Portsmouth Hospitals University NHS Trust

IT Security Architect

Information:

This job is now closed

Job summary

This is a leading senior technical role within the Portsmouth Hospitals University NHS Trust (PHU) Trust Cyber Security team with accountability for the definition of the security solutions and architecture for applications, information and infrastructure as PHU transform the underlying IT supporting the business.

The role will be responsible for secure IT solutions as the PHU transforms the way it provides services; maximising their availability, integrity and security for end-users and optimise the value gained by the Trust from its investment in IT.

The post holder will work with PHU business areas to understand and shape their security requirements, ensuring that patient data and other assets are secured, whilst enabling open and modern secure digital services. You and will be accountable for the control of the IT Security technical design documents which define the end state architecture for the PHU.

Responsibilities includes providing security advice and key constraints to PHU technology & business teams team in ensuring project deliveries remain aligned to the the defined risk appetite. You will be actively involved in defining secure solutions for the Trust.

Main duties of the job

Play a leading senior technical role in the provision of effective, efficient and fully integrated ICT operational services that maximise their availability, integrity and security for end-users and optimise the value gained by the Trust from its investment in ICT. This will be achieved by:

- Designing, building and overseeing the implementation of network and computer security with varying complexities ensuring business strategies and processes are considered in translation to IT solutions.

- Ability to operate across organisation and computer technology silos to drive common security approaches across the Trust enterprise architecture.

- Acting as champion for the departments Security processes, establishing, implementing, operating, monitoring, reviewing, maintaining and improving the Information Security Management System (ISMS).

- Provide leadership in securing the enterprise architecture technologies when working with external vendors, suppliers and other stakeholders.

- Using Risk assessment procedures recommend and document security controls and identify solutions that support a business objective.

- As a senior-level employee, you'll be responsible for creating complex security structures and ensuring they work.

- Acting as the IT Security champion for any external or internal security audits & penetration checks. Leading on the remediation plans and securing the required funding as required.

About us

The Trust is committed to driving excellence in care for our patients and communities and was rated good by the Care Quality Commission report published 2020 and became a University Hospital. We are ranked as the third in the country for research; embedding education and training across the organisation and we continuously strive to achieve our core values which are at the heart of everything we do. The Trusts main hub is the Queen Alexandra Hospital, starting life as a military hospital over a century ago and now one of the largest hospitals on the south coast and you may have seen us on the TV series Nurses on the Ward. The Trust provides comprehensive secondary care and specialist services to a local population of 675,000 people across South East Hampshire. The Trust employs over 8,000 staff and are #ProudtobePHU; our patients come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because its the right thing to do, but because it makes our hospital stronger. If you share our values and our enthusiasm for providing outstanding care and support for patients, colleagues and our community you will find a home at PHU. In recruiting for our team, we welcome the unique contributions that you can bring in terms of your education, opinions, culture, ethnicity, race, sex, gender identity and expression, nation of origin, age, languages spoken, veterans status, colour, religion, disability, sexual orientation and beliefs.

Details

Date posted

13 March 2023

Pay scheme

Agenda for change

Band

Band 8a

Salary

£48,526 to £54,619 a year

Contract

Permanent

Working pattern

Full-time

Reference number

C8192-CS-23-0321

Job locations

Queen Alexandra Hospital

Southwick Hill Road

Cosham

Portsmouth

PO6 3LY


Job description

Job responsibilities

Responsibilities

1. Acquire a complete understanding of the trusts enterprise architecture including, business processes, technology and information systems.

2. Responsible for the technology security standards, lead engineer for security technology platforms and tools.

3. Plan, research and design security architectures for both technical and business led projects.

4. Perform vulnerability testing, risk analyses and security assessments.

5. Research security standards, security systems and authentication protocols.

6. Review and approve installation of firewall, VPN, IDS and NAC policies and devices.

7. Define, implement and maintain trust security polices and procedures.

8. Respond immediately to security-related incidents and provide a thorough post-event analysis.

9. Act as a champion of knowledge and skills in security specific areas of technologies, sharing these skills and knowledge with colleagues within the department. Develop staff so they have the ability to better understand how the Security architecture and IT components interact with each other.

System Design & Hosting

10. Working alone or leading a project team on highly complex IT systems and modifications to existing IT systems, or with partners, vendors or colleagues on complex enterprise systems.

11. Specifies user/system technical security requirements, including the overall management of the system implementation and transition in to the IT Service Delivery department.

12. Designs and completes detailed analysis and hardening of systems/infrastructure ensuring they meet security standards.

13. Designs and executes test plans to ensure security structures behave as expected.

14. Define and document security standards for all elements of the IT architecture.

15. Documents all work using required standards, methods and tools, including internal tools where appropriate.

16. Prepares and maintains operational documentation for relevant system software within the Trust Data Centre. Advises other IT staff on the correct and effect use of system software.

17. Collects performance data to monitor system efficiencies against either published service level agreements or vender best practice thresholds. Monitors both resource usage and failure rates of installed systems and provides feedback to relevant IT staff.

18. Gathers security statistics from the hosted IT Systems to enable recommendations for the hardening of System Infrastructure. Initiate system changes to maximize security.

Infrastructure Developments/Innovation

19. Contribute high-level specialist expertise to the development and innovation of IT security strategies and wider IT strategies as appropriate.

20. Manage the successful implementation of new or modified architecture elements within approved IT development projects to meet project timescale and budgetary targets.

21. Keep abreast of Security developments and technologies in order to effectively carry out the duties of the post and make recommendations for bringing benefits to our customers and improving security.

Hard Skills

Knowledge of the following technical skills would be desirable:

22. Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.

23. ISO 27001/27002.

24. Microsoft Windows, UNIX and Linux operating systems.

25. Perimeter security controls Firewall (Checkpoint preferable), IDS/IPS, Network access controls and network segmentation.

26. Router, Switch and VLAN security; wireless security.

27. Security concepts relating to DNS, routing, authentication, VPN, proxy services and DDOS mitigation.

28. Monitor, proactively analyse traffic for security threats and mitigate identified security incidents that have emerged.

Emerging Skills

29. Skills to innovate solutions that provide value both in terms of defensive/protective measures and reduce the time to detect and contain attacks.

30. Skills to align business and security objectives and speak the cost-benefit language, especially as it gets easier, cheaper and faster to deploy cloud-based solutions.

31. Skills to integrate the tool sets to better manage the threats, vulnerable systems and ultimately know what to protect and how.

Security

32. Sets security policies and influences IT Users in defining their needs for new access rights and privileges.

33. Provides professional advice for enquires related to clinical information and personal information security.

34. Provides professional technology subject matter expertise advice to the departments business contingency planning.

Job description

Job responsibilities

Responsibilities

1. Acquire a complete understanding of the trusts enterprise architecture including, business processes, technology and information systems.

2. Responsible for the technology security standards, lead engineer for security technology platforms and tools.

3. Plan, research and design security architectures for both technical and business led projects.

4. Perform vulnerability testing, risk analyses and security assessments.

5. Research security standards, security systems and authentication protocols.

6. Review and approve installation of firewall, VPN, IDS and NAC policies and devices.

7. Define, implement and maintain trust security polices and procedures.

8. Respond immediately to security-related incidents and provide a thorough post-event analysis.

9. Act as a champion of knowledge and skills in security specific areas of technologies, sharing these skills and knowledge with colleagues within the department. Develop staff so they have the ability to better understand how the Security architecture and IT components interact with each other.

System Design & Hosting

10. Working alone or leading a project team on highly complex IT systems and modifications to existing IT systems, or with partners, vendors or colleagues on complex enterprise systems.

11. Specifies user/system technical security requirements, including the overall management of the system implementation and transition in to the IT Service Delivery department.

12. Designs and completes detailed analysis and hardening of systems/infrastructure ensuring they meet security standards.

13. Designs and executes test plans to ensure security structures behave as expected.

14. Define and document security standards for all elements of the IT architecture.

15. Documents all work using required standards, methods and tools, including internal tools where appropriate.

16. Prepares and maintains operational documentation for relevant system software within the Trust Data Centre. Advises other IT staff on the correct and effect use of system software.

17. Collects performance data to monitor system efficiencies against either published service level agreements or vender best practice thresholds. Monitors both resource usage and failure rates of installed systems and provides feedback to relevant IT staff.

18. Gathers security statistics from the hosted IT Systems to enable recommendations for the hardening of System Infrastructure. Initiate system changes to maximize security.

Infrastructure Developments/Innovation

19. Contribute high-level specialist expertise to the development and innovation of IT security strategies and wider IT strategies as appropriate.

20. Manage the successful implementation of new or modified architecture elements within approved IT development projects to meet project timescale and budgetary targets.

21. Keep abreast of Security developments and technologies in order to effectively carry out the duties of the post and make recommendations for bringing benefits to our customers and improving security.

Hard Skills

Knowledge of the following technical skills would be desirable:

22. Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.

23. ISO 27001/27002.

24. Microsoft Windows, UNIX and Linux operating systems.

25. Perimeter security controls Firewall (Checkpoint preferable), IDS/IPS, Network access controls and network segmentation.

26. Router, Switch and VLAN security; wireless security.

27. Security concepts relating to DNS, routing, authentication, VPN, proxy services and DDOS mitigation.

28. Monitor, proactively analyse traffic for security threats and mitigate identified security incidents that have emerged.

Emerging Skills

29. Skills to innovate solutions that provide value both in terms of defensive/protective measures and reduce the time to detect and contain attacks.

30. Skills to align business and security objectives and speak the cost-benefit language, especially as it gets easier, cheaper and faster to deploy cloud-based solutions.

31. Skills to integrate the tool sets to better manage the threats, vulnerable systems and ultimately know what to protect and how.

Security

32. Sets security policies and influences IT Users in defining their needs for new access rights and privileges.

33. Provides professional advice for enquires related to clinical information and personal information security.

34. Provides professional technology subject matter expertise advice to the departments business contingency planning.

Person Specification

Qualifications

Essential

  • Degree level qualification or equivalent in computer science, Cyber security or a related field.
  • Technical accreditation in at least two or more of the following; Microsoft Certified Systems Engineer (MCSE) Cisco Certified Network Associate Security (CCNA Security), VMware VCP.
  • ITIL Foundation Certificate.
  • Evidence of continuing professional development.

Desirable

  • ITIL Practitioner qualification.
  • CISSP: Certified Information Systems Security Professional.
  • CISSP-ISSAP: Information Systems Security Architecture Professional.
  • CISM: Certified Information Security Manager.
  • CEH: Certified Ethical Hacker.
  • CSSA: Certified SCADA Security Architect.
  • CCP: CESG Certified Professional.
  • Cisco Cybersecurity specialist (SCYBER).
  • Cisco Certified Network Professional Security (CCNP Security).
  • Cisco Certified Internetwork Expert Security (CCIE Security).
  • Enterprise architecture frameworks such as TOGAF, SABSA.
  • Checkpoint (CCSA, CCSE, CCMSE, CCSM).
  • BCS Practitioner in Information Assurance Architecture.
  • GIAC Global Information Assurance Certifications.

Experience

Essential

  • Advanced theoretical and enterprise knowledge across three or more information technology platforms: Server Virtualisation, Desktop Virtualisation, Data & Voice Networking, Messaging, Storage Area Networks, Security, Mobility, Server & Peripheral Hardware.
  • Advanced theoretical and enterprise knowledge across Network Data & Infrastructure Security.
  • Significant experience of pragmatic Security risk assessments through frameworks of security controls and security management strategies.
  • Significant experience of IT Service Management, Incident Management, Problem Management, Change Management, Performance Management & Availability Management.
  • Significant experience of Security Architecture Design.
  • Significant experience in leading highly complex technical and security problems to resolution, including team management and managing external suppliers.
  • Significant experience in leading project delivery of technical projects.
  • Experience in assisting with report writing, being operating procedures, options appraisals, Security policy writing, risk analysis, user guides.
  • At least 5-10 years of relevant IT experience, including exposure to business planning, systems analysis and application development.

Desirable

  • At least 3-5 years of relevant IT experience devoted specifically to security.
  • Knowledge and understanding of the HSCIC Information Governance guidance, including but not limited to:-
  • Confidentiality - Standards of practice for health record confidentiality,
  • IG Toolkit - IC standards and guidance for NHS and partner organisations,
  • Information Security - Safeguards and guidelines for protecting patient data, NHS Codes of Practise and legal obligations, Information Governance Alliance (IGA), National Data Guardian (NDG).

Skills & Knowledge

Essential

  • Excellent interpersonal and explanatory skills in dealing with a wide range of information technology users from skilled to ICT-illiterate.
  • Excellent verbal/written communication skills, with the ability to present within a group.
  • Good team-player, highly motivated individual to support the delivery of an efficient, effective customer-focused support service.
  • Good presentation and negotiation skills to produce and present formal proposals and get proposals accepted.
  • Excellent planning and time-management skills.
  • Good negotiating and relationship-building skills to gain maximum benefit for customers from software suppliers and internal ICT providers.
  • Able to set clear and appropriate priorities, with the ability to deal with conflicting demands, unpredictable work patterns, and multiple deadlines.
  • Good technical knowledge to understand and resolve enterprise technical problems.
  • Excellent knowledge of data protection and information security/governance issues.
  • Good knowledge of providing proactive IT System/Network performance monitoring.

Desirable

  • Security monitoring detection and response software.
Person Specification

Qualifications

Essential

  • Degree level qualification or equivalent in computer science, Cyber security or a related field.
  • Technical accreditation in at least two or more of the following; Microsoft Certified Systems Engineer (MCSE) Cisco Certified Network Associate Security (CCNA Security), VMware VCP.
  • ITIL Foundation Certificate.
  • Evidence of continuing professional development.

Desirable

  • ITIL Practitioner qualification.
  • CISSP: Certified Information Systems Security Professional.
  • CISSP-ISSAP: Information Systems Security Architecture Professional.
  • CISM: Certified Information Security Manager.
  • CEH: Certified Ethical Hacker.
  • CSSA: Certified SCADA Security Architect.
  • CCP: CESG Certified Professional.
  • Cisco Cybersecurity specialist (SCYBER).
  • Cisco Certified Network Professional Security (CCNP Security).
  • Cisco Certified Internetwork Expert Security (CCIE Security).
  • Enterprise architecture frameworks such as TOGAF, SABSA.
  • Checkpoint (CCSA, CCSE, CCMSE, CCSM).
  • BCS Practitioner in Information Assurance Architecture.
  • GIAC Global Information Assurance Certifications.

Experience

Essential

  • Advanced theoretical and enterprise knowledge across three or more information technology platforms: Server Virtualisation, Desktop Virtualisation, Data & Voice Networking, Messaging, Storage Area Networks, Security, Mobility, Server & Peripheral Hardware.
  • Advanced theoretical and enterprise knowledge across Network Data & Infrastructure Security.
  • Significant experience of pragmatic Security risk assessments through frameworks of security controls and security management strategies.
  • Significant experience of IT Service Management, Incident Management, Problem Management, Change Management, Performance Management & Availability Management.
  • Significant experience of Security Architecture Design.
  • Significant experience in leading highly complex technical and security problems to resolution, including team management and managing external suppliers.
  • Significant experience in leading project delivery of technical projects.
  • Experience in assisting with report writing, being operating procedures, options appraisals, Security policy writing, risk analysis, user guides.
  • At least 5-10 years of relevant IT experience, including exposure to business planning, systems analysis and application development.

Desirable

  • At least 3-5 years of relevant IT experience devoted specifically to security.
  • Knowledge and understanding of the HSCIC Information Governance guidance, including but not limited to:-
  • Confidentiality - Standards of practice for health record confidentiality,
  • IG Toolkit - IC standards and guidance for NHS and partner organisations,
  • Information Security - Safeguards and guidelines for protecting patient data, NHS Codes of Practise and legal obligations, Information Governance Alliance (IGA), National Data Guardian (NDG).

Skills & Knowledge

Essential

  • Excellent interpersonal and explanatory skills in dealing with a wide range of information technology users from skilled to ICT-illiterate.
  • Excellent verbal/written communication skills, with the ability to present within a group.
  • Good team-player, highly motivated individual to support the delivery of an efficient, effective customer-focused support service.
  • Good presentation and negotiation skills to produce and present formal proposals and get proposals accepted.
  • Excellent planning and time-management skills.
  • Good negotiating and relationship-building skills to gain maximum benefit for customers from software suppliers and internal ICT providers.
  • Able to set clear and appropriate priorities, with the ability to deal with conflicting demands, unpredictable work patterns, and multiple deadlines.
  • Good technical knowledge to understand and resolve enterprise technical problems.
  • Excellent knowledge of data protection and information security/governance issues.
  • Good knowledge of providing proactive IT System/Network performance monitoring.

Desirable

  • Security monitoring detection and response software.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website (opens in a new window).

Additional information

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website (opens in a new window).

Employer details

Employer name

Portsmouth Hospitals University NHS Trust

Address

Queen Alexandra Hospital

Southwick Hill Road

Cosham

Portsmouth

PO6 3LY


Employer's website

https://www.porthosp.nhs.uk/work-for-us/ (Opens in a new tab)

Employer details

Employer name

Portsmouth Hospitals University NHS Trust

Address

Queen Alexandra Hospital

Southwick Hill Road

Cosham

Portsmouth

PO6 3LY


Employer's website

https://www.porthosp.nhs.uk/work-for-us/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Cyber Security

Giac Mosca

Giac.Mosca@porthosp.nhs.uk

02392432333

Details

Date posted

13 March 2023

Pay scheme

Agenda for change

Band

Band 8a

Salary

£48,526 to £54,619 a year

Contract

Permanent

Working pattern

Full-time

Reference number

C8192-CS-23-0321

Job locations

Queen Alexandra Hospital

Southwick Hill Road

Cosham

Portsmouth

PO6 3LY


Supporting documents

Privacy notice

Portsmouth Hospitals University NHS Trust's privacy notice (opens in a new tab)