HTA IT Cyber & Security Compliance Manager- Human Tissue Authority

Salary: Grade 2: £30,000- £42,000 per annum, successful candidates can be expected to be appointed atthe minimum of the band

Contracted Hours: Fulltime – 36 hours per week

Contract Type: Permanent
Location: Homebased or Hybrid working (London-based office)
Closing Date: Tuesday 15thJuly 2025 at 11.59pm
TelephoneInterviews: W/C 4th August 2025
FinalInterview: W/C 21st August 2025

Please note CQC are advertising this role onbehalf of the Human Tissue Authority

This role is NOT open to applications fromthose who will require sponsorship under the points-based system. Should youapply for this role and be found to require sponsorship, your application willbe rejected, and any provisional offer of employment withdrawn.

About the Human Tissue Authority…
TheHuman Tissue Authority’s (HTA’s) primary goal is to protect public andprofessional confidence in the safe and ethical use of human tissue.
We arethe national independent regulator for organisations that remove, store and usetissue for research, medical treatment, post-mortem examination, teaching andpublic display. We also approve organ and bone marrow donations from livingpeople. With the interests of the public and those we regulate at the centre ofour work, we aim to maintain confidence by ensuring that human tissue is usedsafely and ethically, with proper consent.

Whythis could be a great role for you….
An opportunity has become available withinHTA’s Data, Technology& Development team for an experienced IT professional to jointhe team. The role will be responsible for ensuring best practices againstCyber Security Frameworks, identifying and managing cyber security threats andmaintaining a strong IT security posture. This role is hands-on with thesuccessful candidate being able to generate accurate reporting and bringproposed solutions to the Head of IT to mitigate any identified threats. Thisrole will also work closely with our third-party to support the delivery of asafe and secure network infrastructure.

Whatyou will bring…..
To succeed in therole, you will have experience as an IT professional (or similar) with workingexperience and technical expertise,strong data analytical knowledge and application, with a passion for CyberSecurity.
You will be an effective communicator who iswilling to make challenging and fair decisions about potential risk identifiedin our Cyber Landscape, produce evidential based reporting to back up theidentification and present suitable mitigation solutions to manage thepotential risk.
As the role is varied, you will also be able tomanage multiple tasks and workstreams simultaneously, ensuring effectiveprioritisation in line with emerging needs.
Your role is vital in ensuring the HTA remainssecure and that our people, data and technology are protected from CyberThreats and potential Attack.

Insummary you will:
Complete daily proactive checks of our core essential functions, recording any potential threats and advising the Head of IT on mitigations and remediations.
Guide, inform and support the submission of compliance-based assessments mandated by the Government such as the Cyber Assessment Framework.
Attend and engage as an advocate for the HTA in forums and conferences to help gauge knowledge and experiences across other ALB organisations.
Proactively analyse and report against potential third-party threats from external sources.
Maintain and record potential risks against the IT Risk Register, escalating these to the Head of IT where appropriate.
Support other business leaders within the organisation around their security posture. Aid and support their development in enhancing their knowledge.
Supporting on the reporting mechanisms for the Director of Data, Technology and Development, Head of IT and ARAC.
Identify and implement new security measures to improve the Cyber Security posture of the HTA.
Analyse and monitor inbound and outbound mail flow to identify any potential risks and escalate accordingly.
Work closely with our Third-Party support on all aspects of IT in collaboration with the IT Business Systems and Operations Manager.
Lead on the annual Penetration and Vulnerability Assessment, working with potential stakeholders and suppliers to ratify any potential threats.
In conjunction with the IT Business Systems and Operations Manager provide support, guidance and cover as necessary to maintain the provision of a core IT service.
Evaluate and analyse tools that operate within an Artificial Intelligent framework. Looking at tools that will provide early warning to potential threats.
Contribute as instructed in the review and implementation of HTA IT policies to ensure compliance and adherence across all policies
Lead on the development and implementation of a programme of regular Cyber Security and wider system spot checks reviewing the resilience and reliability of systems, analysing access controls and elevated security rights.
Analyse and review the usage of our Data across all HTA Core Systems to ensure that data is stored, managed and transmitted in line with GDPR and HTA policies.
Gather and maintain working evidence of good security management to align with the requirements and assurances within the Cyber Assessment Framework.
Lead on the development of a programme to perform regular recovery validation exercises to analyse the validity of our backups and ensure that these are fit for purpose.
Monitor activity user account activity to provide assurance on adherence to policies and respond to any activity that may appears suspicious.
Manage any Cyber Security Incident working with any associated third parties, reporting these through the business hierarchy.
Work closely with our Third-Party on any Respond to an NHS Cyber Alert (RTANCA) notification.

EssentialCriteria
A degree or equivalent qualification in IT.
A minimum of 3 yrs work experience in IT and within a Cyber Security based role.
Excellent communication and interpersonal skills to write and verbalise potential complex issues and reports.
Ability to work independently and across multi-functional teams in a homeworking environment, with collaboration to help deliver secure services.
Excellent written and oral communication skills, including the ability to communicate complex information and key messages to stakeholders at a range of levels and with varying expertise.
Strong interpersonal skills, including the ability to influence and collaborate with stakeholders and establish good working relationships.
Demonstrably identifies and understands the value / contribution of stakeholders and effectively creates open, creative, constructive, timely and inclusive engagement.
Experience of being able to effectively prioritise and organise work, including while under pressure.

Desirable criteria
Knowledge of the NHS digital frameworks and being a member of the CAN
Understanding on project management methodologies and previous experience of project delivery and support
Previous delivery of the Data Protection Security Toolkit and understanding of compliance-based frameworks.

What we can offer you….
Your health and wellbeing isimportant to us and we support you through generous annual leave (32.5 days,plus eight Bank Holidays), a cycle to work scheme, a subsidised gym membershipand an eye care initiative. We also offer membership of the NHS pension scheme.
While our office is based inStratford, London, we offer a flexible office-based contract (requiring aminimum of 1 day a week in the office) or a remote-working home-based contract(requiring you to attend the office when there is a business need). We ensurethat our home-based workers are also kitted out with what they need tocomfortably work from home.
We welcome candidates from allbackgrounds, and especially welcome individuals from underrepresentedgroups.

Individualadjustments...
We are committed to being open andtransparent around our processes and we endeavour to offer every candidate theopportunity to perform at their best throughout the recruitment process. Weseek to support candidates to identify potential challenges and work with themto identify and facilitate reasonable adjustments as appropriate. Should yourequire assistance and/or would like to request a reasonable adjustment at anystage of the recruitment process, please contact a member of the team viaemail:recruitment@cqc.org.uk

For further information please download the job description:JD - IT & Cyber Security Compliance Officer - FINAL.docx