IT GRC Analyst

About us:

St Andrew’s Healthcare provides specialist care for people with challenging mental health needs. We are a charity, which means we do not make a profit, and any of our surplus income is re-invested into patient care. We are proud to put people first.

We provide care across a number of services, including Men’s Mental Health, Women’s Mental Health, Child and Adolescent Mental Health Services (CAMHS), Neuropsychiatry, Autistic Spectrum Disorder and Learning Disability. Our headquarters and largest site is in Northampton, but we also have facilities in Birmingham and Essex, which provide localised mental healthcare.

The role:

Reporting to the Head of IT Operations and Information Security, the ideal candidate will have experience of data security. ISO27001 activities in a commercial environment and will be looking to develop their skills in a fast-moving Healthcare Charity.

We will consider applications from people looking to work part-time or full-time. We will also consider candidates with limited experience in this area who can demonstrate a keenness to develop.

Your responsibilities will include:

• Create and maintain Information Security Policies.
• Provide guidance to the business on information security opportunities and issues.
• Develop plans for improving data protection and information security activities within our organisation.
• Work with business areas and the Learning and Development team to ensure that staff are trained in, and aware of, Information Security requirements.
• Carry out Audits within the business to assess the current state of play.
• Produce and maintain data protection documentation such as data processing registers, DPIAs etc.
• Support the Head of Information Security with Supplier security assessments etc.
• Work with the IT team to ensure GDPR compliance and data protection best practice through technology solutions.
• Maintain the Charity ISMS and ISO27001 compliance.

About you:

• You will have experience of implementing information security regimes. (ISO27001)
• You will have a good understanding of GDPR and its practical application.
• You will be able to operate with a high degree of discretion when dealing with personal data queries.
• You will have excellent interpersonal communication skills including the ability to deliver training sessions.
• You will have good influencing skills and be able to work across all levels within the organisation.
• You will have excellent written skills with experience of writing accessible Policies and Procedures.
• You will have a good understanding of the IT implications of ISO27001, but you do not need to be an IT expert.
• ISO27001 Audit experience beneficial but not essential
• You will be able to work on a number of projects simultaneously in a rapidly changing and dynamic business environment.

Why join us?

As one of the UK's largest providers of Mental Health accommodation, you will be joining a charity where people are at our core and the opportunity to develop your career is endless. We offer fantastic learning and development programmes and the ability to gain qualifications whilst supporting you all the way.

• Monday to Friday working 37.5 hours (office based until probation period then can work Hybrid) - we’re open to those looking for full time hours or alternatively working part time if this is a better option for you, we will also consider Hybrid working
• 27 days holiday entitlement plus 8 Bank Holidays with the ability to buy/sell 5 days
• Pension scheme.

Please note, we expect all staff to share our commitment of safeguarding and promoting the welfare of Patients so an enhanced DBS disclosure will be sought by the company

For more information, please get in touch with Andrew Waples, Head of It Operations & Information Security, amwaples@stah.org 01604 4872699