Guy’s and St Thomas’ is among the UK’s busiest and most successful NHS foundation trusts. We provide a full range of hospital and community services for people in south London and as well as specialist care for patients from further afield including cancer, renal, orthopaedic, respiratory and cardiovascular services. Guy’s is home to the largest dental school in Europe and a £160 million Cancer Centre opened in 2016. As part of our commitment to provide care closer to home, in 2017 we also opened a cancer centre and a kidney treatment centre at Queen Mary’s Hospital in Sidcup. St Thomas’ has one of the largest critical care units in the UK and one of the busiest emergency departments in London. It is also home to Evelina London Children’s Hospital. Evelina London cares for local children in Lambeth and Southwark and provides specialist services across south east England including cardiac, renal and critical care services. We lead a number of specialist service networks aiming to ensure children are treated locally where possible, but have access to specialist expertise when they need it. Our community services include health visiting, school nursing and support for families of children with long-term conditions. Our adult community services teams deliver care at the heart of the local communities we serve, working in partnership with GPs, local authorities and other healthcare and voluntary sector organisations. Working with our partners in Lambeth and Southwark, we are focusing on new ways of working to improve care for local patients. In February 2021 the Royal Brompton and Harefield joined Guy’s and St Thomas’ NHS Foundation Trust, bringing together world-leading expertise in the care and research of heart and lung disease. Our merger provides a once in a generation opportunity to build a lasting, world-renowned heart and lung centre, providing the highest quality care for patients and conducting world-leading research. We have a reputation for clinical excellence and high quality teaching and research. We are part of King’s Health Partners, one of eight accredited UK academic health sciences centres. In partnership with King’s College London we have dedicated clinical research facilities including an MHRA accredited Phase I clinical trials unit. Patients are at the heart of everything we do and we pride ourselves on ensuring the best possible patient experience as well as safe, high quality care. We are proud to have one of the lowest mortality rates in the NHS. Following a comprehensive Care Quality Commission (CQC) inspection in 2019 we maintained our overall rating of ‘good’. Our adult community services achieved a rating of ‘outstanding’. The commitment of our 23,500 staff is key to our success. We are one of the largest local employers and we aim to develop and support all our staff so they are able to deliver high quality, safe and efficient care. The 2019 NHS staff survey results show that we have one of the most engaged and motivated workforces in the NHS. We know this has a positive impact on the care provided to our patients. We have one of the most ambitious capital investment programmes anywhere in the NHS. Job overview This role will be primarily responsible for supporting the Trust in delivering fit for purpose cyber security plans, improving the Trust’s cyber security posture and reducing the risk of impact from a cyber security incident. Ultimately, this role’s aim is to help the Trust to protect the data and services that our patients depend on. The specific responsibilities of the role will include developing and raising awareness of the Trust’s cyber security strategy, policy, standards and frameworks, embedding robust cyber security risk controls within Trust systems and services, and providing assurance that patient services and systems are being safely and securely operated in alignment with required policies and standards. The Information Security Manager will need to form a large number of senior relationships across the Trust and more broadly across the health and care system, including clinical Strategic Business Units, key IT suppliers and Internal Audit, and will be frequently called-upon to explain the security-preparedness and cyber risk environment to Trust senior management and to key external stakeholders. Main duties of the job The Information Security Manager is accountable for ensuring that Guy’s and St. Thomas’ NHS Foundation Trust can protect patient data and services from cyber risk, and can meet national NHS standards for cyber security, specifically in relation to development and delivery of cyber policy and assurance. Reporting directly to the Head of Information Security, the Information Security Manager will lead on the development and promotion of cyber security policy, standards and frameworks, and will strategically engage with NHS Digital and other key third parties to ensure that the Trust is empowered to deliver excellent standards of patient care. The post holder will provide leadership and guidance on cyber risk management and reporting, and will lead on the development and delivery of the Trust’s cyber audit and assurance framework, working closely with internal business units, DT&I colleagues, key IT systems suppliers and Internal Audit. The work will be mainly based in the Trust’s locations in central London with some travel to partner Trusts and supplier sites as necessary. Working for our organisation You will be joining a dynamic Information Security team led by dedicated professionals, each bringing unique expertise and a collaborative spirit to the table. Our team is committed to safeguarding our digital assets with a relentless work ethic and passion for modernisation and innovation. We support the personal development of our team members and offer extensive training opportunities to ensure our team operates at the forefront of cybersecurity. With a supportive environment and focus on continuous learning, you will have the opportunity to grow your career while contributing to a secure digital workplace that puts patients front and centre to all we do. Detailed job description and main responsibilities · Protect and assure patient data and services against cyber security risk, while enabling secure delivery of new patient services and systems · Provide leadership and guidance to the Trust on cyber security policy, risk and compliance issues · Provide leadership and support to the Cyber Security Risk Manager and team · Deputise for the Head of Information Security when required · Develop and drive adoption of the Trust’s cyber security strategy, policy, standards and procedures, including policy exception management, in alignment with Trust strategic objectives and with legal and NHS Digital requirements for cyber security and data protection · Development of cyber security portfolio, including alignment with clinical and IT strategic objectives and initiatives · Partner with business and IT leaders and key decision makers to ensure that appropriate cyber security controls are deployed and operated to time and budget · Develop and ensure delivery of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements in cyber capability and maturity · Shape commercially acceptable business cases and propositions for Cyber Security investment which balance cyber security risk control with accessibility, usability and cost considerations · Lead for providing formal response to cyber security compliance elements of the NHS Digital Data Security & Protection Toolkit · Develop and drive adoption of the Trust security risk and assurance framework · Lead for embedding cyber risk and assurance controls within development lifecycle for Trust services and systems · Provide direction and assurance for cyber security service development and operation, including assurance on cyber security services and systems provided by suppliers · Lead the Trust response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals · Assess and report on cyber security risk posture and compliance through specification and collection of relevant cyber security metrics and KPIs · Ensure that the Trust can meet the requirements of national cyber security standards and legislation, including the Data Security & Protection Toolkit, Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems · Monitor and audit Trust processes to identify gaps or weaknesses in current policy and practice, for manual and or electronic systems. Ensure all recommendations are implemented to deliver a continuous improvement in Trust service delivery · Agree an annual audit programme with the Trust’s Internal Audit department and external auditors. · Ensure senior Trust engagement and support for cyber initiatives through regular briefings and reports to senior management boards and forums on cyber risk posture, action planning, and compliance with required standards · Provide colleague education and awareness on cyber threat and how to safely respond to cyber incidents · As a member of the Trust’s senior cyber security team, ensure that cyber security considerations are effectively raised and addressed within appropriate IT and business management forums · Set objectives for the Cyber Security Risk team, monitoring performance to assure delivery of the cyber security work programme · Develop the skills and foster the career paths for cyber security professionals within the Cyber Risk team. · Responsible for overseeing information security systems in place. · Reporting on security systems in place and producing reports and audits for relevant governance forums. Person specification Qualifications and Experience Essential criteria • Educated to Master’s Degree level, or equivalent experience, in Computer Science or a related science discipline; • Educated to Master’s Degree level, or equivalent experience, in Computer Science or a related science discipline; • Subject matter expert in cyber security policy, risk management Previous Experience Essential criteria • Significant proven experience of working within large, complex, and diverse technical organisations in a senior cyber security leadership role; • Experience of developing and managing enterprise-scale cyber security strategies, services and teams; • Experience of delivering and managing complex transformation programmes in partnership with business and IT teams. Skills and Abilities Essential criteria • Ability to make pragmatic risk management decisions balanced appropriately between protection, usability, performance and cost. • Ability to demonstrate leadership and vision in a changing environment; • Ability to analyse complex problems and to develop practical and workable solutions to address them; • Ability to engage and build coalitions across diverse stakeholder groups within complex, enterprise scale environments; • Strong leadership and engagement skills to create high performing, customer-focussed teams in the context of changing requirements and ambiguity; Setting Direction Essential criteria • Well-developed leadership and influencing skills with the ability to enthuse, motivate and involve individuals and teams; • Ability to be intellectually flexible and to look beyond existing structures, ways of working, boundaries and organisations to produce more effective and innovative service delivery and partnerships; • Sound judgement and astuteness in understanding and working with complex policy and diverse interest groups, and common sense in knowing when to brief “up the line”; • A commitment to continuous improvement in cyber security standards. Autonomy Essential criteria • Ability to work on own initiative and organize workload, allocating work and resources as necessary • Ability to work to tight and often conflicting deadlines • Ability to make decisions autonomously, when required, on difficult issues, and where there may be no precedent or external point of reference. Personal Qualities Essential criteria • Ability to balance and manage multiple conflicting demands, calmly and confidently; • Personal resilience, determination and ability to deliver positive outcomes on challenging issues. • Excellent inter-personal and communications skills, with a track record in writing complex business cases and policies; • Strong sense of commitment to openness, honesty and integrity in undertaking the role. • Flexibility and the ability to handle a rapidly changing and ambiguous environment • Ability to thrive in an often ambiguous environment Guy’s and St Thomas’ celebrates, respects and values the diversity of its staff and patients. We review our policies, procedures and practices to ensure that all employees, patients and carers are treated equitable according to their needs. We are actively committed to ensuring that no one who applies for a job, works or study’s at the Trust, or accesses our services is discriminated against on the grounds of race, ethnicity, nationality, disability, religion or belief, age, gender identity , gender reassignment, sexual orientation, pregnancy and maternity/paternity, or marital/civil partnership. Applications are welcomed from applicants with a disability. We can make reasonable adjustments and offer support and advice in a variety of ways throughout the application process. Equality of opportunity is our policy. As an organisation we are committed to developing our services in ways that best suit the needs of our patients. This means that some staff groups will increasingly be asked to work a more flexible shift pattern so that we can offer services in the evenings or at weekends. Flexible working We are committed to supporting all employees to achieve a healthy work life balance and to work in a way that is best for them and our patients. We will consider all requests to work flexibly, taking in to account the individual’s personal circumstances as well the needs of the service. We encourage all prospective applicants to discuss their individual circumstances with the recruiting manager as part of the on-boarding process. Your e-mail address is important to us - We communicate to all job applicants via the e-mail address which has been provided on the application form. Please ensure that you check your e-mail on a regular basis. Please apply for this post by clicking "Apply Online Now." Further details / informal visits contact Name Paul Merison Job title Head of Information Security and Risk Email address [email protected] Telephone number 07596889062