Skip to main content

This job has expired

Cyber Security Manager

Alder Hey Children's NHS Foundation Trust
£50,952 to £57,349 Per Annum
Closing date
25 Apr 2024

View more

Other Health Profession
Band 8A
Contract Type
Full Time
We have an exciting opportunity for an experienced cyber security specialist to join our team as our Cyber Security Manager to lead on Cyber Security over two NHS Foundation Trust's:
  • Alder Hey Children's Hospital
  • Liverpool Heart and Chest Hospital.

The Cyber Security Manager role will act as our expert on cyber security protection, detection, response, and recovery. The Cyber Security Manager will be responsible for the strategic approach to cyber threat management and will lead the strategic planning of current and future IT security solutions, researching and reviewing industry best practice and upcoming changes to technology and provide assurance against the security architecture of new and existing systems.

The role form part of the wider leadership across the iDigital division, enabling successful cross-function partnerships in relation to ensuring cyber security best practice.

If you'd like to discuss the role further please get in touch!

Main duties of the job

As a natural collaborator and the senior subject matter expert for cyber security, you will define and lead the planning and implementation of cyber security initiatives and policies across the digital estate. You will be overseeing and delivering the Cyber Improvement Plan and align with the organisational strategies and Digital Strategies respectively for each Trust. Working with cyber security, technical IT engineers and information governance professionals, you will support their work to implement secure by design from discovery to production.

Knowledgeable around the requirements relating to protecting critical infrastructure, regulatory compliance within the NHS and knowledge of GDPR/NIS2 requirements. An understanding of the CAF (Cyber Assessment Framework) would be an advantage as you will be leading on ensuring we have governance, processes and technology in place to meet CAF objectives and outcomes.

The Cyber Security Manager will be key in the completion of the Data Security Assessment Toolkit, owning our journey to achieving Cyber Essentials Plus certification and maintaining it along with other cyber compliance and assurance requirements. The role will include working collaboratively with cyber leads across the Cheshire and Merseyside ICS as we work collectively towards defending as one as outlined in the the national Cyber security strategy for health and social care.

About us

Alder Hey Children's NHS Foundation Trust is a provider of specialist health care to over 275,000 children and young people each year. Alder Hey has a presence in community outreach sites and, in collaboration with other providers, our clinicians help deliver care closer to patients' homes by holding local clinics at locations from Cumbria to Shropshire, in Wales and the Isle of Man. The Trust also provides inpatient care for children with complex mental health needs at our Sunflower House building newly relocated, and opened on the hospital site.

We currently have more than 4,000 staff working across our community and hospital sites. We're also a teaching and training hospital providing education and training to around 540 medical and over 500 nursing and allied health professional students each year.

As black and minority ethnic (BME) employees are currently under-represented in this area, we particularly welcome applications from members of our BME communities. All appointments will be made on merit.

You can expect a warm welcome at Alder Hey Childrens NHS Foundation Trust, our staff are friendly and welcoming. We listen to each other and work together to embed our Trusts values and behaviours. At Alder Hey we appreciate our staff and reward them with an outstanding benefits package including:
  • Great flexible working opportunities
  • Lease car scheme and Home Electronics Scheme
  • Generous annual leave and pension scheme
  • Extensive staff health and well-being programmes

Job description

Job responsibilities

To lead on Cyber Security for Alder Hey, working closely with MIAA and peers within Cheshire and Merseyside.

Develop Cyber Security policies and processes providing a significant level of assurance.

To be responsible for the leadership and effective management of the information security management for Alder Hey, ensuring the protection of all data held within the organisation

The post holder will ensure that processes related to the implementation and support for IT security is carried out in accordance with industry and NHS best practice.

The post holder will ensure the processes are documented and they are managed in order to effectively deliver the performance required within an IT security setting.

Main areas of responsibility
  • Support Information Governance and Data protection functions for the Trust to achieve the highest standards of information security, emphasising data protection issues.
  • Manage the Trusts Electronic Information Asset Register to include auditing of all information systems, providing a significant level of assurance.
  • Maintain, improve and disseminate knowledge of Data Protection relating to Information Security issues throughout the Trust.
  • Provide evidence for the achievement of Information Governance Toolkit standards in relation to Data Protection, Confidentiality, Information Security and NCSC which informs the Standards for Better Health
  • Responsible for the ongoing management of security alerts and vulnerabilities in line with NHS CareCert toolkit and NHS Digital good practice guidelines
  • To have an in-depth understanding, and adhere to all IM& T and Trust polices.
  • To ensure robust systems are in place for monitoring data protection and information security incidents.
  • To take a lead on Cyber Security and represent the Trust in Cheshire and Merseyside leadership forums
  • Provide expert advice to the Trust on Cyber security.
  • Act as the subject matter expert in all matters relating to Information Security for Alder Hey, working with departmental representatives to achieve and maintain the Information Security Framework.
  • Conduct Information Security risk assessments on sometimes highly intricate business decisions and systems.
  • The post holder will have a broad understanding of IM& T technologies and specialist knowledge in a number of key technologies such as firewalls, email filters, anti-virus and intrusion detection
  • To develop information security plans that will feed into the wider Trust and IM& T strategies.
  • Responsible for the formulation and development of information security plans and strategies to enable the successful completion and implementation of new systems.
  • Design, and maintain Alder Hey Information Security Framework, Policies, Procedures and Standards based upon the requirements of the law, DSPT Toolkit, NHS and industry best practice (e.g. ISO/IEC 27000 series standards.).
  • Perform full audits on all new information systems prior to installation. Research and recommend alternative technical solutions where risks are present.
  • Develop information security strategies, roadmaps, business cases and remediation plans.
  • As technology develops the post holder will need to regularly investigate developments assessing them for any potential security risks.
  • Create and maintain specialist Cyber Security Awareness training for use by the Trust.
  • Undertake Privacy Impact Assessment (PIA) process to assess the privacy and data protection impact of new projects and/or third party services.
  • Co-ordinate the necessary response and resolution activities following a suspected or actual security incident or breach. Keeping the information risk lead (SIRO) and information asset owners (IAOs) informed of security incidents, impacts and causes, resulting actions and learning outcomes.
  • Ensure that all work undertaken for Alder Hey, in-house or by Third Parties, adheres to the established Security standards.
  • Provide regular assurance reports to the Senior Information Risk Owner and Information Governance lead on all information security matters as part of evidence for the IG Toolkit.
  • Investigate information security incidents, where required, or provide subject matter expertise on Information security incidents investigations.
  • Co-ordinate and manage the implementation of security controls to a sufficient quality required to achieve compliance with relevant information security standards (e.g. DSPT Toolkit, ISO 27001 / 2002) as well as wider industry best practice.
  • Manage and commission annual penetration tests for the Trust Providing management responses for testing reports.
  • Design, develop and maintain Business Continuity plans and carryout desktop exercises to prove the efficiency and accuracy of the plan.
  • Test and provide assurance reports on disaster recovery plans for the IT infrastructure.
  • Provide assistance in developing responses to Freedom of Information requests.
  • To develop Information Governance / DSPT Toolkit Action plans for the Trust. This involves the assessment of Trust systems, processes and policies against the toolkit standards, and liaison with staff.
  • To ensure Information Governance /DSPT toolkits are populated with supporting evidence in order to demonstrate agreed achievement of specific standards.
  • Provide assessment of information processes to maintain the Trusts annual Data Protection
  • To ensure that all information security incidents are recorded, and where necessary to liaise with the Risk Manager and IG Manager within the Trust.
  • Investigate IT security incidents as required, this may involve audit trails, manually checking individual accounts, interviews, producing system reports regarding activity. Formally track evidence in chain of custody.
  • To regularly report on information security incidents to Trusts Information Governance Groups.
  • To compose and ensure that Information Governance Policies in relation to information security are implemented, enforced and monitored and ensure all Trusts embraces a culture of confidentiality.
  • To plan and implement a system of full data protection audit within Trusts. This will involve liaison with staff within Trust and assessing systems and processes against regulations.
  • To report on the results of the data protection audit making recommendations for improvements. This will involve liaison with senior staff within Trusts.
  • Ensure that data protection and information security training for each Trust is up-to-date, and incorporates current Trust policies and practices.
  • Ensure that data protection and information security training is monitored for quality and understanding. This is usually achieved by post training questionnaires and interviews.
  • To keep abreast of IT Security developments and ensure the Trust is adhering to national cyber security initiatives and maintain awareness of cyber threat trends.
  • Through a matrix management approach, ensure all staff with the IT Operations function are leading on developments to support MIAA recommendations and are managing CareCerts alerts.

Person Specification

Qualifications and Knowledge


  • Qualifications meet the requirements for the role
  • In depth experience in Cyber Security and in particular Cyber Governance, Risk and Compliance.
  • Management experience within an IT/Technical/Operational setting.
  • NHS Experience and knowledge with exposure to IT systems and services used preferably within the NHS/Acute setting.
  • Working knowledge of Cyber Security compliance requirements.

Employer details

Employer name

Alder Hey Children's NHS Foundation Trust


Alder Hey Children's Hospital

Eaton Road


L12 2AP

Any attachments will be accessible after you click to apply.


Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert