Information Security Manager

**** COVID-19 - Please note that during this time all interviews will be conducted remotely. If successful you will also initially be working remotely in line with guidance from Scottish Government***

Who We Are

NHS Education for Scotland (NES) is an education and training body and a special health board within NHS Scotland, with responsibility of developing and delivering education and training for the healthcare workforce in Scotland.

What you'll do

Key tasks will include but are not restricted to;

• Responsible for coordinating, implementing and maintaining all information security governance aspects of the Information Security Management System (ISMS), including management of the ISMS documentation set for ISO27001 and the Network & Information Systems (NIS) Regulations.
• Interpreting national security policies and legislation to ensure that NES has a robust and comprehensive security framework, including the development of appropriate policies and procedures to support NES adherence to national policies and any legislative changes.
• Develop Information Security training materials and regularly deliver specialist training to all NES staff designed to instill a security conscious culture, enabling the objectives of the ISMS security framework to be met.
• Ensuring appropriate communications are delivered across the organisation to promote security awareness and reduce the risk of security incidents either be accident or intent.  As Lead Information Security expert this would involve facilitating workshops, running training sessions and attending cross directorate team meeting as necessary.
• Responsible for ensuring security risks assessments are undertaken for all new/upgraded information systems within NES, for example the completion of robust and comprehensive System Security Policies.
• Investigating Information Security issues \ threats to ensure minimal impact on NES, for example actual and suspected breaches of information security, providing when required written reports on each incident.

What you'll bring

These will include but are not restricted to;

• Excellent security skills as Lead Information Security Authority within NES with responsibility for the three main areas of Information Assurance which are Confidentiality, Integrity and Availability of all information within NES, and the associated Information Security Management Systems (ISMS), ensuring NES Security Policies are managed and updated by interpreting any and all national policy or legislative change.
• Provision of professional expertise in the design and implementation of an NES information security program, including the assessment of security risks and threats, provision of security training and education and advise to all NES Directorates and staff, and the implementation of information security tools, systems, policies and procedures, enforcement, and management of NES’s response to security threats and incidents.

If you are interested in this vacancy and would like further information, please refer to the information pack below which includes a copy of the Job Summary, Person Specification and Conditions of Service.
 
Unless otherwise stated the deadline for applications is 23:59 hours on the closing date.

Interview date: To be confimed