Talent.com
This job offer is not available in your country.
Chief Information Security Officer, Grade VIII

Chief Information Security Officer, Grade VIII

Tallaght University HospitalTallaght, County Dublin, Ireland
22 days ago
Job description

Job Title : Chief Information Security Officer, Grade VIII

Reference No : 06.019 (2025)

Department / Directorate : ICT Department

Reports to : Chief Information Officer (CIO)

Tallaght University Hospital (TUH) is a model 4, voluntary, academic teaching hospital partnered with Trinity College and situated in south west Dublin. With a staff of over 4,000 people from 63 different countries, it provides both acute and tertiary care to an increasing population of circa 800,000 people and is a provider of local, regional and national specialties. It is also a National Urology Centre, the second largest provider of dialysis services in the country, Pelvic and Acetabulum National Centre and a designated Trauma Unit.

The Hospital is part of the newly established HSE Dublin & Midlands Region, which serves a population of over 1.2 million across seven counties, and operates under the governance of an independent Board of Directors who give their time on a voluntary basis. TUH is also supported by the Adelaide Health Foundation, the Meath Foundation and Tallaght University Hospital Foundation.

TUH recognizes the role it plays in our community both as an employer and provider of healthcare and is committed to building a sustainable future for our region both now and into the future with a focus on patient outcomes.

The Hospital is ambitious, recognising that healthcare delivery is undergoing seismic change and will be different now and into the future, largely due to digital and technological advances along with research continuing to discover and test new treatment options. TUHwants to be a leader in determining that future. It is a “Hospital without Walls” always looking to optimise care both within and beyond in line with the Sláintecare vision of providing the right care, in the right place, at the right time whilst empowering our patients and staff.

TUH Vision and Values

The vision of the Hospital is “People Caring for People to Live Better Lives” through excellent health outcomes supported by evidenced based practice, positive patient and staff experience in an empowering and caring environment. A culture of innovation and quality improvement in everything we do.

Our TUH CARE values – for patients, their families, our community and staff are :

  • C ollaborate – together and with our academic and care partners
  • A chieve – our goals, positive outcomes and wellbeing
  • R espect – for patients, each other and our environment
  • E quity – for patients and staff
  • The CISO will report to the Chief Information Officer (CIO) and be part of the wider ICT Digital Health Leadership Team.
  • The successful candidate will have responsibility for the oversight of the Hospitals Cyber Security Programme. They will also contribute to the development of Hospitals policy and strategy in the area of Cyber Security.

The successful candidate will be responsible for a number of key tasks including but not limited to the following :

  • Maintaining and developing the Information Security Management System (ISMS), which is the foundation of Information Security Strategy.
  • Promoting awareness of ICT security throughout the Hospital
  • Reviewing new ICT and business projects to ensure security standards have been incorporated (i.e. security by design)
  • Managing the development and implementation of local and Group security policies, guidelines and rules & procedures
  • Adopting best practice from other similar organisations
  • Representing the Hospital on Cyber & Information System Security Committees and workgroups
  • Overseeing the investigation of security breaches and incidents to determine the root cause and implement appropriate resolutions
  • Undertake Cyber Security audits
  • Participate in both data privacy and risk management activities
  • Define security requirements and provide security guidance and support for technology and network projects through all project delivery stages.
  • Identify and present options for treating and mitigating Cyber Security Risks alongside supporting risk and issue management processes.
  • Support the delivery, on-boarding, troubleshooting and fine tuning of the operational security toolsets to improve their effectiveness.
  • Draft and implement the Hospitals Cyber Security Incident Response & Recovery Plan incl. training and table top exercises
  • Oversee Cyber Security Training Programme
  • Design and execute phishing exercises for Hospital staff
  • Building strong relationships with the management and personnel of the other functions within ICT as well as key stakeholders across the business
  • Establish and maintain strong relationships with our partners, holding them to account for their security deliverables, monitoring and advising on their compliance with TUH’s policies and standards.
  • Support ICT Disaster Recovery and Business Continuity planning activities.
  • Support the Cyber Security team in reporting, roadmap and resource planning.
  • Perform research activities around Cyber Security threats and incidents.
  • Maintain an in-depth knowledge of industry standards and have an evolving level of technical expertise relevant to the role.
  • Provide expert advice and mentorship to team members in need of advanced cybersecurity guidance, ensuring the team collectively upholds high standards
  • Establish and maintain cybersecurity compliance frameworks aligned with NIST CSF, NIS2, PART-IS, GDPR, and other regulations.
  • Conduct internal and external audits, translating findings into actionable security enhancements.
  • Develop assurance processes that drive strategic resilience against evolving threats.
  • Implement risk management frameworks and ensure effective communication of security risks across the organisation.
  • Provide subject matter expertise in incident response, vulnerability management, and security operations.
  • Collaborate with business and technology teams to align cybersecurity strategies with business objectives.
  • Stay ahead of evolving cybersecurity threats and regulatory changes through continuous horizon scanning and engagement with industry peers.
  • Establish and maintain strong relationships with regulators and external cybersecurity organisations.

    • General Accountability :

  • Maintain throughout the Hospital awareness of the primacy of the patient in relation to all Hospital activities.
  • Demonstrate behaviour consistent with the Values of the Hospital.
  • Create and promote healthy working relationships.
  • Commitment to continuous professional development including completion of relevant internal training programmes available through our Centre for Learning & Development Prospectus.
  • Strategy and Planning :
  • Assist the Chief Information Officer in the development of ICT strategies and plans.
  • Contribute to Hospital strategies and plans.
  • Implement effective monitoring processes to
  • ensure that the PPG’s are appropriately applied to individual programmes of work
  • ensure both highly complex programmes and small projects are delivered within time and on budget.
  • Provide (where required) specialist leadership across the ICT Procurement process, ICT contract negotiation business case development and contract development
  • Take overall responsibility for ensuring that successful third party suppliers provide services in line with agreed contractual arrangements as part of the effective delivery of the projects.
  • Provide line management and leadership for the Cyber Security Team to ensure the team understand and exceed the needs of the Hospital.
  • To be a decision making and influencing member of the ICT department Senior Management Team
  • Assist the Chief Information Officer in the development of the ICT operational plans and ICT roadmap / strategy ensuring appropriateness to the Hospitals requirements, taking full advantage of all emerging technologies and provides a path to achieve national objectives.
  • Provide timely advice relating to the provision of new ICT Services and Innovations by maintaining a watching brief on new technology, by visiting other sites, appropriate training and attendance at appropriate conferences.
  • Develop business cases in support of securing capital investment or alternatives funding streams, for the development of ICT.
  • Using expert experience ensure Cyber Security Team functions are cohesive within the ICT department and deliver on the Hospitals objectives.
  • To use expert knowledge and skills to actively support the development and implementation of the Hospitals eHealth Strategy / Digital Roadmap.
  • To ensure that the work carried out by the Cyber Security Team is always aligned to the delivery of the eHealth Strategy / Digital Roadmap.
  • To work with and advise the Chief Information Officer to develop the governance required to ensure that ICT is strategically managed and fully integrated into the Hospitals governance model.
  • Provide management support for the development of the ICT Programme plan ensuring priorities and dependencies are identified and understood
  • Provide specialist knowledge and advice on preparing and maintaining individual project plans, resource plans and reports using specialist project planning tools in support of the project planning cycle
  • Advise and identify relevant resources to ensure that they meet their projected end dates
  • Liaise with project staff, both internal and external to ensure that designated projects are delivered in a timely manner.
  • Develop quality review procedures and ensure that they are established across the Cyber Security Team to ensure they are effectively applied.
  • Provide support and assure the Information governance Group ensuring that appropriate PPG’s are maintained.

    • Leadership and staff management :

  • Completion of relevant training and availing of supports in the Leadership Academy including coaching, mentoring and leadership development as applicable.
  • Responsible for managing and prioritising the workload of the Cyber Security Team, ensuring that the portfolio of projects engaged in, optimise resources and deliver the most strategically significant projects and programs in accordance with the strategic priorities as outlined by the Hospital.
  • Manage the Cyber Security function and its staff highlighting the level of resources required for the provision of a quality service.
  • Advise the Hospital on the prioritisation of projects, innovation initiatives, and resource allocation to delivery optimum portfolios and support the achievement of strategic goals and deliver value to the Hospital.
  • Research emerging technologies, architectures, service models and products to determine their suitability for adoption at the hospital.
  • Develop and manage relationships with senior business sponsors
  • Use various funding sources to procure revenues to support initiatives
  • Plan and manage appropriate development of the Cyber Security Team
  • Ensure that all members of the Cyber Security Team are able to develop to their potential and exercise their responsibilities effectively.
  • Manage the Cyber Security Team ensuring that an efficient and effective service is provided to the Hospital.
  • Maintain staff compliance with all legislative and Hospital policies including the areas of Health and Safety, Hygiene / Infection Control and Quality / Risk Management
  • Take an active role in change management and reform
  • Work with ICT and other colleagues to lead out on the development of appropriate frameworks, standards, architectures, etc. as agreed with the Chief Information Officer.
  • Liaise with regulatory bodies (e.g. HIQA) re standards, guidelines, etc.

    • Service Delivery :

  • Lead procurements for relevant software and technologies where appropriate
  • Processing financial transactions
  • Manage the Cyber Security budget, ensuring that expenditure does not exceed income, identifying a budget that accurately reflects the Hospitals requirements.
  • Manage, deliver & monitor new processes, software and technologies ensuring value for money and appropriate service levels are achieved.
  • Manage and oversee staff as assigned
  • Support and participate in internal and external audit process
  • Respond to and assist in resolution of critical ICT Incidents

    • Research :

  • Research and develop those areas that will both improve the quality of service provision and reduce costs.
  • Provide support to other research projects that rely on the use of ICT.

    • Training :

  • To ensure that the Cyber Security Team are adequately trained, as appropriate to their role.
  • Fulfilling responsibilities for all mandatory and hospital mandated training (e.g. health and safety).

    • Communication :

  • Ensuring that all members of the Cyber Security Team understand their role and effectively contribute to the provision of a high quality service
  • Provide briefings to ICT and Hospital staff.
  • Liaise with other managers regularly, sharing experience and skills as appropriate.

    • Policy and Information :

  • Develop and deploy best practice policies, procedures, guidelines, processes and process frameworks.
  • Develop and implement appropriate performance SLA’s where required.

    • Data Security

  • Work with ICT colleagues to safeguard information from unauthorised use, modification, disclosure, or destruction.
  • Contribute to the TUH response to information security vulnerabilities and incidents, including the recording, investigating, and reporting of incidents and vulnerabilities, as well as the implementation of policy changes following an investigation.
  • Provide advice on the adequacy of technical measures in addressing risks to data held by TUH.

    • Resource Management

  • Support senior managers, for the delivery of all services within the assigned service area in line with nationally defined frameworks, standards, policies, and resources where applicable.
  • Responsible for delivery of key targets by ensuring a robust control system is put in place.
  • Monitor income and expenditure on an ongoing basis take corrective action where appropriate in consultation with the CIO.
  • Develop effective and robust collaborative / team working relationships with key internal and external stakeholders.
  • Liaise with Head of Risk and Head of Quality or nominated senior manager where appropriate with respect to risk, incident management and quality improvement.
  • Participate on interview boards and attend meetings as required.

    • Managing & Delivering Results (Operational Excellence)

  • A proven ability to prioritise, organise and schedule a wide variety of tasks and to manage competing demands while consistently maintaining high standards and positive working relationships.
  • The ability to improve efficiency within the working environment and the ability to evolve and adapt to a rapid changing environment.
  • A capacity to operate successfully in a challenging operational environment while adhering to quality standards.
  • Strong evidence of excellent planning and implementation of programmes of work.
  • A capacity to negotiate and then ensure delivery on objectives.
  • Strong focus on achieving high standards of excellence and measurement of performance.
  • The ability to take personal responsibility to initiate activities and drive objectives through to a conclusion.

    • Leadership, Direction & Team working Skills :

  • Effective leadership in a challenging and busy environment and can proactively identify areas for improvement, exploring possible solutions with a strong service and customer centric focus.
  • An aptitude for strategic thinking, coupled with leadership skills and the ability to motivate and lead specialist professionals.
  • Motivation and an innovative approach to the job within a changing working environment.
  • Team building and management skills including the ability to work collaboratively with multi-disciplinary / multi-sectoral team members.
  • A capacity to balance change with continuity – continuously strives to improve service delivery, to create a work environment that encourages creative thinking and to maintain focus, intensity, and persistence, even under increasingly complex and demanding conditions.

    • Critical Analysis, Problem Solving and Decision Making :

  • The ability to evaluate complex information from a variety of sources and make effective decisions.
  • Excellent analytical skills to enable analysis, interpretation of data and data extraction from multiple data sources.
  • The ability to make timely decisions and to adhere to those decisions as required.
  • Effective problem solving in complex work environments.
  • Significant experience in effective operational problem solving utilising an inclusive approach which fosters learning and self-reliance amongst teams.

    • Building & Maintaining Relationships / Interpersonal Skills

  • Excellent interpersonal and communications skills to facilitate work with a wide range of individuals and groups.
  • A track record of building and maintaining key internal and external relationships in achieving organisational goals.
  • The ability to lead, direct and influence multiple stakeholders and ensure buy-in to plans and their implementation.
  • An ability to influence and negotiate effectively in furthering the objectives of the role.
  • Effective conflict management skills.

    • Communication Skills

  • The ability to present information clearly, concisely, and confidently when speaking and in writing tailoring to meet the needs of the audience.
  • Excellent written communication skills including the ability to produce professional reports.

    • Personal Commitment and Motivation

  • A strong commitment to providing a quality service.
  • Be driven by the values, aims and ethos of TUH.
  • Demonstrate a service user centred approach to provision of health and personal social services.
  • Undertake continuing education and professional development in line with updates in with relevant laws, regulations, and industry standards related to information security.

    • Risk Management :

  • Contribute to a quality patient safety and risk culture
  • Maintain the dept. risk register and participate in overall hospital risk. Management process where applicable.
  • Identify and Analyise potential vulnerabilities in the organization's ICT infrastructure and data assets, developing and implementing measures to mitigate those risks

    • Analytical and Judgement skills

  • This role incorporates the role Chief Information Security Officer for the Hospital as such there is a requirement to ensure that Cyber Security training is maintained and that knowledge is continually updated in line with GDPR requirements and decisions.
  • To analyse, assess and interpret new and current service developments, ensuring that information governance (both legal and ethical) is taken into account from the outset.
  • To address and resolve issues, working with colleagues across the organisation to establish best practice
  • Make judgements, based on expert knowledge, where expert opinion may differ or be conflicting.

    • Qualifications & Experience required

    Your application should demonstrate the qualifications and experience required as outlined below :

  • Degree in relevant field
  • 3 years relevant experience in a senior-level cybersecurity role
  • Minimum of 3 years Supervisory / Management experience.
  • Relevant certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA)
  • Extensive knowledge of information security principles, cybersecurity frameworks (e.g., NIS 1, NIS 2 and NIST 800-53, TISAX, ISO 27001), and risk management practices.
  • Working knowledge of security auditing, vulnerability assessments, and risk mitigation.
  • Experience with security technologies such as firewalls, intrusion detection systems, SIEMs, and encryption protocols.
  • Solid knowledge of data privacy regulations and compliance requirements.
  • Ability to develop and implement complex security strategies.
  • Proven experience at senior management level including financial management, people management and programme management.
  • Strong leadership and communication skills, with the ability to influence decision-making at the executive level.
  • Expertise in running Security Operations, Security Incident and Event Management, and Managed Detection & Response services
  • Strong analytical and problem-solving skills with a keen eye for identifying potential risks and vulnerabilities.
  • Ability to manage a team of security professionals and work cross-functionally with IT, legal, and compliance teams
  • A demonstrated commitment to Continuous Professional Development (CPD) and Innovation.

    • Desirable :

  • Masters in a relevant field
  • Experience in the Health Sector environment
  • MSc Information Security or equivalent Cyber / IT related discipline.
  • Knowledge of the healthcare cybersecurity threat landscape and healthcare-specific attack vectors

    • Reward & Recognition

  • Remuneration is in accordance with the Department of Health Consolidated Salary Scales, 1st March 2025.

    • 81,444 - €98,231

  • The appointment is full-time, permanent and pensionable
  • The annual leave entitlement is 30 working days pera year. The leave year runs from 1st April to the 31st of March each year
  • Normal working hours are 37 worked over 5 days. Your contracted hours of work are liable to change between the hours of 8 am to 8 pm over 7 days to meet the requirements for extended day services in accordance with the terms of the Framework Agreement
    • Create a job alert for this search

    Information Security • Tallaght, County Dublin, Ireland