Skip to main content

This site is independent of the NHS and the Department of Health.

Please wait, loading
  1. Sector
  2. Administrative Services job search
  3. Job list
  4. Job details

Job summary

Main area
IT
Grade
Band 7
Contract
Permanent
Hours
  • Full time
  • Flexible working
37.5 hours per week
Job ref
025-AC324-1225
Employer
Digital Health and Care Wales
Employer type
NHS
Site
Hybrid working
Town
Caerdydd
Salary
£48,527 - £55,532 per annum
Salary period
Yearly
Closing
11/01/2026 23:59
Digital Health and Care Wales logo

Compliance Manager (Cyber Resilience)

Band 7

Digital Health and Care Wales is an ambitious organisation created by Welsh Government to lead on the digital transformation of health and care. It builds on the digital architecture and national services put in place by the NHS Wales Informatics Service over the past decade.

The organisation will lead on large-scale developments that make a significant difference to the people of Wales as well as to health and care professionals, such as expansion of the digital patient record and the creation of a National Data Resource. It will improve the way data is collected, shared and used. Please check your email account regularly. Successful applicants will receive all recruitment related correspondence via the email account registered on the application form.

All applicants are invited to apply in Welsh, any application submitted in Welsh will not be treated less favourably than an application made in English.

 

Job overview

An exciting opportunity has arisen to join the NHS Wales Cyber Resilience Unit as a Compliance Manager. We are looking for someone with a proven background in Information/Cyber security, a flexible 'can do' attitude and approach to work and the ability to provide advice and assurance that security risk across NHS Wales is being managed appropriately 

Who are the CRU?  

The NHS Wales Cyber Resilience Unit (CRU), is an independent team hosted by Digital Health and Care Wales (DHCW). It’s core purpose is to increase the security and resiliency of information systems across NHS Wales.  

The CRU has been delegated responsibility by the Welsh Government to lead the implementation and monitoring of compliance with the Network and Information Systems Regulations (NIS) across the NHS in Wales 

What you'll be doing 

The role of the Compliance Manager is to provide direction to the CRU team and ensure its compliance and incident reporting activities across NHS Wales are of an excellent standard in order to establish the CRU as world-class national service.  

The Compliance Manager will be responsible for ensuring that incident reporting and auditing process are carried out in a consistent, concise and professional manner, in accordance with cyber security legislation such as the NIS regulations, best practice and Welsh Government requirements. 

Please see the attached Job Description for a more complete picture of the post.  

Main duties of the job

As a Compliance Manager, you will: 

  • Manage the CRU auditing and reporting processes based on new and updated regulation.  

  • Lead on Cyber Resiliency Unit audits, and support CRU team members in conducting audits, as required 

  • Help establish the reputation of the CRU as a world-class national service.  

  • Develop a consistent and concise report template for reporting to NHS Wales organisations and Welsh Government.  

  • Develop dashboards to present reports and KPIs to Management, NHS Wales organisations and Welsh Government.  

  • Review and quality assess reports produced by CRU before distribution. 

  • Present reports as required to Management, NHS Wales organisations and Welsh Government.  

  • Advise NHS Wales organisations on how to improve their compliance status and security posture based on CAF audit results.  

  • Work with NHS Wales organisations and Welsh Government to further improve the auditing process and reporting structure.  

The ability to speak Welsh is desirable for this post; English and/or Welsh speakers are equally welcome to apply.

 

Working for our organisation

Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We are also giving patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care. 

Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation. 

Detailed job description and main responsibilities

What we are looking for? 

A Compliance Manager in cyber resilience will hold a Bachelor’s Honours degree, preferably Business, ICT or Cyber Security, and hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA exam passed and progressing towards experience requirements. 

Candidates will have a broad level of knowledge gained through continuous professional developmenttraining and practical experience of working at this level, across the range of work ICT and information security procedures and practices. The following would be an advantage: 

  • Excellent knowledge of Cyber Security legislation such as NIS and NIS2 Directives.  

  • A deep understanding of the NCSC Cyber Assessment Framework (CAF) and/or other frameworks.  

  • Theoretical and specialist knowledge, gained with the following:  

  • Recognised qualification in Management or Leadership.  

  • Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor).  

  • Knowledge of NHS Wales or the Health sector. 

 

There will be a requirement to travel throughout Wales between sites, as required by the job and the ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply. 

 

How to Apply: 

Please send CV’s and letters of interest to [email protected] by midnight 11/01/2024 

If you have any questions regarding the application process or if you require any assistance submitting your application, please contact: 

[email protected] 

Person specification

Qualifications

Essential criteria
  • Hold professional Information Systems certification such as CISA, CIS, CISSP or QiCA, or significant relevant experience which demonstrates equivalent technical knowledge, or CISA/CISSA exam passed and progressing towards experience requirements.
  • Practical experience, working at this level, across the range of work procedures and practices.
  • Educated to degree level, preferably within Business or IT (or equivalent qualification / experience).
  • Excellent knowledge of the NIS and NIS2 Directives (Cyber Security legislation).
Desirable criteria
  • Recognised qualification in Management or Leadership.
  • Relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor).

Knowledge and Experience

Essential criteria
  • Good knowledge and experience of security compliance auditing processes and best practice, using recognised standards such as ISO 27001, CAF or Cyber Essentials.
  • Extensive understanding of the principles, processes and challenges of cyber security compliance and its practical application in a multi-disciplinary environment.
  • Good knowledge and experience of security compliance auditing standards, audit controls and best practice.
  • Proficient in managing and motivating successful technical teams.
  • Expert at delivering concise, accurate, high-quality written reports, providing complex and sensitive data, to tight deadlines.
  • Excellent understanding of the Cyber Assessment Framework (CAF).
Desirable criteria
  • A clear understanding and appreciation of the processes supporting clinical care and the approaches required to design and implement the supporting IT Security environment.
  • Experience of auditing IT solutions in a large, complex environments such as NHS/Healthcare or wider Public Sector.
  • A clear understanding and appreciation of NHS Wales’ national infrastructure and organisational structures.
  • Proficient in coaching and mentoring staff.

Skills and Attributes

Essential criteria
  • Technical agility to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
  • Communication skills to effectively influence, negotiate and mediate when presenting highly technical information to a wide range of stakeholders across organisational boundaries.
  • Interpersonal Skills to develop and maintain effective working relationships across multi-functional teams engaging with users (technical and nontechnical) presenting credible and compelling arguments when defining requirements and implementing solutions.
  • Analytical Thinking to acquire a proper understanding of a highly complex problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
  • Organisational skills to effectively manage complex workloads and multi-task in complex and sensitive environments.
  • Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
Desirable criteria
  • Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
  • Knowledge of NHS Wales or the Health sector.
Apprenticeships logoAge positiveWork With Me - A commitment to becoming a more inclusive business for disabled peopleGold Award for Corporate Health StrategyImproving working livesStop Smoking Wales is the NHS Smoking Cessation Service in WalesGood Recruitment CollectiveStonewall Hyrwyddwr Amrywiaeth Diversity ChampionMindful employer. Being positive about mental health.CTP The Ministry of Defence partnering with Right ManagementDisability confident employerRemploy CymruThe University of Wales Trinity Saint David - Prifysgol Cymru Y Drindod Dewi SantThe Poppy FactoryDying to Work CharterThe Chartered Institute for IT - Reward the professionalism of your team, define and accelerate career paths, and recognise your organisation’s commitment to advancing technology.Federation for Informatics Professionals - A collaboration between the leading professional bodies in health and care informatics supporting the development of the informatics profession.Armed Forces CovenantEmployer pledge demonstrating a commitment to change how we think and act about mental healthCore principles

Applicant requirements

Welsh language skills are desirable

Documents to download

Apply online now

Further details / informal visits contact

Name
Ana Pereira
Job title
Cyber Resilience Manager
Email address
[email protected]

List jobs with Digital Health and Care Wales in Administrative Services or all sectors

Apply online nowAlert me to similar vacancies
  1. Sector
  2. Administrative Services job search
  3. Job list
  4. Job details