Trac proudly powers the recruitment for
Moorfields Eye Hospital NHS Foundation Trust
About
Moorfields Eye Hospital NHS Foundation Trust is the leading provider of eye health services in the UK and a world-class centre of excellence for ophthalmic research and education. We have a reputation, developed over two centuries, for providing the highest quality of ophthalmic care. We provide a wide range of clinical services, caring for patients with routine ophthalmic needs as well as those with rare and complex conditions.
Our network of over 23 NHS sites across London and the south east of England allow us to provide expert treatment closer to patients’ homes. We manage two commercial divisions: Moorfields private and Moorfields united Arab Emirates.
Our 2,300 staff are committed to sustaining and building on our pioneering legacy and ensuring we remain at the cutting edge of developments in ophthalmology. If you join us, you will be joining our mission to be the leading international centre in the care and treatment of people with eye disorders, driven by excellence in research and education.
As well as doctors and nurses, we employ people in a wide range of careers related to eyes – optometrists, orthoptists, dispensing opticians, and technicians – as well as back office staff in administration, finance, HR and IT.
Based in the vibrant and fast developing high tech quarter centred around City Road, Hoxton and Shoreditch, we have a lively working atmosphere, easy and quick transport links, affordable housing in the coolest new developments right on the doorstep, career development opportunities for staff at all levels, and a range of attractive benefits that include eye care, generous holidays, and an excellent pension scheme.
You don’t have to be looking for a City base to work with us, though – we have a network of satellites across and beyond the capital.
Head of Information Security & Business Continuity
Closed for applications on: 17-May-2024 10:32
Vacancy status: Closed
Closed for applications on: 17-May-2024 10:32
Key details
Location
- Site
- Moorfields Eye Hospital NHS Foundation Trust
- Address
- 162 City Road
- Town
- London
- Postcode
- EC1V 2PD
- Major / Minor Region
- London
Contract type & working pattern
- Contract
- Permanent
- Hours
- Full time
- Flexible working
Salary
- Salary
- £78,163 - £88,884 per annum pro rata including HCAS
- Salary period
- Yearly
- Grade
- (NHS AfC: Band 8c)
Specialty
- Main area
- Informatics
Moorfields - A global leader in Ophthalmology
We are Moorfields Eye Hospital NHS Foundation Trust. Founded in 1804, Moorfields Eye Hospital is a world-class centre of excellence for eye health services, ophthalmic research, and education.
With more than 2,300 staff we are proud to be supported by one of the most diverse workforces in the NHS. Every year we treat more than 700,000 patients at City Road in central London and at our 22 satellites sites, and, in partnership with the UCL Institute of Ophthalmology and Moorfields Biomedical Research Centre we lead one of the most impactful ophthalmic research programmes in the world.
We train many of the leading eye care clinicians in the UK and internationally and have a global reputation for quality and professionalism in ophthalmic care. In addition, we also operate commercial divisions that provide care to private patients in both London and the Middle East.
This is an exciting time to join Moorfields. The pandemic fast-tracked a huge amount of innovation which is changing the way we work and deliver care. Construction is under way on Oriel, our new eye care, research, and education centre being built in Camden. The new centre will be flexible and modern, enabling us to bring together healthcare, eye research and education under one roof for the first time.
If you want to be part delivering world class eye health services and you share our values: excellence, equity, and kindness, then we would love to hear from you!
Job overview
We are at a pivotal stage of our digital journey and have an ambitious portfolio of digital technology initiatives ahead of us, all grounded around – empowering patients and service users; improving the experience navigating the healthcare system and joining up systems and data to better meet the needs of citizens.
With the ever-increasing need and interest in the use of digital technology in healthcare, you will be part of a team of Digital, Data and Technology experts that delivers service improvements and keeps at the forefront of new technology.
Advert
This role is part of our Information Security & Business Continuity team, responsible for:
- Ensuring the protection of the information in our organisation throughout the information lifecycle - that ensures the confidentiality, integrity, purpose, and availability of information, so that the organisation’s information is safeguarded from unauthorised access and misuse.
- Ensuring the availability of minimum services at a sufficient level for the business to sustain in the event of disasters.
- Horizon scanning across industry, identifying emerging trends and their potential impact and opportunity for the organisation.
- Be responsible for ensuring the availability of minimum services at a sufficient level for the business to sustain in the event of disasters.
- Lead the information security and business continuity team, including managed services and accountability for performance and quality measures.
- Evolve and define governance, taking ownership and responsibility for ensuring adherence to IT requirements in the Data Security & Protection Toolkit (DSPT), and other appropriate governance frameworks.
- Develop, maintain, and improve our data and technology Business Continuity & Disaster Recovery Plans, enabling us to respond to and recover from business continuity events – ensuring we can provide a safe level of service to the public during the event, and ensuring we can manage the recovery process and incorporating learning.
Working for our organisation
At Moorfields, we provide more than just an excellent career and great colleagues to work with. We also offer:
- Salary including High-Cost Area Supplement
- Opportunity to join the NHS Pension Scheme
- Free 24/7 independent counselling service
- Learning and development opportunities
- Easy and quick transport links
- A range of attractive benefits and discounts
- Access to Blue Light Card and other NHS Discount Schemes
- Free Pilates classes
- Full support and training to develop your skills
- Flexible working friendly organisation
And so much more! To see the full range of benefits we offer please see our Moorfields benefits document.
Detailed job description and main responsibilities
At this role level, you will:
- be involved in strategic decision-making and be central to assuring services to improve the security and resilience of our organisational infrastructure.
- lead the information security and business continuity team, including managed services and accountability for performance and quality measures.
- regularly collaborate and find agreement with senior stakeholders, providing direction and challenge
- be proactive in identifying problems and translating these into non-technical descriptions that can be widely understood.
Skills required for this role
Leadership
- Provide leadership and direct line management for staff in the Information Security and Business Continuity team and vendors / managed service providers and provide subject matter expertise to wider directorate service teams.
- Mentor, coach, and line manage teams and services (including managed services) - developing their skills and capabilities to meet the needs of the organisation and healthcare partners, as well as building on existing recruiting capabilities to address new needs or skill gaps.
- Develop and lead the implementation of long-term strategic plans for information security and business continuity, identifying risks and issues and developing mitigation strategies – with clear outcome measures.
Communicating between the technical and non-technical
- Identify the needs of business and technical stakeholders, ensuring information security and business continuity principles are embedded in all we do.
- Effectively manage stakeholder expectations
- Demonstrate excellent communication skills and can manage difficult conversations or negotiations, including highly complex, sensitive and/or contentious information.
- Present, interpret and explain complicated information to large groups of people to influence understanding and change.
- Represent information security and business continuity on various internal and external groups, including Trust board-level and/or committee meetings.
Data protection and freedom of information
- Act as the main point of contact for data protection or freedom of information queries and issues
- Instigate, commission, oversee or conduct information system searches and investigations to meet data protection or freedom of information needs.
- Provide advice and expert knowledge to projects / programmes / operational services to ensure that information systems are designed to meet data protection requirements.
Financial management
- Understand how to balance cost versus value.
- Consider the impact of user needs.
- Responsible for the budget for your services (pay and non-pay) and know how and when to escalate issues.
- Contribute and develop economic investment cases for information security, including business planning processes – covering sounds financial models for implementation, and running of the services.
Governance and assurance
- Evolve and define governance, taking ownership and responsibility for ensuring adherence to IT requirements in the Data Security & Protection Toolkit (DSPT), and other appropriate governance frameworks.
- Take responsibility for working with and supporting other staff in wider governance.
- Assure services across sets of services.
- Use tools such as standards, guardrails, and principles to effectively govern delivery.
Information Security and Business Continuity
- Demonstrate in-depth knowledge of information security and business continuity, including analysing + testing Trust-wide capabilities and identifying improvement areas.
- Ensure that our security posture is maintained, monitored/measured and be responsible for leading interventions where standards are not met (example: security patching)
- Develop, maintain, and improve our data and technology Business Continuity & Disaster Recovery Plans, enabling us to respond to and recover from business continuity events – ensuring we can provide a safe level of service to the public during the event, and ensuring we can manage the recovery process and incorporating learning.
- Lead, plan and execute all required vulnerability audits, security & penetration tests, forensic audits, or related investigations – ensuring all findings are evaluated, and where appropriate, fed into continuous service improvement activities to continuously improve our security posture and resilience.
- Responsible for supporting the design, development, testing and transition of any new information security services into operations.
- Provide subject matter expert leadership in major incidents and events caused by or affecting information security.
- Act as the Problem Owner for information security and business continuity matters (ITIL)
- Responsible for the Information Security Assessment lifecycle, and Information Risk Management documentation for IT systems and data
- Responsible for ensuring that access to Trust systems is appropriately managed, regularly audited, and lead investigations as required.
- Provide expertise on information transfer agreements with partner organisations in support of the Information Governance function.
- Partner with the Organisational Development and Information Governance teams in the planning, development and delivery of information security awareness and training.
Making and informing risk-based decisions
- Act as a point of escalation
- Be trusted by senior risk owners as an expert in information security and business continuity.
- Apply risk methodologies at the most complex levels of risk.
Policies, procedures, and processes
- Responsibility for information security and business continuity for data and technology, ensuring that policies and procedures are both effective in terms of protection, but realistic and enabling for the business.
- Develop, maintain, and improve all directorate information security and business continuity policies & procedures, considering regional and national policies and practices, ensuring that both manual and electronic information across the Trust is included in-scope.
Risk management
- Responsible for the management of information security and data and technology business continuity risks, including identifying new risks and ensuring we are actively managing risk controls.
Service focus, monitoring, and reporting
- See the bigger picture and investigate how to get the best out of the underlying services to support the organisations’ strategic objectives and business priorities.
- Monitor and enforce information security and business continuity principles, policies, and procedures – both on a regular basis, and on-demand (as/when required)
- Take complex reporting data from multiple sources, compare, and interpret against service baseline and industry standards and provide a supporting narrative.
- Responsible for service reporting for information security and business continuity, in-line with Trust-agreed reporting measures
Strategy
- Apply strategy, using and challenging patterns, standards, policies, roadmaps, and vision statements. You can provide guidance.
- Challenge and lead changes to policy and processes that support business outcomes, with business architecture, legal and political implications.
- Ensure alignment of operating procedures and policies in-line with national, sector (ICS) and industry best practice – where it makes sense to do so.
Understanding the whole context
- Understand trends and practices outside your team and how these will impact your work.
- See how your work fits into the broader strategy and historical context.
- Consider the patterns and interactions on a larger scale.
User focus
- Explain the difference between user needs and the desires of the user.
- Champion user research to focus on all users.
- Prioritise and define approaches to understand the user story, guiding others in doing so.
Community of practice
- Responsible for research and development activities relating to the highly complex field of information security and business continuity.
- Develop and maintain a network of professionals to enable continuous learning and a community which can share, learn, and keep up to date on the information security and business continuity landscape, within the wider Digital, Data and Technology teams.
Other Duties:
- Deputise for other members of the CIO Leadership Team as required.
- Occasional work may be required outside of core business hours to support major projects / programmes.
- All other reasonable requests
Due to the nature of this position, employment is subject to proof of eligibility to work in the UK, completion of a satisfactory DBS disclosure and two references.
Our commitment to equality, diversity and inclusion is at the heart of our organisational culture. As part of our pledge to take positive action in recruitment we encourage applications from under-represented candidates including BAME (Black, Asian, and Minority Ethnic) and Disabled candidates as we work towards a representative workforce that is able to provide the quality, the dignity and respect and to deliver above and beyond.
Moorfields is a flexible working friendly organisation, and we are committed to helping our employees achieve a work-life balance that is beneficial for health and wellbeing, motivation levels and job satisfaction. Every employee of the Trust has the right to request to work flexibly. Please speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.
If we receive sufficient applications, we will close this ad prior to the closing date. You are advised not to delay submitting your completed application.
If you would like to discuss any reasonable adjustments before applying or would like an accessible version of any recruitment documents, please contact the recruitment team at [email protected].
https://www.moorfields.nhs.uk/work-for-us
Person specification
Education and qualifications
Essential criteria
- Masters degree, or extensive equivalent experience including people management
- Relevant management / leadership qualification or equivalent experience to masters level
- Relevant information security qualification or equivalent experience (example: CISM, CISSP, or plan to obtain within 12 months)
- Service management qualification or equivalent experience (example: ITIL)
Desirable criteria
- Delivery management qualification or equivalent experience (Agile, PRINCE2, etc)
Experience
Essential criteria
- Experience in delivering and developing information security and business continuity services, in highly complex and regulated environments
- Experience of developing and implementing organisation-wide information security and business continuity related strategies, policies, and procedures
- Experience of solving complex business problems for users using technology – balancing usability with security
- Experience of supporting the transition of products from Delivery into Live Service
- Experience of working with conflicting, highly complex, highly contended, and/or highly sensitive information
- Experience in managing critical incidents, and problem investigation + resolution (including managing security incident response, and information security breaches)
- Experience of contributing to, and developing enabling strategies (example: information security)
- Coaching, mentoring and supervision of others
- Management of financial budgets for a service (pay, on-call, consumables, relevant 3rd party provision contracts) and developing investment cases
Desirable criteria
- Experience in conducting or managing information security audits, penetration testing, table-top / simulation exercises, and incident investigations
- Experience of management products / services in healthcare (NHS)
Skills and knowledge
Essential criteria
- Deal with complex business problems and translate into information security and business continuity requirements and solutions
- Strong domain knowledge in at least two of the following areas, and the ability to acquire an adequate understanding of the other areas: • Enterprise Architecture • HMG Secure Policy Framework (SPF) and Information Assurance Maturity Model (IAMM) • ISO27001 • Risk assessment and management • Data security and protection toolkit (DSPT)
- Broad knowledge of enterprise technology and data solution(s) and how information security and business continuity should be considered
- Identify training needs and develop a professional development framework to build and sustain information security and business continuity capability
- Prioritisation of work – within the team and across the wider Digital, Data and Technology teams
- Meet set targets or metrics for service
- Autonomous working and can delegate appropriately
- Good communication skills – tailoring your message for your audience, providing, and receiving highly complex, sensitive and/or contentious information, able to communicate complex technical information in a simple way to stakeholders
- Present complex, sensitive, and contentious information to large groups
- Strong domain knowledge and ability to keep ahead of information security and business continuity initiatives
- Design and develop our information security and business continuity tools and processes
- Systematic and methodical approach to problem solving
Personal qualities
Essential criteria
- Relentless focus on user needs and experience
- Problem-solving mindset – focusing on improving outcomes
- Seeing the bigger picture - understand how your work and the work of your team supports wider objectives and meets the diverse needs of stakeholders
- Able to work well within a busy environment
Further details / informal visits contact
- Name
- Sean Hassani
- Job title
- Recruitment
- Email address
- [email protected]
No longer accepting applications
Sorry, this vacancy is no longer accepting applications.
You can search for similar jobs on the employer's job board, or visit our national jobs board Health Jobs UK.