Information Security Lead

The role is to provide oversight, assurance, challenge, and guidance in support. To foster a culture of security awareness and compliance across the company, additionally providing oversight, assurance, challenge, and guidance in support. You will play a key part in the implementation and maintenance of established and new systems. You will also be responsible for understanding the current information and asset systems and the processes involved in their use across the company and adapt this knowledge to assess its compliance in line with national guidance, legislation, frameworks, and policies. You will also support the development, management and maintenance of information asset registers, equipment requests and procurement systems, as well as supporting the other areas which Quality and Risk manage. This role will be varied and challenging at times, so you will be fundamental to the evolution and shaping of the role, so will require a high level of autonomy and assertiveness, therefore; this is a fantastic opportunity for someone who wants to progress or develop a career as you will be working for a company that heavily invests in their employees, with benefits that include: access to training and development with support to progress the role. Examples of JOB RESPONSIBILTIES: Information Security (Cyber Security, Data Security, Data Protection and GDPR) Manage day-to-day data security and GDPR queries Awareness and understanding of Information/data Security and GDPR to be able to support the Head of Service to implement the culture and strategy. Drive data security training initiatives and programmes across the organisation and share lessons learnt. Support FCMS to continue to embrace the greater flexibility and efficiency that cloud solutions and remote work provide, with a focus on cyber security vulnerabilities and the risk prevention of security breaches. Assist in the organisations approach to cyber security and security architectures and understanding our IT infrastructure and network perimeters Developing and strengthen a three-pronged approach to cyber security: people, environment, and technologies Carry out data protection impact assessments for new and existing systems To check written documents are in place such as Contracts, SLAs & DPIAs with the relevant clauses and legal basis recorded. Where relevant Data Processing agreements and data sharing agreements will be required creating and maintaining across the organisation. Ensure that the organisational data being held is accurate and reliable in line with data security standards Information Governance Responsible for applying the Information Governance framework including the suite of information governance policies and standards as well as all elements of confidentiality and privacy. Participate in the application and deployment of data policies and processes and their continued enforcement to include areas such data incidents, data quality, data access and data retention. Implementing the Information Governance 12-month corporate focus; support the management of the audit calendar and driving initiates and actions. Arranging Information Governance Roadshows and Data Security Awareness bespoke training sessions across all sites. Work with the companies IG Champions and IAOs work, carrying out and supporting teams with audits and system level security protocols Ensure that data quality guidance and direction is applied throughout the entire data lifecycle. Facilitate in the development and implementation of data quality standards and adoption requirements across the business. Follow the guidelines related to Information Governance and data quality and ensure clear accountability. Provide assurance and evidence to support NHSDP Toolkit completion and to own relevant actions/focuses and drive initiatives and actions identified forward To administer the Information Governance working group including preparing minutes and following up on actions. To support the Quality and Risk team, in keeping up to date with changes in legislation and regulations. Information Assets and Information Technology (including equipment and procurement) Maintain corporate Information asset registers to include life cycle; including physical assets such as IT and other mobile device equipment, where asset is located and if under warranty across the company, information assets such as electronically held data systems or paper filing cabinets and associated license registers Attend monthly IT SLA meetings Develop working relations and networking within the IT and cyber security industry Understand the companies SLA contract and KPIs associated Manage the maintenance of the corporate server rooms, suitability, and security Facilitate the centralisation of equipment ordering, procurement and tracking Assist with day-to-day enquiries from teams regarding placing purchases and advice and support Business continuity and Major Incident Planning Help support all Service Leads and external agencies to review existing plans and to help administer a program of regular testing. To support the Quality and Risk team; to have an oversight of major incident planning and disaster recovery, across all services areas. Including major incident planning for the corporate element of the organisations. Incident Reporting and Risk Management: Awareness of the companys risk register. To identify and highlight any risks that should be included on risk register to the Head of Service. Have an oversight of Ulysses (incident reporting system) and support local teams with incident management and investigations, promote best practice and lessons learnt. To help facilitate a culture where reporting data security and IG issues and incidents is commonplace and support teams with the process and assist with organisational learning and continuous improvement. Review Data breaches or incidents to make sure correct process has been followed in a timely manner, investigated properly, and highlight where necessary any that may be ICO reportable. Maintain register of internal data breaches recorded Communication and development: To represent the company with internal and external stakeholders, to communicate and develop relationships in accordance with the companys ethos and values To deal with correspondence within own responsibility and to effect timely relay or escalation of issues outside the scope of the post To support staff meetings as required, including working groups to direct and implement change where appropriate. To feed into the Quality and Risk team any areas of training needs picked up within the organisation during routine duties. Identify own training needs and others and participate in relevant in-service education. To attend any necessary courses that provides relevant training and development as requested. Other duties are required: This Job Description will be periodically reviewed in the light of developing work requirements. This is an evolving role and therefore, these duties are not exhaustive. The role may change via discussion between the post-holder, line managers and relevant others. The individual in post will be expected to contribute towards that revision. The post holder will be expected to cover the reception desk and administration tasks of Newfield House during sickness and annual leave additionally and carry out any other duties as required and delegated by the Head of Quality and Risk. General: To have responsibility for all things under the umbrella of Quality and Risk, maintaining a level of understanding regarding working practices and to always comply with local Safety Policies and Procedures. To observe national and local policies and procedures in respect of: health and safety, Fire and electrical safety, data security and GDPR, counter fraud, Basic Life Support, safeguarding and Infection Control. All mandatory and additional training must be kept up to date as a requirement to this role. Additional training is required for this post. The organisation is committed to safeguarding and promoting the welfare of children, young people and vulnerable adults and expects all staffto share this commitment. You will be expected to fulfil your mandatory safeguarding training at the level applicable to this role. Disability Confident Employer - As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy This post is subject to the Rehabilitation of Offenders Act (Exemption Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. This will require three forms of valid ID to be produced and verified. The onboarding process is also subject to an Occupational Health check, suitable professional references and eligibility to work in the UK (with the requirement to provide relevant documentation as evidence).