Senior Digital Risk Consultant (Annex 21 Trainee)
The closing date is 11 July 2026.
We are actively recruiting to new training roles within MIAA which will strengthen our technology risk assurance provision by providing successful candidates with a structured training and reward programme that will enable them to progress to an NHS Agenda for Change Band 8a position when full experience and qualification criteria are met.
Training
The successful candidates will be supported to complete relevant professional certifications and qualifications including:
- CISA – Certified Information System Auditor
- CISSP – Certified Information Systems Security Professional
- CIISEC – Chartered Institute of Information Security at levels progressing from Associate to Principal.
You will receive a full study package to ensure that you successfully complete your professional qualifications and certifications. This includes time off to study, attend college and complete online courses.
We support all of our trainees with a blended approach to training and development including professional study, 1:1 coaching and soft skills training.
For further information relating to salary please see annex 21 fact sheet.
- Hours: 37.50 (Monday to Friday)
- Contract: Training
- Location: Based at Regatta Place, Liverpool with hybrid working and operating across all MIAA clients.
Main duties of the job
The postholder will, through their development and training period:
- Take responsibility for the operational elements of client relationship management for a portfolio of digital risk audit plans and assigned consultancy reviews and services including the personal conduct of highly complex/technical assignments.
- Conclude upon the effectiveness of highly complex digital risk management, contributing to the Head of Internal Audit Opinion and Statements of Internal Control as required, and supporting service improvement and resilience with refined negotiating skills to describe contentious issues and drive improvement.
- Direct and supervise staff and contractors to deliver the allocated assignments and services on time, to budget and to quality standards.
- Report to relevant senior client-side officers and committees as required.
- Respond to a broad range of highly sensitive, technical, and complex queries from clients and staff.
- Assess and report on the extent to which highly complex client systems operate securely and effectively.
- Provide highly complex advice and guidance to clients and colleagues.
- Support the identification and mitigation of highly complex digital risks across clients.
As the role involves work directly at our client sites, the ability to travel will be an essential part of the role.
About us
MIAA is an NHS shared service hosted by Liverpool University Hospitals NHS Foundation Trust. It is a leading provider of assurance and solutions services to more than 60 NHS, public, and third‑sector organisations.
MIAA offers clients a number of services including internal audit, consultancy, anti‑fraud services, technology risk, clinical coding audits and training.
We are committed to equity, equality, diversity and inclusion, welcoming applications from people of all backgrounds, identities and lived experiences.
- Staff benefit from flexible/hybrid working, a generous pension scheme, protected learning time and opportunities for development and career progression.
- We promote a respectful, supportive and flexible working environment and operate zero tolerance to bullying, harassment and discrimination.
- Applicants with a disability who meet the essential criteria will be offered an interview, and reasonable adjustments will be made throughout recruitment and employment.
Job responsibilities
Produces, agrees, and oversees delivery of highly complex risk‑based digital plans with allocated clients/assignments that are designed to produce sufficient assurances to fulfil the requirements of the Head of Internal Audit Opinion on the effectiveness of internal control. Actively identifies, defines, and delivers/oversees the highly complex advisory assignments and services specific to the needs of clients with a view to increasing and securing income from such activities.
Manages the planning, conduct, output and opinions for highly complex digital assurance, consultancy, and services for allocated clients/assignments within agreed deadlines, budgets, and quality standards. Operates as budget holder for allocated advisory assignments and services requiring the planning and organising of complex activities and programmes, often extending over multiple years, to ensure income is recovered, costs contained and outputs delivered.
Manages and develops the key relationships with allocated clients, particularly the Chief Information/Digital Officer, Chief Clinical Information Officer, Chief Nursing Information Officer, Senior Information Risk Owner, Data Protection Officer, Caldicott Guardian as well as other senior digital staff. Provides highly complex advice to allocated clients, either directly or through colleagues, on technology/digital risk, either current or emerging, in the context of care, service and business activities.
Responsibility for ensuring allocated plans are incorporated into the overall planning of resources and commitments for the function. Plans and organises the work schedule for allocated staff to ensure weekly, monthly, quarterly, and annual timetables are delivered particularly with regard to Audit Committee deadlines.
Personally conducts a range of highly complex and highly technical assignments for reporting to senior management and relevant committees. This will often involve significant research and development activity. Conducts research on behalf of the function, MIAA and the wider community to develop and pilot approaches to emerging areas.
Makes recommendations as appropriate often involving significant proposed changes to working practices and procedures, often involving the adoption of new technologies, following policy implementation across multiple areas and NHS organisations. These routinely will involve contributing to service redesign and providing benchmarking information. Undertakes highly complex systems reviews that conclude upon the effective management of digital risk.
Person Specification
Qualifications
- Level 7 qualification in an Informatics or Cyber Security subject/equivalent. Examples include Masters degree or equivalent.
- Qualification in Computer Audit OR Certified Information System Auditor OR demonstrable significant experience in the field if IT/IS audit.
- Certified information security manager.
- Certified data protection officer.
- PRINCE 2 project management or Managing Successful Programmes.
- CHECK team member.
Experience
- Must have senior experience of working in audit and consultancy or within a senior role in digital delivery.
- Demonstrable understanding of the role of audit and consultancy and relevant techniques for delivery.
- Must have significant experience of recruiting, developing, managing, and supervising staff.
- Must have experience of working in the NHS or other public sector organisation resulting in a developed understanding of the digital systems, risks and processes. Alternative experience in an equivalent organisation may be acceptable.
Knowledge
- Must have a full and mature understanding of NHS and public sector structures, policy, functions and digital systems together with the aptitude to build on that knowledge.
- Must have a full understanding of the digital agenda, corporate governance, risk management and assurance principles and practice.
- Must have a full and mature understanding of audit and IM&T principles and practice, together with the aptitude to build on that knowledge.
- Specific technical knowledge including: processes, tools, and techniques of information security management, protection of information and information systems whilst ensuring their integrity, confidentiality and availability, application security, data loss prevention, access control and intrusion, vulnerability assessment tools, techniques, models and systems, endpoint security configuration and monitoring/testing, in‑depth knowledge of IT security and data protection, network monitoring, analysis tooling and techniques.
Skills
- Excellent verbal and written communication skills to enable complicated digital issues to be explained to a range of staff.
- Excellent analytical skills and ability to collate complex data from various sources.
- Strong supervision, team building, staff management, coaching, mentoring and staff development skills.
- Ability to negotiate, persuade and influence, sometimes in a setting that is unresponsive or hostile to audit findings.
- High level of numeracy and keyboard skills.
- Ability to make judgements and recommendations in the context of complex systems and risk and materiality of findings.
- Good time management skills and the ability to work to tight deadlines.
- Ability to contribute to corporate strategic direction.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Salary range: £38,850 – £48,562 (Depending on experience).
#J-18808-Ljbffr…
