Compliance Manager

An exciting opportunity has arisen to join the NHS Wales Cyber Resilience Unit as a Compliance Manager. We are looking for someone with a proven background in Information/Cyber security, a flexible 'can do' attitude and approach to work and the ability to provide advice and assurance that security risk across NHS Wales is being managed appropriately.

The NHS Wales Cyber Resilience Unit (CRU) is an independent team hosted by Digital Health and Care Wales (DHCW). Its core purpose is to increase the security and resiliency of information systems across NHS Wales. The CRU has been delegated responsibility by the Welsh Government to lead the implementation and monitoring of compliance with the Network and Information Systems Regulations (NIS) across the NHS in Wales.

The role of the Compliance Manager is to provide direction to the CRU team and ensure its compliance and incident reporting activities across NHS Wales are of an excellent standard in order to establish the CRU as a world‑class national service. The Compliance Manager will be responsible for ensuring that incident reporting and auditing processes are carried out in a consistent, concise and professional manner, in accordance with cyber security legislation such as the NIS regulations, best practice and Welsh Government requirements.

• Manage the CRU auditing and reporting processes based on new and updated regulation.
• Lead on Cyber Resiliency Unit audits, and support CRU team members in conducting audits, as required.
• Help establish the reputation of the CRU as a world‑class national service.
• Develop a consistent and concise report template for reporting to NHS Wales organisations and Welsh Government.
• Develop dashboards to present reports and KPIs to Management, NHS Wales organisations and Welsh Government.
• Review and quality assess reports produced by CRU before distribution.
• Present reports as required to Management, NHS Wales organisations and Welsh Government.
• Advise NHS Wales organisations on how to improve their compliance status and security posture based on CAF audit results.
• Work with NHS Wales organisations and Welsh Government to further improve the auditing process and reporting structure.

A Compliance Manager in cyber resilience will hold a Bachelor's Honours degree, preferably in Business, ICT or Cyber Security, and hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge. The candidate should also have passed the CISA exam and be progressing towards experience requirements.

• Excellent knowledge of Cyber Security legislation such as NIS and NIS2 Directives.
• A deep understanding of the NCSC Cyber Assessment Framework (CAF) and/or other frameworks.
• Recognised qualification in Management or Leadership.
• Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor).
• Knowledge of NHS Wales or the Health sector.

There will be a requirement to travel throughout Wales between sites, as required by the job. The ability to speak Welsh is desirable; Welsh and/or English speakers are equally welcome to apply.

Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance.

Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.

All applicants are invited to apply in Welsh; any application submitted in Welsh will not be treated less favourably than an application made in English.