Information Security Manager Digital

To provide leadership, technical direction and guidance on matters of Cyber / Information Security Governance, Risks/Issues, Technical Controls, Procedures, best practice and Standards. To ensure that NHS Lanarkshire achieves and maintains the assurance standards provided by Network and Information Security Regulation and Data Protection legislation. To be lead assessor for all Cyber Security Digital IT controls for NHS Lanarkshire and to collaborate with partner organisations/agencies on a range of complex and sensitive security issues providing expert specialist advice on Information and Cyber Security to other IT Professionals, Clinicians and all staff in NHS Lanarkshire. To assist and advise the Head of Information Governance and Director of Digital on ensuring that NHS Lanarkshire Information Security Policies, Procedures, Active Cyber Defence Tools and Configurations are mitigating the Cyber Security Operational Risks, are following National Guidance, reflect the latest Good Practice for the Digital Estate, and aligns with the IT / Cyber Security industry.

Additionally to work with our Enterprise Architect to ensure that NHS Lanarkshire's security architecture and framework is appropriate and relevant to NHS Lanarkshire's stated cyber security needs and objectives.

Have you always wanted to work with NHS Lanarkshire? Then this might be the opportunity for you to join Team Lanarkshire! Here at NHS Lanarkshire, we put the patient at the heart of everything we do. Each colleague within the organisation plays a key role in how we deliver our healthcare services.

We proudly serve a population of 655,000 across rural and urban communities in both North and South Lanarkshire. NHS Lanarkshire is comprised of Acute Services (which currently provide hospital based services over 3 main sites), Corporate & Property & Support Services, North and South Lanarkshire Health and Social Care Partnerships which provide integrated primary healthcare and social care services to local communities and surrounding areas.

• Relevant and extensive IT experience gained through working within an IM&T setting at a senior level, in the areas of IT Infrastructure and or Applications management.
• Graduate or equivalent level qualification in Cyber Security or extensive experience within an Information Security role and an industry standard qualification preferred e.g. CISM, CISSP.
• Excellent analytical and technical skills.
• Hands‑on experience in IT project management with formal processes.
• Must have sound experience in the architecture design and the operations of the high availability environment.
• Broad knowledge of the trends in technologies and the applicability of these 8 technologies
• Ability to quickly digest new technologies.
• Ability to communicate well with both technical and non‑technical staff.
• Ability to determine and advise on the alignment of emerging technologies with the business objectives.
• Experience of creating or maintaining an Information Security Management System (ISMS).
• Strong change management skills, including team leading experience.
• Knowledge of incident response and analysis, along with experience and awareness of the business issues in the NHS.
• Demonstrable experience of managing Information/cyber security applications and risks in a related area either in NHS, service industries or commerce.
• Experience of staff management/leadership.
• Evidence of Continuing Personal Development.
• Experience of procurement of information systems and associated tender processes.
• Ability to influence others and develop and maintain effective working relationships with senior managers, clinicians, administration staff, Informatics staff and third party service providers.
• Excellent interpersonal, negotiation, facilitation and communication skills.
• Ability to understand, analyse and re‑engineer complex processes.
• Excellent organisational & time management skills.
• Ability to negotiate & influence change at all levels.
• Ability to understand, analyse & disseminate complex concepts to a wide range of staff with varying levels of technical understanding.

• Hold an industry standard Cyber/Information Security qualification e.g. CISM/CISSP
• Evidence of continual professional development in an IT or Health Service related area
• Experience in a senior cyber or information security role.
• Experience of managing Information/cyber security applications and risks in a related area either in NHS, service industries or commerce.
• Experience of reviewing working practices. Technology and information systems to ensure they are secure and meeting policy and legal requirements.
• Evidence of experience in a similar role
• Experience of working with third party incident response specialists e.g. NCSC.
• Knowledge of Data Protection / privacy legislation
• Prior knowledge of the main IT Systems used in NHS Scotland (i.e. Trakcare, Clinical Portal etc)
• Knowledge of process and data flow techniques in planning and implementation activities in a complex environment.
• Knowledge of standard Microsoft desktop products, i.e. Microsoft Office.. MS project.
• Good knowledge of data Protection issues and IT security
• Critical appraisal and report writing skills.
• Understand and interpret legislation associated with information governance.
• Ability to analyse highly complex incidents which may be open to external scrutiny e.g. court.
• Manage a broad range of complex activities which complement the cyber security strategy
• Authoring and maintaining clear, easy to understand organisation wide policies to ensure compliance with legislation
• Proven ability to manage own workload and often conflicting priorities.
• Ability to deal with sensitive information with discretion.
• Ability to deal diplomatically with staff and the public
• Experience of developing and/or delivering training for cyber and information security.
• Ability to understand, analyse and re‑engineer complex processes.
• Expertise in the subject areas and able to influence strategy, policy and operational decision‑making.

Permanent

Full time

37 Hours

This role will be based in Digital Strategy and Governance within Kirklands - NHSL Headquarters.

Whilst this advertisement may be for a specific post(s) in a particular location, applicants who are shortlisted for interview may be considered for similar vacancies in alternative locations.

If you're looking to find out more, then we would love to hear from you!

For more information on the role, please refer to the Job Description. If you're looking for more information on the recruitment process, organisation or the services we provide, please refer to our information pack, or our recruitment webpage.

• Posts close at midnight on the indicated date. However, if there are a high level of interest in this position, we may close the advert once sufficient applications are received. Please complete and submit your application early.
• For help to complete an application on Jobtrain please follow this link: https://www.careers.nhs.scot/how-to-apply/application-process/
• Please check your e-mail regularly (including junk & spam folders) as well as your Jobtrain account for updates.
• We recommend using the Internet Browser "Google Chrome" or "Microsoft Edge" when using Jobtrain
• Once you have submitted your application form you will be unable to make any amendments

NHS Lanarkshire has a legal obligation to ensure that it does not employ any worker who has not been granted the relevant permission to work in the UK.

We are required to check the entitlement to work in the UK of all prospective employees, regardless of nationality or job category. UK Visas & Immigration rules are available at www.bia.homeoffice.gov.uk.

Prospective applicants are encouraged to check eligibility in advance of applying for vacancies in NHS Lanarkshire.

*Care experienced applicants include those who have lived with foster parents, kinship carers, or in residential/secure children's settings.

Candidates should provide original and authentic responses to all questions within the application form. The use of artificial intelligence (AI), automated tools, or other third‑party assistance to generate, draft, or significantly modify responses is strongly discouraged. By submitting your application, you confirm that all answers are your own work, reflect your personal knowledge, skills and experience, and have not been solely produced or altered by AI or similar technologies. Failure to comply with this requirement may result in your application being withdrawn from the application process.

Join us and you will discover a supportive environment where you will have the chance to add to your skills and further your career.

Some of NHS Lanarkshire's benefits include:

• A minimum of 27 days annual leave increasing with length of service
• A minimum of 8 days of public holidays
• Membership of NHS Pension Scheme, with life insurance benefits (for more information on the NHS Pension Scheme visit the Scottish Public Pension)
• Paid sick leave increasing with length of service
• Occupational health services
• Employee counselling services
• Work‑life Balance policies and procedures

NHS Lanarkshire have a range of support services on topics that can impact both on your working and personal life including occupational health, spiritual care and independent counselling. This support can be accessed using the links on this page.