Health & Care System Cyber Security Compliance Lead - Joint Cyber Unit

The Joint Cyber Unit (JCU) is a collaboration between the Department of Health and Social Care (DHSC) and NHS England (NHSE). The JCU is embedded within the Digital Policy Unit (DPU), a unit comprising both DHSC staff and NHSE staff intended to design, plan and build a digitally enabled, data driven and safe health and social care system with ministers and the NHS. The purpose of the JCU is to provide strategic leadership in cyber security across the health and care sector, assure the cyber security of the sector, act as system stewards to improve cyber resilience across the health and care system and to provide advice which empowers health and care staff to share information appropriately and securely to deliver care. The JCU is comprised of two divisions:

• Governance, Risk and Compliance - cyber and information governance, system engagement, system compliance, system supply chain, system risk management and internal JCU business operations.
• Strategy and Policy - development and implementation of national strategy, policy and regulation.

The purpose of the Compliance and Engagement team is to monitor performance and assess the cyber security compliance of organisations across the Health and Care landscape, identifying where organisations need more support through providing evidence-based confidence in the effectiveness of cyber security controls, processes and systems.

• Evaluating compliance against statutory, regulatory and NHS requirements such as Data Security and Protection Toolkit (DSPT), Network and Information Systems (NIS) Regulations and national security policies.
• Engaging with the NHSE regional cyber leads to understand drivers, blockers and emerging incidents related to cyber security.
• Developing strategies and supports Board level decision making by presenting findings aligned to business risk and impact.
• Developing strategies to support remediation work across the health and care system supporting organisations to improve their cyber security maturity.
• Monitoring performance of organisations across Health and Care, identifying organisations where more support is needed and unblocks access to further support through funding, national services, regulation or engagement.
• Analysing and reporting on compliance performance across the system identifying trends and common areas of weakness across the system.

The NHS England board has set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all, which will inform the detailed design work. We will achieve this purpose by:

• Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities.
• Making the NHS a great place to work, where our people can make a difference and achieve their potential.
• Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care.
• Optimising the use of digital technology, research, and innovation.
• Delivering value for money.