Job Description
Job summaryThe post holder will support the Trust in delivering the Cyber Strategy by collating information and supporting key roles to ensure that the Trust Board and Senior Information Risk Owner are assured that the strategy is being delivered.The role will be placed within the Information Governance and Records Management Service with a strong link to the Digital Team within the Trust including regular meetings and work reviews relevant to supplier assurance and population of central digital and IG systems.Main duties of the jobThe post holder will support the Information Assurance agenda across the Trust, including assisting and supporting in the collation and dissemination of cyber assurance policies, standards, procedures and staff guidance relating to information assurance across the Trust.Collate information as directed by the Information Governance and Security Manager relating to the Data Security and Protection Toolkit.Ensuring Phishing Tests are scheduled, reviewed and reports compiled.Attending a variety of meetings as required, including Cyber Security meetings, Information Governance meetings/Steering Group, Service Development meetings.Support in preparing reports.Logging and reviewing SMT Tickets, assisting the Information Governance Team in monitoring, managing and actioning tickets.Maintaining lists of approved and rejected applications.Scheduling desktop cyber exercises.Supporting with audits and compliance checks.Support in arranging Cyber Security Board training, liaising with providers and senior managers as required.Maintaining the Trust Information Asset Register, ensuring it is updated and asset owners are aware of their responsibilities. Provide regular reporting.Plan dates for testing of key systems.In collaboration with MPFT Digital, support the scheduling of back up testing and high availability testing of key trust systems.Identify key issues and escalate as required.About usBy joining Team MPFT, you will be helping your communities and in return for this, we will support you by;Supporting your career development and progressionExcellent NHS Pension schemeGenerous maternity, paternity and adoption leaveOptions for flexible workingUp to 27 days annual leave (increasing with service up to 33 days) and the opportunity to purchase additional leaveExtensive Health and Wellbeing support and resourcesIf you work in our community teams, we pay for your time travelling between patientsLease car if you complete more than 500 business miles per annum, fully insured and maintained (including tyres), mileage paid at lease car rateSalary sacrifice car - fully insured and maintained (including tyres), your gross pay is reduced by the cost of the vehicle before tax, NI and pension deductions are calculated, mileage paid at business ratesSalary sacrifice bikes up to £2kFree car parking at all trust sitesFree flu vaccinations every yearCitizens Advice support linked with a Hardship Fund for one off additional support up to £250 (if the criteria is met)And more. We are proud to be a diverse and inclusive organisation and there is a choice of staff networks that help you meet like-minded people.Job descriptionJob responsibilitiesJOB DETAILSJOB TITLE: Information Assurance OfficerBAND: 5HOURS: 37.5 hours per weekDEPARTMENT: Information GovernanceLOCATION: Trust HQ Stafford with some home workingREPORTS TO: Information Governance and Security ManagerACCOUNTABLE TO: Head of Information Governance and Records ManagementRESPONSIBLE FOR: N/AWORKING RELATIONSHIPSINTERNAL: Head of Information Governance and Records Management, Deputy Director of Quality and Clinical Performance, Chief Digital Information Officer, Head of Service Development, Head of Application Development, SSHIS.EXTERNAL: ICS Cyber Security and Information Governance or Digital roles as well as digital suppliers.In addition to all Trust personnel, you will be expected to maintain professional working relationships with partner organisations and other external agencies as required.JOB PURPOSEThe post holder will support the Trust in delivering the Cyber Strategy by collating information and supporting key roles to ensure that the Trust Board and Senior Information Risk Owner are assured that the strategy is being delivered.The role will be placed within the Information Governance and Records Management Service with a strong link to the Digital Team within the Trust via regular meetings and work reviews relevant to supplier assurance and population of central digital and IG systems with the Service Development TeamKEY RESPONSIBILITIESMain duties and responsibilities1. Ensure that phishing tests are scheduled on a bi-monthly basis.2. Ensure that phishing test results are reviewed, compiling reports for senior management.3. Ensure that the Trusts Cyber Security Action Cards are reviewed every three months and updated as required for sign-off by senior management. This will include ensuring that meetings are arranged, and items of concern are added to an agenda. The post holder will also compile the agenda as directed by the Head of Information Governance and Records Management and other key stakeholders.4. On a monthly basis support in the review the vulnerability reports via logging tickets to receive a report on SMT and then raising any areas of risk with the MPFT Digital Service Development Team if it relates to a third party supplier or raise any HIS related matters with the Head of IG and Records Management.5. Ensure that internal application vulnerability testing takes place via liaising with the Head of Application Development and managing a calendar of testing, providing the results via a report to the Information Governance Steering Group.6. Ensure all application requests are logged on SMT for the security team to review any security issues.7. Maintain a list of approved applications, making it available to all staff. This will include listing any not approved alongside the rationale.8. Supporting the coordination of work on SMT relating to applications between Information Governance, MPFT Digital and SSHIS.9. Review all digital suppliers on a monthly basis to ensure their security accreditation (such as ISO27001 and Cyber Essentials Plus) is up to date, contacting account managers where there is a document which has expired and updating MPFT Digital Service Development with their responses.10. Compile a report of any suppliers without security accreditation, producing a report for the Information Governance Assurance Group.11. Act as a liaison point between staff within Information Governance and MPFT Digital, attending meetings for both areas to ensure workstreams with cross over receive consistent advice and that timescales are known to both teams.12. Schedule annual desktop cyber security exercises with the support of the SSHIS IG Lead or EPRR team. This will include ensuring invites go out, an agenda is created and actions are taken on the day.13. Support in the completion of audits by third parties on compliance with current business practices and policies. This will ensure making information available on the day and acting as a point of contact for the auditor when required.14. Support on collating and returning information related to Digital Freedom of Information (FOI) requests.15. Attend face to face Cyber Security Training when run by the central Digital Training Team, offering advice where required and collating any questions and issues for reporting back to senior management.16. To review monthly the number of staff using their own devices.17. Attend project meetings monitoring the Trusts Cyber Essentials Plus Accreditation taking away actions relevant to role.18. Collate information as directed by the Information Governance and Security Manager relating to the Data Security and Protection Toolkit.19. Support in the collation and dissemination of Cyber Policy changes (in collaboration with SSHIS and MPFT Digital) across the Trust working with the Digital Communications Team and Trust Communications Team where necessary.20. When directed to request and receive reports related to Role Based Access Codes (RBAC).21. Attend weekly Change Advisory Board meetings providing input and updates on any applications assessed by members of the Information Governance Team.22. Ensure risks relevant to the role are reported to the Information Governance Steering Group via liaising with the Digital Service Development Team to gather reports.23. Support in arranging the annual board cyber security training, liaising with providers and senior managers as necessary.24. Plan dates for annual testing of key electronic systems and report on any issues highlighted as part of the testing to the Information Governance Steering Group.25. Ensure all Information Governance Policies are up to date by identifying when they are due to expire.26. Annually ensure a list of users with enhanced permissions is reviewed and kept up to date alongside SSHIS.27. Maintain the Trust Information Asset Register ensuring it is updated and asset owners are aware of their responsibilities.28. In collaboration with MPFT Digital, support the scheduling of back up testing and high availability testing of key Trust systems.Systems and equipment29. Advanced use of Microsoft Outlook.30. Advanced use of MS Excel.31. Extensive use of PC and associated software, especially Microsoft office packages e.g. Outlook, Word, Excel, PowerPoint and Visio.32. Use of manual and electronic systems to prioritise own work load and that of other administrative staff.33. Ensuring adherence to Health and Safety legislation at all times.34. Provide a full range of office tasks as appropriate to the role.Decisions and judgements35. Act as lead for all security requests received within the department, providing advice and guidance to other administrative staff and colleagues or escalating to SSHIS for further support.36. Responsible for ensuring SMT tickets directed to Information Governance receive a response go to the correct department for further support.37. To actively plan testing.38. To identify issues and escalate as required.39. To participate in own appropriate training courses/updates in accordance with Trust mandatory requirements and/or individual Personal Development Plans.40. Work on own initiative with minimal supervision to prioritise and deliver own workCommunication and relationships41. Attend team meetings within the Information Governance Team and wider Service.42. Attend meetings within the Service Development function as required.43. Maintain regular communication with others within the Digital and SSHIS Teams.44. Experience in communicating complex information and concepts at an appropriate level in a clear way.45. Develop and maintain well-functioning working relationships with account managers from external suppliers.Physical demands of the job46. Advanced keyboard skills, or alternate method of computer input.47. There is a frequent requirement for sitting in a restricted position for a substantial proportion of the working time either, for example at a computer desk or in meetings.48. Occasional lifting and handling requirements.49. The post holder will need to be able to meet the travel requirements to fulfil the duties of the role.Most challenging/difficult parts of the job50. Frequent periods of concentration are required when planning and organising work.51. Working in an extremely busy environment, with constant interruptions by way of phone calls, messages, emails, meetings and urgencies, working to meet deadlines with complete accuracy and managing own and others workload accordingly.Person SpecificationQualifications and ExperienceEssentialoDegree level qualification or demonstrate equivalent experience, ideally within an IT or Cyber Security disciplineoExperience of planning, organising and scheduling activities of self and team in a pressured working environment with changing prioritiesoEvidence of understanding, producing and analysing complex data sets or information to ensure compliance with a range of targetsoAble to produce documents, reports to high standards and to meet deadlines, including drafting documents on behalf of senior managementoExcellent organisational skills, including the ability to prioritise, forward plan, operate to deadlines and to design modern office administration systemsoAnalytical and problem-solving skillsDesirableoCyber Security QualificationoPrevious NHS experienceoExperience of leading on the design, development and evaluation of new IT systemsoStrong information and IT based service management skillsoKnowledge of NHS policies and proceduresoKnowledge of data protection legislationExperienceEssentialo Able to produce documents, reports to high standards and to meet deadlines, including drafting documents on behalf of senior managementDesirablePreferably within an NHS environmentDisclosure and Barring Service CheckThis post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.Certificate of SponsorshipApplications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).Employer detailsEmployer nameMidlands Partnership NHS Foundation TrustAddressMellor House, St Georges HospitalCorporation StreetStaffordST16 3SREmployer's websitehttps://www.mpft.nhs.uk (Opens in a new tab)