JOB DETAILS JOB TITLE: Information Assurance Officer BAND: 5 HOURS: 37.5 hours per week DEPARTMENT: Information Governance LOCATI.....
JOB DETAILS JOB TITLE: Information Assurance Officer BAND: 5 HOURS: 37.5 hours per week DEPARTMENT: Information Governance LOCATION: Trust HQ Stafford with some home working REPORTS TO: Information Governance and Security Manager ACCOUNTABLE TO: Head of Information Governance and Records Management RESPONSIBLE FOR: N/A WORKING RELATIONSHIPS INTERNAL: Head of Information Governance and Records Management, Deputy Director of Quality and Clinical Performance, Chief Digital Information Officer, Head of Service Development, Head of Application Development, SSHIS. EXTERNAL: ICS Cyber Security and Information Governance or Digital roles as well as digital suppliers. In addition to all Trust personnel, you will be expected to maintain professional working relationships with partner organisations and other external agencies as required. JOB PURPOSE The post holder will support the Trust in delivering the Cyber Strategy by collating information and supporting key roles to ensure that the Trust Board and Senior Information Risk Owner are assured that the strategy is being delivered. The role will be placed within the Information Governance and Records Management Service with a strong link to the Digital Team within the Trust via regular meetings and work reviews relevant to supplier assurance and population of central digital and IG systems with the Service Development Team KEY RESPONSIBILITIES Main duties and responsibilities 1. Ensure that phishing tests are scheduled on a bi-monthly basis. 2. Ensure that phishing test results are reviewed, compiling reports for senior management. 3. Ensure that the Trusts Cyber Security Action Cards are reviewed every three months and updated as required for sign-off by senior management. This will include ensuring that meetings are arranged, and items of concern are added to an agenda. The post holder will also compile the agenda as directed by the Head of Information Governance and Records Management and other key stakeholders. 4. On a monthly basis support in the review the vulnerability reports via logging tickets to receive a report on SMT and then raising any areas of risk with the MPFT Digital Service Development Team if it relates to a third party supplier or raise any HIS related matters with the Head of IG and Records Management. 5. Ensure that internal application vulnerability testing takes place via liaising with the Head of Application Development and managing a calendar of testing, providing the results via a report to the Information Governance Steering Group. 6. Ensure all application requests are logged on SMT for the security team to review any security issues. 7. Maintain a list of approved applications, making it available to all staff. This will include listing any not approved alongside the rationale. 8. Supporting the coordination of work on SMT relating to applications between Information Governance, MPFT Digital and SSHIS. 9. Review all digital suppliers on a monthly basis to ensure their security accreditation (such as ISO27001 and Cyber Essentials Plus) is up to date, contacting account managers where there is a document which has expired and updating MPFT Digital Service Development with their responses. 10. Compile a report of any suppliers without security accreditation, producing a report for the Information Governance Assurance Group. 11. Act as a liaison point between staff within Information Governance and MPFT Digital, attending meetings for both areas to ensure workstreams with cross over receive consistent advice and that timescales are known to both teams. 12. Schedule annual desktop cyber security exercises with the support of the SSHIS IG Lead or EPRR team. This will include ensuring invites go out, an agenda is created and actions are taken on the day. 13. Support in the completion of audits by third parties on compliance with current business practices and policies. This will ensure making information available on the day and acting as a point of contact for the auditor when required. 14. Support on collating and returning information related to Digital Freedom of Information (FOI) requests. 15. Attend face to face Cyber Security Training when run by the central Digital Training Team, offering advice where required and collating any questions and issues for reporting back to senior management. 16. To review monthly the number of staff using their own devices. 17. Attend project meetings monitoring the Trusts Cyber Essentials Plus Accreditation taking away actions relevant to role. 18. Collate information as directed by the Information Governance and Security Manager relating to the Data Security and Protection Toolkit. 19. Support in the collation and dissemination of Cyber Policy changes (in collaboration with SSHIS and MPFT Digital) across the Trust working with the Digital Communications Team and Trust Communications Team where necessary. 20. When directed to request and receive reports related to Role Based Access Codes (RBAC). 21. Attend weekly Change Advisory Board meetings providing input and updates on any applications assessed by members of the Information Governance Team. 22. Ensure risks relevant to the role are reported to the Information Governance Steering Group via liaising with the Digital Service Development Team to gather reports. 23. Support in arranging the annual board cyber security training, liaising with providers and senior managers as necessary. 24. Plan dates for annual testing of key electronic systems and report on any issues highlighted as part of the testing to the Information Governance Steering Group. 25. Ensure all Information Governance Policies are up to date by identifying when they are due to expire. 26. Annually ensure a list of users with enhanced permissions is reviewed and kept up to date alongside SSHIS. 27. Maintain the Trust Information Asset Register ensuring it is updated and asset owners are aware of their responsibilities. 28. In collaboration with MPFT Digital, support the scheduling of back up testing and high availability testing of key Trust systems. Systems and equipment 29. Advanced use of Microsoft Outlook. 30. Advanced use of MS Excel. 31. Extensive use of PC and associated software, especially Microsoft office packages e.g. Outlook, Word, Excel, PowerPoint and Visio. 32. Use of manual and electronic systems to prioritise own work load and that of other administrative staff. 33. Ensuring adherence to Health and Safety legislation at all times. 34. Provide a full range of office tasks as appropriate to the role. Decisions and judgements 35. Act as lead for all security requests received within the department, providing advice and guidance to other administrative staff and colleagues or escalating to SSHIS for further support. 36. Responsible for ensuring SMT tickets directed to Information Governance receive a response go to the correct department for further support. 37. To actively plan testing. 38. To identify issues and escalate as required. 39. To participate in own appropriate training courses/updates in accordance with Trust mandatory requirements and/or individual Personal Development Plans. 40. Work on own initiative with minimal supervision to prioritise and deliver own work Communication and relationships 41. Attend team meetings within the Information Governance Team and wider Service. 42. Attend meetings within the Service Development function as required. 43. Maintain regular communication with others within the Digital and SSHIS Teams. 44. Experience in communicating complex information and concepts at an appropriate level in a clear way. 45. Develop and maintain well-functioning working relationships with account managers from external suppliers. Physical demands of the job 46. Advanced keyboard skills, or alternate method of computer input. 47. There is a frequent requirement for sitting in a restricted position for a substantial proportion of the working time either, for example at a computer desk or in meetings. 48. Occasional lifting and handling requirements. 49. The post holder will need to be able to meet the travel requirements to fulfil the duties of the role. Most challenging/difficult parts of the job 50. Frequent periods of concentration are required when planning and organising work. 51. Working in an extremely busy environment, with constant interruptions by way of phone calls, messages, emails, meetings and urgencies, working to meet deadlines with complete accuracy and managing own and others workload accordingly.
