Job ad sheds light on new NHS Digital CICSO role

NHS Digital is recruiting for a chief information and cyber security officer (CICSO) capable of leading the organisation’s response to major security incidents.

An ad for the role has recently appeared on the Guardian Jobs website. It states that the chief information and cyber security officer (CICSO) will specifically be responsible for devising an organisation-wide cyber security strategy and acting as point man-or-woman for all things cyber security-related.

This includes overseeing cyber security training for all staff up to board level, as well as strategising cyber-readiness tests.

“The CICSO will lead the system response to major incidents, and to our preparatory work for major incidents, including tests, drills and cyber-scenario activities,” the ad reads.

“This preparatory work includes the education of staff across the system, up to board level.”

The appointment of a national CICSO was one of the key recommendations in the WannaCry ‘lessons learned’ report penned by NHS England chief information officer Will Smart.

But the NHS and Department of Health have been criticised by MPs for implementing recommended measures too slowly. The Public Accounts Committee said it was “alarming” that no clear timetable had been set for implementation of the measures.

NHS Digital has, however, been seen to ramp up investments aimed at shoring up cyber security defences, including upgrading Microsoft software and developing better communication systems to be used in the event of attack.

The CICSO job advert explains the individual will oversee the operation and development of NHS Digital’s national security operations centre, in addition to designing procedures to “ensure the design and operation of secure services and products within NHS Digital, and building the standards, frameworks and operational protocols to facilitate secure systems operations across the health and care system”.

Based in either London or Leeds, the role comes with a pay packet of £130,000 a year.

The listing reads: “NHS Digital has a mandate to deliver a very broad and complex set of new technical applications, platforms, services and capabilities to support the transformation of health and care.

“It is imperative that these, and our existing services and products, particularly those that are classed as Critical National Infrastructure, are maintained at the highest level of stability, performance and security.

“There will undoubtedly be significant cyber incidents within the Health and Care system during the coming years.

“The WannaCry attack in 2017 had extensive, complex and long-term impacts within the system, and was a bellwether for cyber risk in the sector. A critical success factor will be building confidence in our ability to safeguard data and information.”