Guy’s and St Thomas’ is among the UK’s busiest and most successful NHS foundation trusts. We provide a full range of hospital and community services for people in south London and as well as specialist care for patients from further afield including cancer, renal, orthopaedic, respiratory and cardiovascular services. Guy’s is home to the largest dental school in Europe and a £160 million Cancer Centre opened in 2016. As part of our commitment to provide care closer to home, in 2017 we also opened a cancer centre and a kidney treatment centre at Queen Mary’s Hospital in Sidcup. St Thomas’ has one of the largest critical care units in the UK and one of the busiest emergency departments in London. It is also home to Evelina London Children’s Hospital. Evelina London cares for local children in Lambeth and Southwark and provides specialist services across south east England including cardiac, renal and critical care services. We lead a number of specialist service networks aiming to ensure children are treated locally where possible, but have access to specialist expertise when they need it. Our community services include health visiting, school nursing and support for families of children with long-term conditions. Our adult community services teams deliver care at the heart of the local communities we serve, working in partnership with GPs, local authorities and other healthcare and voluntary sector organisations. Working with our partners in Lambeth and Southwark, we are focusing on new ways of working to improve care for local patients. In February 2021 the Royal Brompton and Harefield joined Guy’s and St Thomas’ NHS Foundation Trust, bringing together world-leading expertise in the care and research of heart and lung disease. Our merger provides a once in a generation opportunity to build a lasting, world-renowned heart and lung centre, providing the highest quality care for patients and conducting world-leading research. We have a reputation for clinical excellence and high quality teaching and research. We are part of King’s Health Partners, one of eight accredited UK academic health sciences centres. In partnership with King’s College London we have dedicated clinical research facilities including an MHRA accredited Phase I clinical trials unit. Patients are at the heart of everything we do and we pride ourselves on ensuring the best possible patient experience as well as safe, high quality care. We are proud to have one of the lowest mortality rates in the NHS. Following a comprehensive Care Quality Commission (CQC) inspection in 2019 we maintained our overall rating of ‘good’. Our adult community services achieved a rating of ‘outstanding’. The commitment of our 23,500 staff is key to our success. We are one of the largest local employers and we aim to develop and support all our staff so they are able to deliver high quality, safe and efficient care. The 2019 NHS staff survey results show that we have one of the most engaged and motivated workforces in the NHS. We know this has a positive impact on the care provided to our patients. We have one of the most ambitious capital investment programmes anywhere in the NHS. Job overview Guy’s & St. Thomas’ NHS Foundation Trust operates within the complex Health and Care ecosystem, which brings many challenges in managing the complex and diverse demands and interests of patients, users, partners, suppliers, industry and regulatory bodies. This role will be primarily responsible for supporting the Trust in improving the Trust’s cyber security posture and reducing the risk of impact from a cyber security incident. Ultimately, this role’s aim is to help the Trust to protect the data and services that our patients depend on. The specific responsibilities of the role will include ensuring that appropriate cyber security risk controls are embedded within Trust services and systems, and that patient services and systems can be safely and securely operated in alignment with Trust policy and standards. The Information Security Analyst will need to form a large number of relationships across the Trust, including with DT&I colleagues, clinical Strategic Business Units, key IT suppliers and Internal Audit, and will contribute to explaining the security-preparedness and cyber risk environment to Trust management and to key stakeholders. Main duties of the job The Information Security Analyst is accountable for helping to ensure that Guy’s and St. Thomas’ NHS Foundation Trust can protect patient data and services from cyber risk, and can meet national NHS standards for cyber security, specifically in relation to the management of cyber security risks to Trust data and Trust systems. Reporting to the Cyber Security Risk Manager, the Information Security Analyst will be responsible for helping to ensure that cyber risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards. This will include responsibility for advising, assessing and reporting on Trust information security risks and assurance actions required to improve the Trust’s cyber risk posture and to empower the Trust to deliver excellent standards of patient care. The post holder will work closely with internal business units, DT&I colleagues, key IT systems suppliers, Internal Audit, and the NHS Digital Data Security Centre. The work will be mainly based in the Trust’s locations in central London with some travel to partner Trusts and supplier sites as necessary. Working for our organisation Guy’s & St Thomas' (GSTT) is one of the largest hospital trusts in the country. Our hospitals have a long and proud history, dating back almost 900 years, and have been at the forefront of medical progress and innovation since they were founded. We continue to build on these traditions and have a reputation for clinical, teaching and research excellence. Royal Brompton and Harefield hospitals became part of Guy’s and St Thomas’ in February 2021, bringing together world-leading expertise and research in heart and lung disease. DT&I has a mandate to deliver a very broad and complex set of new patient-centric digital services and capabilities over the coming years to support the transformation of health and care. Whilst building and delivering new services and products, it is imperative that these, and our existing services and products, are maintained at the highest level of stability, performance and security. Detailed job description and main responsibilities • Assist with ensuring the protection and assurance of patient data and services against cyber security risk, while enabling secure delivery of new patient services and systems. • Assist with ensuring that cyber risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards. • Assist with qualification of cyber risk to Trust systems and data, and assist with determination of suitable risk controls to mitigate identified risks. • Monitor, assess and qualify key elements of cyber threat warnings and alerts (including those received from NHS Digital CareCERT) and assist with prioritisation and determination of remediation, working in collaboration with the Trust’s cyber operational team and with wider Trust colleagues. • Contribute to the delivery of a schedule of security vulnerability and compliance tests for Trust systems and the remediation of identified vulnerabilities. • Assist with management of major cyber incidents and investigations. • Assist with production of Cyber Risk reports and Cyber KPI reports, to help qualify and drive action to improve the Trust’s cyber risk posture. • Provide guidance and advice to the Trust on cyber security risk management. • Assist with ensuring compliance with Trust information security policy at key assurance boards, including Software Review Board and Change Approvals Board. • Assist with the delivery of key elements of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements to cyber capability and maturity. • Assist with gathering evidence in support of the Trust’s formal compliance statement against the NHS Digital Data Security & Protection Toolkit. • Assist with developing and driving adoption of the Trust cyber security risk and assurance framework. • Assist with the Trust response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals. • Assess and report on key elements of cyber security risk posture and compliancethrough collection and analysis of relevant cyber security metrics and KPIs. • Contribute to ensuring that the Trust can meet the requirements of national cyber security standards and legislation, including the Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems. • Assist with audit of Trust systems and processes to identify gaps or weaknesses in current policy and practice. • Support Trust cyber initiatives through contributing to briefings and reports on cyber risk posture, action planning, and compliance with required standards. • Assist with provision of colleague education and awareness on cyber threat and how to safely respond to cyber incidents. • Contribute to development of security risk management skills and understanding within the Information Security Team and within the wider Trust. Person specification Qualifications and Knowledge Desirable criteria Educated to Degree level, or equivalent experience, in Computer Science or a related science discipline; Evidence of continuing professional development; Subject matter expert in cyber security risk management. Previous Experience Desirable criteria At least five years’ experience of working within large, complex, and diverse technical organisations in a cyber security role; Experience of working within enterprise-scale cyber security strategies, services and teams; Experience of working within complex transformation programmes in partnership with business and IT teams. Skills and Abilities Essential criteria Ability to make pragmatic risk management decisions balanced appropriately between protection, usability, performance and cost. Ability to analyse complex problems and to develop practical and workable solutions to address them; Ability to engage and build coalitions across diverse stakeholder groups within complex, enterprise scale environments; High level of analytical skills and the ability to draw qualitive and quantitative data from a wide range of sources and present in a clear and concise manner; Demonstrates sound judgment in the absence of clear guidelines or precedent, seeking advice as necessary Desirable criteria Ability to demonstrate leadership and vision in a changing environment; Strong leadership and engagement skills to create high performing, customer-focussed teams in the context of changing requirements and ambiguity; Setting Direction Essential criteria Sound leadership and influencing skills with the ability to enthuse, motivate and involve individuals and teams; Ability to be intellectually flexible and to look beyond existing structures, ways of working, boundaries and organisations to produce more effective and innovative service delivery and partnerships; Sound judgement and astuteness in understanding and working with complex policy and diverse interest groups, and common sense in knowing when to brief “up the line” A commitment to continuous improvement in cyber security standards. Personal Qualities Essential criteria Ability to balance and manage multiple conflicting demands, calmly and confidently; Personal resilience, determination and ability to deliver positive outcomes on challenging issues. Excellent inter-personal and communications skills, with a track record in writing complex business cases and policies; Strong sense of commitment to openness, honesty and integrity in undertaking the role. Flexibility and the ability to handle a rapidly changing and ambiguous environment Ability to thrive in an often-ambiguous environment Guy’s and St Thomas’ celebrates, respects and values the diversity of its staff and patients. We review our policies, procedures and practices to ensure that all employees, patients and carers are treated equitable according to their needs. We are actively committed to ensuring that no one who applies for a job, works or study’s at the Trust, or accesses our services is discriminated against on the grounds of race, ethnicity, nationality, disability, religion or belief, age, gender identity , gender reassignment, sexual orientation, pregnancy and maternity/paternity, or marital/civil partnership. Applications are welcomed from applicants with a disability. We can make reasonable adjustments and offer support and advice in a variety of ways throughout the application process. Equality of opportunity is our policy. As an organisation we are committed to developing our services in ways that best suit the needs of our patients. This means that some staff groups will increasingly be asked to work a more flexible shift pattern so that we can offer services in the evenings or at weekends. Flexible working We are committed to supporting all employees to achieve a healthy work life balance and to work in a way that is best for them and our patients. We will consider all requests to work flexibly, taking in to account the individual’s personal circumstances as well the needs of the service. We encourage all prospective applicants to discuss their individual circumstances with the recruiting manager as part of the on-boarding process. Your e-mail address is important to us - We communicate to all job applicants via the e-mail address which has been provided on the application form. Please ensure that you check your e-mail on a regular basis. Please apply for this post by clicking "Apply Online Now." Further details / informal visits contact Name Paul Merison Job title Head of Information Security Email address [email protected] Telephone number 07596 889062