The ICT Head of Cyber Security will act as the Trusts expert on cyber security protection, detection, response, and recovery. The ICT Head of Cyber Security will be responsible for the strategic approach to cyber threat management, the strategic planning of current and future IT security solutions. The post holder will manage, support and develop the Trust cyber security team.
The ICT Head of Cyber Security will own and be responsible for the completion of parts of the Data Security Assessment Toolkit in relation to ICT cyber security obligations in addition to maintaining our ISO 27001 certification, and supporting our ambition to gain HIMMS 7 accreditation. The post holder will work closely with a range of ICT departments, plus key stake holders in the Trust such as the Head of IG, the Trust SIRO and the Trust Information Governance Committee. Close working relationship with other Trusts and external organisations will be required.
Lead the strategic planning of current and future IT security solutions, researching and reviewing recognised best practice and upcoming changes to technology.
Define and agree an appropriate target security structure with key stakeholders giving due regard to risks threats and vulnerabilities.
Lead on internal and external audits and audit preparation relating to IT security
Maintaining compliance with various standards in place e.g. Data Security and Protection Toolkit, CareCERT, Cyber Essentials+, Network and Information Systems Regulations etc. ISO 27001, HIMSS.
Act as the Trusts advisor on cyber security protection, detection, response and recovery.
Develop and advise in the implementation of policies, procedures and guidance documentation for all relevant Cyber and IT security related systems / processes.
Provide advice to the ICT senior leaders group to influence the creation of a robust IT security service across the ICT department and its application estate.
Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence.
Work in conjunction with the Technical teams to maintain all security tools and technology used in the department
Work in conjunction with the Technical teams to develop, deploy and manage Cyber Security and legal / regulatory compliance across the internal infrastructure and externally hosted systems ensuring systems are operational 24x7, monitored and restricted.
King’s College Hospital NHS Foundation Trust is one of the UK’s largest and busiest teaching Trusts with a turnover of c£1.8 billion, 1.5 million patient contacts a year and more than 15,000 staff based across South East London. The Trust provides a full range of local and specialist services across its five sites. The trust-wide strategy of Strong Roots, Global Reach is our Vision to be BOLD, Brilliant people, Outstanding care, Leaders in Research, Innovation and Education, Diversity, Equality and Inclusion at the heart of everything we do. By being person-centred, digitally-enabled, and focused on sustainability, we aim to take Team King’s to another level.
We are at a pivotal point in our history and we require individuals who are ready to join a highly professional team and make a real, lasting difference to our patients and our people.
King’s is committed to delivering Sustainable Healthcare for All via our Green Plan. In line with national Greener NHS ambitions, we have set net zero carbon targets of 2040 for our NHS Carbon Footprint and 2045 for our NHS Carbon Footprint Plus. Everyone’s contribution is required in order to meet the goals set out in our Green Plan and we encourage all staff to work responsibly, minimising their contributions to the Trust’s carbon emissions, waste and pollution wherever possible.
Undertake scoping and delivery of penetration tests and ensure actions from vulnerability assessments are resolved.
Supporting wider IT functions in the evaluation and implementation of new technology and controls.
Defining and documenting a security incident response program.
Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements.
Produce a monthly cyber security report of KPI’s to be made available to the Trust Information Governance Steering Group and ICT senior leader’s group.
Lead on the Change Management process within the ICT Department
Policy and Service Development
Maintain, update and implement Trust policies in scope of the ICT department covering all aspects of information security and Cyber activities.
Draft, develop, implement and maintain a portfolio of polices relating to all aspects of Cyber Security within ICT.
Ensure compliance with Trust policy and procedures are fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums.
Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live.
Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures
Identify, propose and implement any changes to practices, procedures required in departmental and user environment to improve service levels.
Ensuring that all cyber security risks are updated and managed via the Trust risk and issues process
Financial and Physical Resources
Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure.
Advise departments on the security of IT equipment.
Monitor and advice on software licence compliance in association with the Software Asset Manager.
Advice and guidance on the purchase of IT security equipment.
Exercise duty of care when using Trust equipment i.e. computers and software.
Advise ICT senior leaders group on the most cost effective method for maintaining the integrity and security of data and equipment.
Research and Development
Regularly researches into security developments and requirements, linking into national forums and support from the National Cyber security Centre.
Regularly researches Virus and security alerts provided by NHS information security service.
Keeping up to date with developments in IT Infrastructure and related technologies.
Contribute to the ICT Cyber security approach and strategy.
To undertake surveys and compliance audits determined by legislation and national guidelines, using both on-line and developed information systems when necessary, to ascertain scores against the standards.

Staff Management

• Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.
• Line management of the technical staff within the cyber security team . Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.
• Ensure the team is compliance with all statutory, mandatory training together with any professional training requirements, ensuring they are up to date and fully compliant.
• Manage team absences including sickness in line with Trust policy ensuring the appropriate return to work meetings occur, e-roster is updated and productivity is at keep to the highest possible level.
• Identify and fill any vacancies that arise within the team in line with the Trust’s recruitment policy and process.
• Identify talent and support the internal talent management process in order attract and retain and succession plan for your people. Participate in a combination of knowledge transfer and training initiatives to support both personal development and service enhancement.
• Review skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up to date.
• Ensure overall wellbeing of the team is maintained. Continuously support in improving the morale of the team and implementing a culture of zero-tolerance for bullying and harassment.
• Ensuring performance issues are dealt with in an appropriate and timely manner and follow the Trust’s Disciplinary or Performance Procedures where formal action is necessary.
• Ensuring that working practice complies with the Trust’s policies and procedures for Data Protection, Confidentiality and Health and Safety ensuring the environment in which you and your staff work is safe, clean and tidy
• Observing and continually promoting equal opportunities in compliance with the Trust’s policies and values.
• Developing team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure.
• Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.

Please refer the Job description for details