Job vacancy: Principal Digital Risk Consultant (Risk and Governance), Liverpool University Hospitals NHS Foundation Trust, Liverpool

Job summary

Main area

Digital

Grade

Band 8b

Contract

Permanent: The postholder will be required to travel across MIAA footprint and will be expected to work from client/office sites as and when required to meet the service needs of the organisation.

Hours

Full time
Flexible working

37.5 hours per week (Monday to Friday)

Job ref

287-MIAA-6-26

Employer: Liverpool University Hospitals NHS Foundation Trust
Employer type: NHS
Site: MIAA Regatta Place
Town: Liverpool
Salary: £66,582 - £77,368 per annum
Salary period: Yearly
Closing: 10/07/2026 23:59

Principal Digital Risk Consultant (Risk and Governance)

Band 8b

Detailed job description and main responsibilities

The agency operates in a unique competitive trading environment always requiring a professional customer-focus and a range of commercial skills of the postholder. This trading environment creates a business model that requires income to be secured in open competition against multinational consulting and accountancy firms. Income needs to be secured on a regional and national basis to maintain operational and strategic viability.

There is the requirement to have responsibility across the function, and the wider MIAA, for aspects of the design and adaptation of information systems. Also, this responsibility extends to other NHS bodes through audit related consultancy and opinions.

A substantial element of the job involves utilising a number of office based and client computer systems, as well as technical interrogation, testing and monitoring tools to evaluate system and produce the audit outputs.

Communication and the establishment of personal credibility as a subject matter expert at Board level with the clients are central to the job. This is built upon the provision and receipt of highly complex, highly contentious, highly technical and highly sensitive information of a confidential nature and the demonstration of highly specialist knowledge and practical experience. This will require developed negotiation, tact, and persuasion skills as well as a deep appreciation and understanding of complex client risks, NHS systems and existing guidance.

Discussions with senior and non-digital staff from a substantial element of the job often concerning contentious and complicated risk, control, and governance issues at a corporate level. Communication will involve negotiating with, and influencing, external agencies. The job involves significant involvement in persuading and negotiating the reasoning behind highly complex recommendations with senior staff, up to and including Board level, across a range of disciplines to arrive at an agreed position. Communication of findings and advice will be personally and principally delivered through attendance at Audit Committee and other high level presentations, often to large groups of staff.

Work is managed rather than supervised, with the jobholder working within set procedures and broad guidelines as defined by the Quality System and corporate policies, but having substantial freedom to act with autonomy and to interpret policies, standards, and legislation to meet the strategic and operational requirements of MIAA and clients..

The nature of the work necessitates a thorough and concentrated focus on technologies, systems, and processes to deliver consistent and robust opinions whilst balancing competing priorities. The work pattern is often unpredictable but there is routinely a need to actively participate and lead Board level discussions and workshops requiring high levels of sustained concentration. Meeting competing deadlines is a routine element of the job.

For further information please read the Job description and person specification in full.

Person specification

Qualifications

Essential criteria

Level 7 Qualification in an Informatics or Cyber Security subject/equivalent e.g. Masters degree or equivalent
Qualification in Computer Audit (QiCA) or Certified Information System Auditor (CISA) or Demonstrable, significant experience in the field of IT/IS Audit

Desirable criteria

Certified Information Security Manager
Certified Data Protection Officer
Prince 2 project management or Managing Successful Programmes
CREST Penetration Tester
CHECK Team Member
CHECK Team Leader

Experience

Essential criteria

Must have senior experience of working in audit and consultancy or within a senior role in digital delivery
Must have significant demonstrable PQE plus self-certified CPD
Experience of operating at board level, presenting to an audit committee and influencing Exec and Non Exec Directors
Demonstrable understanding of the role of audit and consultancy and relevant techniques for delivery
Must have significant experience of recruiting, developing, managing and supervising staff
Must have experience of working in the NHS or other public sector organisation resulting in a developed understanding of digital systems, risks and processes. Alternative experience in an equivalent organisation may be acceptable

Knowledge

Essential criteria

Full and mature understanding of NHS and public sector structures, policy, functions, and digital systems together with the aptitude to build on that knowledge
Full understanding of the digital risk agenda, corporate governance, risk management and assurance principles and practice
Full and mature understanding of audit and IM&T principles and practice together with the aptitude to build on that knowledge
Must understand corporate governance, risk management and assurance principles and practiceq
Demonstrate a full understanding of audit and financial principles and practice together with the aptitude to build on that knowledge
Specific technical knowledge including: processes, tools and techniques of information security management, protection of information and information systems, application security, data loss, prevention and access control, vulnerability assessment tools, endpoint security configuration, IT security and data protection, network monitoring and analysis, methods and tools of forensics investigations for IT security violations, tools and techniques of cyber security management, vulnerability assessment tools, tools and techniques for assessing the effectiveness of information security measures

Skills

Essential criteria

Excellent written and verbal communication skills, including presentational, negotiation and influencing skills
Excellent analytical skills
Strong supervision, team building, staff management, coaching, mentoring and staff development skills
Ability to negotiate, persuade and influence, sometimes in a setting that is unresponsive or hostile to audit findings
High levels of numeracy and keyboard skills
Ability to make judgements and recommendations in the context of complex systems and materiality of findings
Good time management skills and the ability to work to tight deadlines and manage competing priorities
Ability to contribute to strategic corporate direction

Please ensure you check the email account (including junk/spam boxes) from which you apply regularly as we will use this to contact you regarding your application.

Posts advertised to ‘internal staff’ are open to employees of hospitals within University Hospitals of Liverpool Group and you should confirm your employment within your application form.

Note: Under current Home Office Immigration Rules we are currently unable to offer right to work visa sponsorship for Band 2 and 3 roles with a salary of less than £25,000 pa as they do not meet the UK Visas & Immigration criteria.

Only those applicants who demonstrate clearly how they meet our person specification will be shortlisted for interview.

We reserve the right to close any vacancies from further applications when we have received a minimum number of applications from which to make a shortlist. Please ensure you apply without delay if you wish to be considered for this role.

Candidates applying for the role of Healthcare Assistant on the staff bank should note that due to the nature of the role, workers must be aged 18 or above when commencing in post. Applicants are therefore welcome from those aged over 18 or within 3 months’ of their 18^th birthday.

The Trust is committed to promoting a healthy work-life balance and achieve fair, equitable and consistent practice. We welcome flexible working requests and will consider a variety of flexible working arrangements from day one of your employment. Not all roles are suitable for every flexible working opportunity all of the time. Flexible working options may include reduced hours, compressed hours, fixed shifts, time back in lieu and home working.

The Trust is committed to promoting equality and diversity; we value the contribution of individual talent, skills, knowledge and experience and aim for a workforce demography representative of the local community. We encourage applicants from the following groups that are currently under-represented in our workforce black, Asian and minority ethnic, lesbian, gay, bisexual and Transgender (LGBTQ+), disabled, male and age 16-24.

Trust policy requires that the cost of submitting & processing the successful applicant/s DBS application be recovered via salary deduction following start in post. The amount of £26.50 (standard disclosure) or £54.50 (enhanced disclosure) will be deducted from salary, in manageable monthly instalments for up to 3 months following commencement of employment. Bank posts require upfront payment.

From April 2017, Skilled visa applicants and their adult dependant(s) will be required to provide a criminal record certificate from each country they have lived in consecutively for 12 months or more in the past ten years.

Applicants requiring sponsorship may wish to determine the likelihood of obtaining sponsorship for this position by assessing themselves against the criteria on the gov.uk website - https://www.gov.uk/check-uk-visa.

This organisation has a zero-tolerance approach to the abuse of children, young people and vulnerable adults. All staff must ensure they adhere to the organisations safeguarding children and adults’ policy and comply with the Local Safeguarding Children and Adult Board procedures.

Staff should be mindful of their responsibility to safeguard children and adults in any activity performed on behalf of the organisation in line with the requirements of statutory guidance and legislation.

All employees (and volunteers)are expected maintain their safeguarding knowledge and skills by completing mandatory safeguarding training which includes understanding and recognising the signs of abuse and neglect and taking appropriate action.

As an organisation, we have adopted the Merseyside Domestic abuse workplace scheme which supports our staff who are experiencing Domestic Abuse /any forms of sexual violence.

If you have any personal requirements that will enable you to participate in our recruitment process please contact a member of the Recruitment Services by phone on 0151 706 4666 at the earliest opportunity to ensure that measures can be put in place to enable your application for this post.

Please note: new entrants to the NHS will commence on the first pay point of the relevant band.