services.

Contribute to the evaluation, development and implementation of Trust IT security maintaining compliance with the Data Security and Protection Toolkit (DSPT) to ultimately improve the cybersecurity posture of the systems, services and data security infrastructure supported by the South Devon Health Informatics Service.

• Perform ongoing IT Security risk assessments and audits to ensure that IT Systems are adequately protected
• Coordinate with other SDHIS Teams, stakeholders and suppliers to ensure all solutions use IT Security best practices
• Collaborate with vendors, outside consultants and other 3rd parties to improve IT security within the organisation
• Provide advice and act, where necessary, in response to Audit findings and recommendations in respect of information security
• Review and advise on IT Security patches, software updates and vulnerabilities according to best practices
• Identify threats to the confidentiality, integrity, availability, accountability and relevant compliance for information systems and provide authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright law
• Maintain currency with security and security enhancing technologies and brief colleagues as needed to enable measures, to be implemented where and when necessary or desirable
• Ensure that access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed

Working for our organisation

Why Work With Us

We are a small but very supportive team who are enthusiastic about delivering a quality service by constantly challenging the way we do things; striving for continuous improvement and finding ways to work smarter.

We are an initiative-taking, caring team who are flexible and promote a healthy work/home life balance.

• Work effectively with EPR programme stakeholders to ensure programme delivery and benefits realisation
• Build and develop productive working relationships with stakeholders such as clinicians, technical & non-technical teams, other NHS organisations and suppliers
• Treat all co-workers with respect and value differences and diversity
• Establish effective communication within and between teams, reinforced by timely and professional documentation
• Uses influence & persuasion skills to secure agreement/co-operation
• Communicate highly complex technical information, tailoring approach to suit audience
• Identify priorities for system design, development and operation
• Able to analyse complex scenarios such as system failures, fault-finding, or non-optimal performance where solutions require detailed analysis and evaluation of multiple options/solutions.
• Use judgement to identify and recommend preferred options/solutions considering clinical and operational impact
• Plan, oversee and manage complex technical implementations having significant impacts on clinical and operational areas
• Manage complex workstreams involving multiple parties and/or technical disciplines
• Maintain agility of approach in response to changing priorities and developing situations
• Ensure effective scheduling and deployment of resources
• Plan non-business as usual activities such as project work effectively drawing upon established principles such as PRINCE

Person specification

Qualifications and Training

• Degree Level IT qualification or relevant equivalent experience
• ITIL4 Foundation Certification

• ISC2 CISSP/SSCP or other security related certification e.g. CompTIA Security+/MS SC-900
• ISC2 CCSP or other cloud-based security certification e.g. AZ-500/ CompTIA Cloud+
• ISACA CISM/CISA Certification

Knowledge and Experience

• Relevant experience in health service or other major large-scale customer service-oriented organisation
• Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents
• Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks
• Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security.
• Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives

• Experience of working in the NHS
• Knowledge of Data Security and Protection Toolkit requirements
• Understanding of IT Legislation, specifically GDPR, FOI and DPA

Specific Skills

• Good communication skills, personable and friendly, able to work productively and unsupervised using own initiative
• Must be a good team worker

You will be joining the organisation at an exciting time. As the first fully integrated care organisation in England, we are working to improve the way we deliver safe, high-quality health and social care. We have a positive and vibrant working atmosphere, we are proud of our investment in our staff both in terms of developing potential career skills and valuing people.

If you provide support to a family member or friend with health or care needs, we aim to be a Carer-friendly employer. We have a ‘Staff Carers’ policy which includes flexible working where possible and a Carer’s Passport scheme that links you into support and discounts.

• We reserve the right to close vacancies early if we receive a high volume of applications. Please apply promptly
• Please read the job description and tailor your application to reflect the role
• Correspondence will be via Trac, text and email. Please check your email and Trac account regularly.
• Applicants with no previous NHS experience will ordinarily be appointed to the minimum of the band
• If you have not received an invitation to interview within 28 days of the closing date, please assume that your application has been unsuccessful on this occasion
• It is your responsibility to assist us in the timely receipt of appropriate references

If you require support you can obtain this from our Equality Business Forum which has representatives from all protected groups.