Job Description Job Title: Information Security Manager Department: IT Reports to: Chief Information Officer Date: 2024 Overall Purpose of Job The Mission of Beacon Hospital is to provide quality patient care in an environment that is respectful, compassionate and caring.
We are seeking a skilled and experienced Cybersecurity Manager to lead our organisation's cybersecurity efforts.
This role involves providing strategic leadership, managing cybersecurity risks, ensuring compliance with regulations and standards, and coordinating with various stakeholders to maintain a secure IT environment.
The ideal candidate will have a deep understanding of cybersecurity frameworks, incident management, and policy development, with a proven track record of building and maintaining a robust security posture.
Key Responsibilities and Deliverables Leadership and Strategy: Provide strategic leadership and guidance in assessing and managing cybersecurity and information security risks.
Develop and implement a mature cybersecurity environment in line with NIS2 compliance requirements.
Lead the creation and execution of the organization's cybersecurity roadmap, ensuring alignment with business goals and regulatory requirements.
Risk Management and Compliance: Conduct thorough risk assessments and audits to evaluate the effectiveness of security controls and identify areas for improvement.
Monitor compliance with cybersecurity standards, policies, and regulations, ensuring that all systems and processes meet or exceed industry benchmarks.
Collaborate with internal teams to develop a comprehensive information security governance framework, engaging with leadership and relevant stakeholders.
Incident Response and Management: Manage and coordinate responses to cybersecurity incidents, ensuring swift resolution and minimal impact on operations.
Maintain and regularly update the incident response plan, conducting periodic tests to ensure readiness and effectiveness.
Act as the primary point of contact for cybersecurity incidents, liaising with third-party providers, HSE/Government, and compliance groups.
Policy Development and Implementation: Develop, review, and update information security policies and procedures to enhance the organization's security posture and operational efficiency.
Identify gaps and opportunities within the security framework and recommend actionable improvements.
Oversee the introduction of new security policies and ensure they are effectively communicated and enforced across the organization.
Technology and Infrastructure: Collaborate with the IT team to select and implement appropriate security technologies and services, including SIEM/SOC, DLP solutions, and endpoint detection tools.
Research, evaluate, and recommend new or updated security hardware and software, analysing their impact on the existing environment.
Partner with the IT team on disaster recovery, contingency planning, and security strategies, ensuring robust documentation of policies, procedures, and emergency measures.
Training and Awareness: Train users and promote security awareness to ensure compliance with security protocols and improve overall system security.
Conduct regular workshops and training sessions to keep staff informed about the latest cybersecurity threats and best practices.
Monitoring and Reporting: Monitor and report on violations of security policies and procedures, working with the CIO to implement corrective actions and prevent future breaches.
Provide regular updates on cybersecurity progress, highlighting key achievements, gaps, and areas for improvement.
Professional Development: Stay current with emerging cybersecurity trends, technologies, and regulatory changes to ensure the organization remains ahead of potential threats.
Engage in continuous professional development to enhance skills and knowledge essential for the role Person Specification Qualifications Information Security Qualifications Knowledge of Cyber & Security Applications/Services Strong Technical Background in: Network Architecture Systems/Tech Architecture Databases/Architecture Network Management (LAN/WAN) Experience in the healthcare industry or similar regulated environments.
Experience Proven experience in cybersecurity management, with a strong background in risk assessment, incident response, and policy development.
Extensive knowledge of cybersecurity frameworks such as NIST 2.0, NIS2 compliance, ISO27001.
Strong Incident Management Experience Job Specific Competencies and Knowledge Previous experience working in a technical management role, in a helpdesk environment Excellent understanding of customer service and complaint management Experience working with a Self-Service ticketing system Proficiency in the use of Microsoft Office applications including Outlook, Word, Excel, and PowerPoint Personal Competencies Experience with security technologies and tools, including SIEM, SOC, DLP solutions, and endpoint detection systems.
Excellent leadership, communication, and project management skills, with the ability to collaborate effectively with diverse teams and stakeholders.
Strong analytical skills and attention to detail, with the ability to identify and address security gaps and vulnerabilities This job description is intended to be an outline of the areas of responsibility and deliverables at the time of its writing. As the Hospital and the post holder develop, this job description may be subject to review in light of the changing needs of the Hospital.
