Chief Information Security Manager Permanent, Full Time Role GRADE VII Mercy University Hospital (MUH) MUH is a growing voluntary hospital in the heart of Cork City. We have over 1,500 staff providing complex diagnostic, medical and surgical care through our inpatient, day patient, outpatient and emergency services. We are a teaching hospital, a centre of national and international excellence, and are renowned for our research and tertiary services. MUH now has multiple sites across the city and continues to expand. We support staff development with approx. 100 promotions annually. We prioritise work life balance with 28% of our team working part time hours. We offer nationally agreed enhanced Salary Scales, Pension Scheme, excellent holidays, canteen, and Study Leave and Assistance. We live by our Core Values of Compassion, Excellence, Justice, Respect and Team Spirit. Chief Information Security Manager Role Primary point of contact for the MUH in relation to Cyber/Information Security. Under the leadership of the Head of ICT, the position is responsible for planning, developing, implementing and maintaining security programs, policies, and procedures that address risk and security requirements for the MUH. Key Responsibilities: Provide leadership, direction and guidance in assessing and evaluating cyber/information security risks and monitor compliance with security standards and appropriate policies. Lead in the development of Mature Cyber Security Environment attaining compliance with NIS2. Management of responses to Incidents and coordinator of the Incident Plan. Hospital representative in relation to cyber/information security, third party providers, HSE/Gov, compliance groups. Create the framework for information security governance and compliance in consultation with all the leadership team and other relevant stakeholders. Assist the Head of ICT in the development of the budget and short and long-range goals and objectives, as required. Key co-ordinator in the development of Information Security incident response plan. Ensuring the incident response plan is up to date and testing it regularly. Identifying gaps and opportunities in the security fabric. Introduction and review of new and existing Information Security Policies. Develop and maintain computer related policies and procedures; propose changes to existing policies and procedures to ensure operating efficiency and compliance. Perform risk assessments/audits and execute tests of data processing system to ensure functioning of data processing activities and security measures. Assess, evaluate and make recommendations to the Head of ICT regarding the adequacy of the security controls. Collaborate with ICT Team with disaster recovery/contingency plan and security plan; document computer security and emergency measures policies, procedures, and tests. Collaborate with ICT Team in selection of Security technology/Service (i.e. SIEM/SOC; DLP solutions, End point detection etc.). Monitor and report on violations of computer security procedures; discuss enforcement procedures with the Head of ICT to ensure violations are not repeated. Development, co-ordination, Implementation, support of Cyber Security Roadmap. Co-ordination of Cyber Reviews/Penetration Testing. Reporting on progress/gaps in Information/Cyber security. Confer with users to discuss issues such as computer data access needs, security violations, and programming changes. Train users and promote security awareness to ensure system security and to improve server and network efficiency. Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software; analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools. Keep abreast of information security issues and regulatory changes. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position. QUALIFICATIONS Technical Requirements: Relevant Degree in related discipline 8 years relevant working experience Project Management Skills Experience in Cyber Security Frameworks Strong Incident Management Experience Preferred Skills: Information Security Qualifications Knowledge of Cyber & Security Applications/Services Strong Technical Background in: Network Architecture Systems/Tech Architecture Databases/Architecture Network Management (LAN/WAN) Core Competencies (Candidate): COMMUNICATION: Excellent written and verbal communication, organised thought processes, polite and respectful of others, adapts presentations to the audience. ANALYSIS/PROBLEM SOLVING: thoroughly thinks out and evaluates alternatives, innovative problem resolution, pro-active approach, initiative to resolve problems. WORKLOAD MANAGEMENT: Works with little direction and supervision, timely completion of projects, makes time for unplanned assignments, adapts to changing priorities. ETHICS AND INTEGRITY: Perceived fairness; tolerance; honesty; consistent in application of policies and procedures of MUH. Job Specific Competencies: ACTION ORIENTATION: Persists and finishes projects despite obstacles, or redirects when necessary; takes action and addresses opportunities with little supervision; takes extra steps to prevent mistakes or create opportunities. CUSTOMER FOCUS: Communicates courteously and proactively, learns customers short-and long-term needs, sees issues from customers perspective. JUDGEMENT: Makes appropriate and sound decisions after weighing alternatives; follows policies and procedures; thoughtful consideration for others opinions; Managing the user and organisational expectations. Closing Date 1pm on Friday, 30th August 2024. Skills: Relevant Degree, 8+ yrs IT experience, Cyber Security Frameworks Exp, Project Management, Incident Management Benefits: Salary Scale, Pension, City Centre Location, Excellent Holidays, Subsidised Canteen
