• Job Description

  Req#: C9287-24-1693?language=en&page=241&sort=publicationDateDesc

  Job summary

  Undertake first line triage, support, investigation, mitigation and reporting on all cyber security/governance related matters including: General Data Protection Regulations (GDPR); Data Protection Act, phishing attacks; technical security and governance incidents/breaches; risks; security controls; encryption; exceptional security bypass requests; policy, etc. These may be complex and Trust wide, and involve all levels of management, access to patient systems and data, third parties, regulatory bodies, and interaction with patients and their families.

  To manage the provision of Confidentiality and Access Support Agreements for external/temporary staff and organisations in a timely fashion to ensure training and granting of access to sensitive patient systems is delivered when required, but with appropriate assurances/controls in place and to align with IT Training and Service Desk processes.

  To support the Cyber Security/Assurance Managers in the completion, control maintenance and development, and comprehensive evidencing for the relevant mandatory Data Security Protection Toolkit (DSPT) submissions in line with NHS Digital expectations

  Main duties of the job

  Provide and receive complex information, including personal interaction, with all levels of management, patients, third parties and regulators, and undertake investigations and problem solving for cyber security and governance matters.

  Entrusted with update access to multiple key live patient systems holding sensitive data to facilitate investigations and problem resolution with data on these systems, which may include updates.

  To attend meetings with external agencies and partners on relevant cyber security and governance matters, when required, i.e. attend the monthly Cheshire and Mersey Information Governance Group, and similar, on behalf of the team.

  Conduct security control surveys for key Trust IT Systems and record and report compliance with expected control for Audit purposes and DSPT requirements. As part of this process also provide guidance and feedback to local management on control gaps and opportunities for improvement.

  Provide advice and assistance to all levels of staff, management and external organisations, including patients, relating to all aspects of cyber security and governance. This would include technical, professional advice, risk assessment, control guidance, compliance checks, problem resolution and investigations.

  About us

  Liverpool University Hospitals NHS Foundation Trust was created on 1 October 2019 following the merger of two adult acute Trusts, Aintree University Hospital NHS Foundation Trust and the Royal Liverpool and Broadgreen University Hospitals NHS Trust.

  The merger provides an opportunity to reconfigure services in a way that provides the best healthcare services to the city and improves the quality of care and health outcomes that patients experience.

  The Trust runs Aintree University Hospital, Broadgreen Hospital, Liverpool University Dental Hospital and the Royal Liverpool University Hospital.

  It serves a core population of around 630,000 people across Merseyside as well as providing a range of highly specialist services to a catchment area of more than two million people in the North West region and beyond.

  To hear more about our achievements click herehttps://www.liverpoolft.nhs.uk/media/13089/1606-annual-report-booklet_final.pdf

  Follow us on Social Media:

  Facebook - Liverpool University Hospitals Careers

  Instagram - @LUHFTcareers

  Twitter - @LUHFTcareers

  Date posted

  22 August 2024

  Pay scheme

  Agenda for change

  Band

  Band 5

  Salary

  £29,970 to £36,483 a year per annum

  Contract

  Permanent

  Working pattern

  Full-time

  Reference number

  287-CEF-325-24

  Job locations

  Liverpool Innovation Park

  Digital Way

  Liverpool

  L7 9NJ

  
  

  Job description

  Job responsibilities

  Provide and receive complex information, via various mediums, including personal interaction, with all levels of management, patients, third parties and regulators, and undertake investigations and problem solving for cyber security and governance matters. Some of these may be sensitive, highly confidential and with disciplinary or regulatory implications.

  Entrusted with update access to multiple key live patient systems holding sensitive data to facilitate investigations and problem resolution with data on these systems, which may include updates.

  The post holder assists in the creation, review, implementation and dissemination of key cyber security and governance policies, protocols and procedures, as well as providing guidance and may propose changes on them where appropriate.

  To attend meetings with external agencies and partners on relevant cyber security and governance matters, when required, i.e. attend the monthly Cheshire and Mersey Information Governance Group, and similar, on behalf of the team.

  Conduct security control surveys for key Trust IT Systems and record and report compliance with expected control for Audit purposes and DSPT requirements. As part of this process also provide guidance and feedback to local management on control gaps and opportunities for improvement.

  Provide advice and assistance to all levels of staff, management and external organisations, including patients, relating to all aspects of cyber security and governance. This would include technical, professional advice, risk assessment, control guidance, compliance checks, problem resolution and investigations.

  Assist Technical Support team in finding and resolving problem workstations throughout the Trust that are not available on the network or are not being rebooted to take security patches and other fixes to ensure robust protection from cyber-attacks

  To manage the provision of Confidentiality and Access Support Agreements for external 3rd parties and organisations in a timely fashion to ensure training and granting of access to sensitive patient systems is delivered when required, but with appropriate assurances/controls in place and to align with IT Training and Service Desk processes as well as relevant legislation, such as GDPR

  Job description

  Job responsibilities

  Provide and receive complex information, via various mediums, including personal interaction, with all levels of management, patients, third parties and regulators, and undertake investigations and problem solving for cyber security and governance matters. Some of these may be sensitive, highly confidential and with disciplinary or regulatory implications.

  Entrusted with update access to multiple key live patient systems holding sensitive data to facilitate investigations and problem resolution with data on these systems, which may include updates.

  The post holder assists in the creation, review, implementation and dissemination of key cyber security and governance policies, protocols and procedures, as well as providing guidance and may propose changes on them where appropriate.

  To attend meetings with external agencies and partners on relevant cyber security and governance matters, when required, i.e. attend the monthly Cheshire and Mersey Information Governance Group, and similar, on behalf of the team.

  Conduct security control surveys for key Trust IT Systems and record and report compliance with expected control for Audit purposes and DSPT requirements. As part of this process also provide guidance and feedback to local management on control gaps and opportunities for improvement.

  Provide advice and assistance to all levels of staff, management and external organisations, including patients, relating to all aspects of cyber security and governance. This would include technical, professional advice, risk assessment, control guidance, compliance checks, problem resolution and investigations.

  Assist Technical Support team in finding and resolving problem workstations throughout the Trust that are not available on the network or are not being rebooted to take security patches and other fixes to ensure robust protection from cyber-attacks

  To manage the provision of Confidentiality and Access Support Agreements for external 3rd parties and organisations in a timely fashion to ensure training and granting of access to sensitive patient systems is delivered when required, but with appropriate assurances/controls in place and to align with IT Training and Service Desk processes as well as relevant legislation, such as GDPR

  Person Specification

  Qualifications

  Essential

  • Relevant degree or other relevant professional qualifications (relevant experience/knowledge in similar role.) I
  • ISEB in Information Security or equivalent qualification
  • ECDL or equivalent IT experience
  • Evidence of continuous professional development

  Desirable

  • Cyber Security Fundamentals or Practitioner

  Experience

  Essential

  • The successful candidate should have at least 24 months recent and relevant work experience in a similar role
  • Experience of training, handholding and support of Cyber Security/Governance initiatives

  Desirable

  • Experience of writing and implementing policies and procedure
  • Knowledge and understanding of system and process management, records management, data quality, data protection, security and confidentiality controls.
  • Experience of working in the NHS and knowledge of multiple NHS systems, procedures and information flows
  • Training in report writing, presentations, conflict management, negotiations etc

  Knowledge

  Essential

  • Expert knowledge and understanding of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 as they apply to wider cyber Security and Governance activities, procedures and practices.
  • IT knowledge, specifically in the use of multiple Microsoft Office products and relevant security system concepts
  • Expert knowledge of Cyber Security/Governance and IM&T strategies in the NHS
  • Knowledge and understanding of DSPT and Data Guardian Standards.

  Skills

  Essential

  • Proficient communication, negotiation and influencing skills for different target audiences across Trust and 3rd party organisations
  • Able to demonstrate excellent written and verbal skills
  • Ability to investigate, advise and report on potentially highly complex/sensitive security incidents liaising with all levels of management
  • Ability to work with sensitivity / tact, including a commitment to confidentiality. Sensitive to the requirements and pressures placed on colleagues.

  Other

  Essential

  • Able to use own initiative and work autonomously, with minimum supervision and to act independently within defined areas. Practice effective time management, plan, organise and prioritise work appropriately and work pro-actively to meet deadlines.

  Person Specification

  Qualifications

  Essential

  • Relevant degree or other relevant professional qualifications (relevant experience/knowledge in similar role.) I
  • ISEB in Information Security or equivalent qualification
  • ECDL or equivalent IT experience
  • Evidence of continuous professional development

  Desirable

  • Cyber Security Fundamentals or Practitioner

  Experience

  Essential

  • The successful candidate should have at least 24 months recent and relevant work experience in a similar role
  • Experience of training, handholding and support of Cyber Security/Governance initiatives

  Desirable

  • Experience of writing and implementing policies and procedure
  • Knowledge and understanding of system and process management, records management, data quality, data protection, security and confidentiality controls.
  • Experience of working in the NHS and knowledge of multiple NHS systems, procedures and information flows
  • Training in report writing, presentations, conflict management, negotiations etc

  Knowledge

  Essential

  • Expert knowledge and understanding of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 as they apply to wider cyber Security and Governance activities, procedures and practices.
  • IT knowledge, specifically in the use of multiple Microsoft Office products and relevant security system concepts
  • Expert knowledge of Cyber Security/Governance and IM&T strategies in the NHS
  • Knowledge and understanding of DSPT and Data Guardian Standards.

  Skills

  Essential

  • Proficient communication, negotiation and influencing skills for different target audiences across Trust and 3rd party organisations
  • Able to demonstrate excellent written and verbal skills
  • Ability to investigate, advise and report on potentially highly complex/sensitive security incidents liaising with all levels of management
  • Ability to work with sensitivity / tact, including a commitment to confidentiality. Sensitive to the requirements and pressures placed on colleagues.

  Other

  Essential

  • Able to use own initiative and work autonomously, with minimum supervision and to act independently within defined areas. Practice effective time management, plan, organise and prioritise work appropriately and work pro-actively to meet deadlines.

  Disclosure and Barring Service Check

  This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

  Certificate of Sponsorship

  Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

  From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

  Additional information

  Certificate of Sponsorship

  Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

  From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

  Employer details

  Employer name

  Liverpool University Hospitals NHS Foundation Trust

  Address

  Liverpool Innovation Park

  Digital Way

  Liverpool

  L7 9NJ

  
  

  Employer's website

  https://www.liverpoolft.nhs.uk/ (Opens in a new tab)

  Employer details

  Employer name

  Liverpool University Hospitals NHS Foundation Trust

  Address

  Liverpool Innovation Park

  Digital Way

  Liverpool

  L7 9NJ

  
  

  Employer's website

  https://www.liverpoolft.nhs.uk/ (Opens in a new tab)

• About the company

  National Health Service (NHS) is the umbrella term for the publicly-funded healthcare systems of the United Kingdom (UK). The founding principles were that services should be comprehensive, universal and free at the point of delivery—a health service based on clinical need, not ability to pay. Each service provides a comprehensive range of health services, free at the point of use for people ordinarily resident in the United Kingdom apart from dental treatment and optical care.

Notice