Information Assurance Officer

Job summary

The post holder will support the Trust in delivering the Cyber Strategy by collating information and supporting key roles to ensure that the Trust Board and Senior Information Risk Owner are assured that the strategy is being delivered.

The role will be placed within the Information Governance and Records Management Service with a strong link to the Digital Team within the Trust including regular meetings and work reviews relevant to supplier assurance and population of central digital and IG systems.

Main duties of the job

The post holder will support the Information Assurance agenda across the Trust, including assisting and supporting in the collation and dissemination of cyber assurance policies, standards, procedures and staff guidance relating to information assurance across the Trust.

Collate information as directed by the Information Governance and Security Manager relating to the Data Security and Protection Toolkit.

Ensuring Phishing Tests are scheduled, reviewed and reports compiled.

Attending a variety of meetings as required, including Cyber Security meetings, Information Governance meetings/Steering Group, Service Development meetings.

Support in preparing reports.

Logging and reviewing SMT Tickets, assisting the Information Governance Team in monitoring, managing and actioning tickets.

Maintaining lists of approved and rejected applications.

Scheduling desktop cyber exercises.

Supporting with audits and compliance checks.

Support in arranging Cyber Security Board training, liaising with providers and senior managers as required.

Maintaining the Trust Information Asset Register, ensuring it is updated and asset owners are aware of their responsibilities. Provide regular reporting.

Plan dates for testing of key systems.

In collaboration with MPFT Digital, support the scheduling of back up testing and high availability testing of key trust systems.

Identify key issues and escalate as required.

About us

By joining Team MPFT, you will be helping your communities and in return for this, we will support you by;

Supporting your career development and progression Excellent NHS Pension scheme Generous maternity, paternity and adoption leave Options for flexible working Up to 27 days annual leave (increasing with service up to 33 days) and the opportunity to purchase additional leave Extensive Health and Wellbeing support and resources If you work in our community teams, we pay for your time travelling between patients Lease car if you complete more than 500 business miles per annum, fully insured and maintained (including tyres), mileage paid at lease car rate Salary sacrifice car - fully insured and maintained (including tyres), your gross pay is reduced by the cost of the vehicle before tax, NI and pension deductions are calculated, mileage paid at business rates Salary sacrifice bikes up to £2k Free car parking at all trust sites Free flu vaccinations every year Citizens Advice support linked with a Hardship Fund for one off additional support up to £250 (if the criteria is met)

And more. We are proud to be a diverse and inclusive organisation and there is a choice of staff networks that help you meet like-minded people.

Job description

Job responsibilities

JOB DETAILS

JOB TITLE: Information Assurance Officer

BAND: 5

HOURS: hours per week

DEPARTMENT: Information Governance

LOCATION: Trust HQ Stafford with some home working

REPORTS TO: Information Governance and Security Manager

ACCOUNTABLE TO: Head of Information Governance and Records Management

RESPONSIBLE FOR: N/A

WORKING RELATIONSHIPS

INTERNAL: Head of Information Governance and Records Management, Deputy Director of Quality and Clinical Performance, Chief Digital Information Officer, Head of Service Development, Head of Application Development, SSHIS.

EXTERNAL: ICS Cyber Security and Information Governance or Digital roles as well as digital suppliers.

In addition to all Trust personnel, you will be expected to maintain professional working relationships with partner organisations and other external agencies as required.

JOB PURPOSE

The post holder will support the Trust in delivering the Cyber Strategy by collating information and supporting key roles to ensure that the Trust Board and Senior Information Risk Owner are assured that the strategy is being delivered.

The role will be placed within the Information Governance and Records Management Service with a strong link to the Digital Team within the Trust via regular meetings and work reviews relevant to supplier assurance and population of central digital and IG systems with the Service Development Team

KEY RESPONSIBILITIES

Main duties and responsibilities

1. Ensure that phishing tests are scheduled on a bi-monthly basis.

2. Ensure that phishing test results are reviewed, compiling reports for senior management.

3. Ensure that the Trusts Cyber Security Action Cards are reviewed every three months and updated as required for sign-off by senior management. This will include ensuring that meetings are arranged, and items of concern are added to an agenda. The post holder will also compile the agenda as directed by the Head of Information Governance and Records Management and other key stakeholders.

4. On a monthly basis support in the review the vulnerability reports via logging tickets to receive a report on SMT and then raising any areas of risk with the MPFT Digital Service Development Team if it relates to a third party supplier or raise any HIS related matters with the Head of IG and Records Management.

5. Ensure that internal application vulnerability testing takes place via liaising with the Head of Application Development and managing a calendar of testing, providing the results via a report to the Information Governance Steering Group.

6. Ensure all application requests are logged on SMT for the security team to review any security issues.

7. Maintain a list of approved applications, making it available to all staff. This will include listing any not approved alongside the rationale.

8. Supporting the coordination of work on SMT relating to applications between Information Governance, MPFT Digital and SSHIS.

9. Review all digital suppliers on a monthly basis to ensure their security accreditation (such as ISO27001 and Cyber Essentials Plus) is up to date, contacting account managers where there is a document which has expired and updating MPFT Digital Service Development with their responses.

10. Compile a report of any suppliers without security accreditation, producing a report for the Information Governance Assurance Group.

11. Act as a liaison point between staff within Information Governance and MPFT Digital, attending meetings for both areas to ensure workstreams with cross over receive consistent advice and that timescales are known to both teams.

12. Schedule annual desktop cyber security exercises with the support of the SSHIS IG Lead or EPRR team. This will include ensuring invites go out, an agenda is created and actions are taken on the day.

13. Support in the completion of audits by third parties on compliance with current business practices and policies. This will ensure making information available on the day and acting as a point of contact for the auditor when required.

14. Support on collating and returning information related to Digital Freedom of Information (FOI) requests.

15. Attend face to face Cyber Security Training when run by the central Digital Training Team, offering advice where required and collating any questions and issues for reporting back to senior management.

16. To review monthly the number of staff using their own devices.

17. Attend project meetings monitoring the Trusts Cyber Essentials Plus Accreditation taking away actions relevant to role.

18. Collate information as directed by the Information Governance and Security Manager relating to the Data Security and Protection Toolkit.

19. Support in the collation and dissemination of Cyber Policy changes (in collaboration with SSHIS and MPFT Digital) across the Trust working with the Digital Communications Team and Trust Communications Team where necessary.

20. When directed to request and receive reports related to Role Based Access Codes (RBAC).

21. Attend weekly Change Advisory Board meetings providing input and updates on any applications assessed by members of the Information Governance Team.

22. Ensure risks relevant to the role are reported to the Information Governance Steering Group via liaising with the Digital Service Development Team to gather reports.

23. Support in arranging the annual board cyber security training, liaising with providers and senior managers as necessary.

24. Plan dates for annual testing of key electronic systems and report on any issues highlighted as part of the testing to the Information Governance Steering Group.

25. Ensure all Information Governance Policies are up to date by identifying when they are due to expire.

26. Annually ensure a list of users with enhanced permissions is reviewed and kept up to date alongside SSHIS.

27. Maintain the Trust Information Asset Register ensuring it is updated and asset owners are aware of their responsibilities.

28. In collaboration with MPFT Digital, support the scheduling of back up testing and high availability testing of key Trust systems.

Systems and equipment

29. Advanced use of Microsoft Outlook.

30. Advanced use of MS Excel.

31. Extensive use of PC and associated software, especially Microsoft office packages Outlook, Word, Excel, PowerPoint and Visio.

32. Use of manual and electronic systems to prioritise own work load and that of other administrative staff.

33. Ensuring adherence to Health and Safety legislation at all times.

34. Provide a full range of office tasks as appropriate to the role.

Decisions and judgements

35. Act as lead for all security requests received within the department, providing advice and guidance to other administrative staff and colleagues or escalating to SSHIS for further support.

36. Responsible for ensuring SMT tickets directed to Information Governance receive a response go to the correct department for further support.

37. To actively plan testing.

38. To identify issues and escalate as required.

39. To participate in own appropriate training courses/updates in accordance with Trust mandatory requirements and/or individual Personal Development Plans.

40. Work on own initiative with minimal supervision to prioritise and deliver own work

Communication and relationships

41. Attend team meetings within the Information Governance Team and wider Service.

42. Attend meetings within the Service Development function as required.

43. Maintain regular communication with others within the Digital and SSHIS Teams.

44. Experience in communicating complex information and concepts at an appropriate level in a clear way.

45. Develop and maintain well-functioning working relationships with account managers from external suppliers.

Physical demands of the job

46. Advanced keyboard skills, or alternate method of computer input.

47. There is a frequent requirement for sitting in a restricted position for a substantial proportion of the working time either, for example at a computer desk or in meetings.

48. Occasional lifting and handling requirements.

49. The post holder will need to be able to meet the travel requirements to fulfil the duties of the role.

Most challenging/difficult parts of the job

50. Frequent periods of concentration are required when planning and organising work.

51. Working in an extremely busy environment, with constant interruptions by way of phone calls, messages, emails, meetings and urgencies, working to meet deadlines with complete accuracy and managing own and others workload accordingly.

Person Specification

Qualifications and Experience

Essential

oDegree level qualification or demonstrate equivalent experience, ideally within an IT or Cyber Security discipline oExperience of planning, organising and scheduling activities of self and team in a pressured working environment with changing priorities oEvidence of understanding, producing and analysing complex data sets or information to ensure compliance with a range of targets oAble to produce documents, reports to high standards and to meet deadlines, including drafting documents on behalf of senior management oExcellent organisational skills, including the ability to prioritise, forward plan, operate to deadlines and to design modern office administration systems oAnalytical and problem-solving skills

Desirable

oCyber Security Qualification oPrevious NHS experience oExperience of leading on the design, development and evaluation of new IT systems oStrong information and IT based service management skills oKnowledge of NHS policies and procedures oKnowledge of data protection legislation

Experience

Essential

o Able to produce documents, reports to high standards and to meet deadlines, including drafting documents on behalf of senior management

Desirable

Preferably within an NHS environment

---