Compliance Manager (Cyber Resilience)
Digital Health and Care Wales
Cardiff, UK
Published 4 days ago
Business Compliance
Job summary
An exciting opportunity has arisen to join the NHS Wales Cyber Resilience Unit as a Compliance Manager. We are looking for someone with a proven background in Information/Cyber security, a flexible 'can do' attitude and approach to work and the ability to provide advice and assurance that security risk across NHS Wales is being managed appropriately.
Who are the CRU?
The NHS Wales Cyber Resilience Unit (CRU), is an independent team hosted by Digital Health and Care Wales (DHCW). It's core purpose is to increase the security and resiliency of information systems across NHS Wales.
The CRU has been delegated responsibility by the Welsh Government to lead the implementation and monitoring of compliance with the Network and Information Systems Regulations (NIS) across the NHS in Wales.
What you'll be doing
The role of the Compliance Manager is to provide direction to the CRU team and ensure its compliance and incident reporting activities across NHS Wales are of an excellent standard in order to establish the CRU as world-class national service.
The Compliance Manager will be responsible for ensuring that incident reporting and auditing process are carried out in a consistent, concise and professional manner, in accordance with cyber security legislation such as the NIS regulations, best practice and Welsh Government requirements.
Main duties of the job
As a Compliance Manager, you will:
Digital Health and Care Wales (DHCW) is part of the NHS Wales family and has an important role in changing the way health and care services are delivered through technology and data. The organisation supports frontline staff with modern systems and access to important information about their patients, while empowering the people of Wales to manage their own health through digital NHS Wales services.
Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.
Join our game changing, life-saving team and start making a real difference to health and care services in Wales.
Job description
Job responsibilities
A Compliance Manager in cyber resilience will hold a Bachelors Honours degree, preferably Business, ICT or Cyber Security, and hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA exam passed and progressing towards experience requirements.
Candidates will have a broad level of knowledge gained through continuous professional development, training and practical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage:
Excellent knowledge of Cyber Security legislation such as NIS and NIS2 Directives. A deep understanding of the NCSC Cyber Assessment Framework (CAF) and/or other frameworks. Theoretical and specialist knowledge, gained with the following: Recognised qualification in Management or Leadership. Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor). Project delivery qualification (e.g. PRINCE2). Knowledge of NHS Wales or the Health sector.
There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
Job description
Job responsibilities
A Compliance Manager in cyber resilience will hold a Bachelors Honours degree, preferably Business, ICT or Cyber Security, and hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA exam passed and progressing towards experience requirements.
Candidates will have a broad level of knowledge gained through continuous professional development, training and practical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage:
Excellent knowledge of Cyber Security legislation such as NIS and NIS2 Directives. A deep understanding of the NCSC Cyber Assessment Framework (CAF) and/or other frameworks. Theoretical and specialist knowledge, gained with the following: Recognised qualification in Management or Leadership. Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor). Project delivery qualification (e.g. PRINCE2). Knowledge of NHS Wales or the Health sector.
There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
Person Specification
Qualifications and/or Knowledge
Essential
Essential
Essential
Qualifications and/or Knowledge
Essential
Essential
Essential
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. .
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. .
Employer details
Employer name
Digital Health and Care Wales
Address
Hybrid working
Location to be confirmed at interview
CF11 9AD
Employer's website
An exciting opportunity has arisen to join the NHS Wales Cyber Resilience Unit as a Compliance Manager. We are looking for someone with a proven background in Information/Cyber security, a flexible 'can do' attitude and approach to work and the ability to provide advice and assurance that security risk across NHS Wales is being managed appropriately.
Who are the CRU?
The NHS Wales Cyber Resilience Unit (CRU), is an independent team hosted by Digital Health and Care Wales (DHCW). It's core purpose is to increase the security and resiliency of information systems across NHS Wales.
The CRU has been delegated responsibility by the Welsh Government to lead the implementation and monitoring of compliance with the Network and Information Systems Regulations (NIS) across the NHS in Wales.
What you'll be doing
The role of the Compliance Manager is to provide direction to the CRU team and ensure its compliance and incident reporting activities across NHS Wales are of an excellent standard in order to establish the CRU as world-class national service.
The Compliance Manager will be responsible for ensuring that incident reporting and auditing process are carried out in a consistent, concise and professional manner, in accordance with cyber security legislation such as the NIS regulations, best practice and Welsh Government requirements.
Main duties of the job
As a Compliance Manager, you will:
- Manage the CRU auditing and reporting processes based on new and updated regulation.
- Lead on Cyber Resiliency Unit audits, and support CRU team members in conducting audits, as required.
- Help establish the reputation of the CRU as a world-class national service.
- Develop a consistent and concise report template for reporting to NHS Wales organisations and Welsh Government.
- Develop dashboards to present reports and KPIs to Management, NHS Wales organisations and Welsh Government.
- Review and quality assess reports produced by CRU before distribution.
- Present reports as required to Management, NHS Wales organisations and Welsh Government.
- Advise NHS Wales organisations on how to improve their compliance status and security posture based on CAF audit results.
- Work with NHS Wales organisations and Welsh Government to further improve the auditing process and reporting structure.
Digital Health and Care Wales (DHCW) is part of the NHS Wales family and has an important role in changing the way health and care services are delivered through technology and data. The organisation supports frontline staff with modern systems and access to important information about their patients, while empowering the people of Wales to manage their own health through digital NHS Wales services.
Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.
Join our game changing, life-saving team and start making a real difference to health and care services in Wales.
Job description
Job responsibilities
A Compliance Manager in cyber resilience will hold a Bachelors Honours degree, preferably Business, ICT or Cyber Security, and hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA exam passed and progressing towards experience requirements.
Candidates will have a broad level of knowledge gained through continuous professional development, training and practical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage:
Excellent knowledge of Cyber Security legislation such as NIS and NIS2 Directives. A deep understanding of the NCSC Cyber Assessment Framework (CAF) and/or other frameworks. Theoretical and specialist knowledge, gained with the following: Recognised qualification in Management or Leadership. Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor). Project delivery qualification (e.g. PRINCE2). Knowledge of NHS Wales or the Health sector.
There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
Job description
Job responsibilities
A Compliance Manager in cyber resilience will hold a Bachelors Honours degree, preferably Business, ICT or Cyber Security, and hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA exam passed and progressing towards experience requirements.
Candidates will have a broad level of knowledge gained through continuous professional development, training and practical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage:
Excellent knowledge of Cyber Security legislation such as NIS and NIS2 Directives. A deep understanding of the NCSC Cyber Assessment Framework (CAF) and/or other frameworks. Theoretical and specialist knowledge, gained with the following: Recognised qualification in Management or Leadership. Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor). Project delivery qualification (e.g. PRINCE2). Knowledge of NHS Wales or the Health sector.
There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
Person Specification
Qualifications and/or Knowledge
Essential
- Educated to degree level, preferably within Business or IT (or equivalent qualification / experience).
- Hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA/CISSA exam passed and progressing towards experience requirements
- Practical experience, working at this level, across the range of work procedures and practices
- Excellent knowledge of the NIS and NIS2 Directives (Cyber Security legislation).
Essential
- Good knowledge and experience of security compliance auditing processes and best practice, using recognised standards such as ISO 27001, CAF or Cyber Essentials.
- Extensive understanding of the principles, processes and challenges of cyber security compliance and its practical application in a multi-disciplinary environment.
Essential
- Technical agility to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
- Communication skills to effectively influence, negotiate and mediate when presenting highly technical information to a wide range of stakeholders across organisational boundaries.
Qualifications and/or Knowledge
Essential
- Educated to degree level, preferably within Business or IT (or equivalent qualification / experience).
- Hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA/CISSA exam passed and progressing towards experience requirements
- Practical experience, working at this level, across the range of work procedures and practices
- Excellent knowledge of the NIS and NIS2 Directives (Cyber Security legislation).
Essential
- Good knowledge and experience of security compliance auditing processes and best practice, using recognised standards such as ISO 27001, CAF or Cyber Essentials.
- Extensive understanding of the principles, processes and challenges of cyber security compliance and its practical application in a multi-disciplinary environment.
Essential
- Technical agility to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
- Communication skills to effectively influence, negotiate and mediate when presenting highly technical information to a wide range of stakeholders across organisational boundaries.
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. .
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. .
Employer details
Employer name
Digital Health and Care Wales
Address
Hybrid working
Location to be confirmed at interview
CF11 9AD
Employer's website