Job summary
An exciting opportunity has arisen for a dynamic individual to join the SaTH Cyber Security Team on a 2 year fixed term contract.
The purpose of the Principal Cyber Security Engineer's role is to ensure that the systems, supporting processes and the organisation, collectively provide adequate protection against cyber threats and risks. As Information Technologies have such a critical dependency in healthcare, availability of the Trust's digital services to assist with patient care is essential, therefore the post holder will be expected to help instil a culture of Cyber Security awareness and training across the Trust.Under the guidance of the Cyber Security Manager, the post holder will be required to monitor Cyber Security Systems, respond to Cyber Incidents and develop policy, processes and procedures to reduce the likelihood of a Cyber Security incident. The post holder may be required to deputise for the Cyber Security Manager where appropriate and will participate in the Cyber Security Team on call rota.
The post holder will be expected to identify areas where the Trust is not adequately covered by Cyber Security policies and procedures and in consultation with the information governance and technical leads, develop new policies, procedures and technologies to cover these areas.
Main duties of the job
Manage the day-to-day activities of the cyber security team
Act as the designated technical specialist in Cyber Security for the Trust, providing an expert specialist advice service, in accordance with national and local Cyber Security standards, best practice and appropriate legislation
Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders
Monitor Trust systems for attacks, intrusions and unusual, unauthorised or illegal activity, reporting findings to Line Manager/Senior Management Team
Liaise with stakeholders from all levels within the Trust in relation to Cyber Security issues and provide recommendations for improvements and mitigation measures
About us
The successful candidate will have the opportunity to use their proven existing, and develop new skills and knowledge, and to be a part of many exciting and challenging projects currently being undertaken at the Trust as part of our Digital Transformation agenda and contribute to the progression of the Cyber Security Strategy within The Shrewsbury and Telford Hospital NHS Trust.
You will work closely with all stakeholders and provide a robust, proactive and resilient service on which our customers can rely upon.
Job description
Job responsibilities
For full duties and responsibilities please refer to the attached document entitled Job Description.
Job description
Job responsibilities
For full duties and responsibilities please refer to the attached document entitled Job Description.
Person Specification
Skills & Knowledge
Essential
- Ability to explain very complex technical or compliance issues to a non- technical audience
- Ability to prepare and produce concise yet insightful communications for dissemination to senior stakeholders and a broad range of external stakeholders and business partners as required
- Proven skill in problem solving and diagnostics through to resolution
- In depth knowledge of applicable legislation
- In depth knowledge of NHS Data Security and Protection Toolkit
- In depth knowledge of common cyber security related toolsets, vulnerabilities and mitigations
- Proven experience of managing a work force
Experience
Essential
- Demonstrates considerable experience of working within a technical discipline, e.g. cloud services, Active Directory Administration, Virtualisation, Vulnerability testing tools
- Demonstrates considerable experience managing security remediation activities
- Experience of developing and delivering an Information Security service to a large organisation
- Ability to generate statistics/analysis, write reports and develop business cases
- Experience of working with internal and external auditors
- Experience of working with senior stakeholders in providing mitigation and assurance as part of the DSPT
Desirable
- Experience of security improvement programmes within the NHS
Qualifications
Essential
- Educated to degree level in relevant subject or equivalent experience
- Qualification in information Security (e.g. GIAC, GSEC, ISC2, CISSP etc. )
Desirable
- Penetration Testing/Ethical Hacking Certification (e.g. CEH, OSCP)
- Appropriate vendor technical accreditations/knowledge (CISCO, VMWare, Microsoft, etc)
Person Specification
Skills & Knowledge
Essential
- Ability to explain very complex technical or compliance issues to a non- technical audience
- Ability to prepare and produce concise yet insightful communications for dissemination to senior stakeholders and a broad range of external stakeholders and business partners as required
- Proven skill in problem solving and diagnostics through to resolution
- In depth knowledge of applicable legislation
- In depth knowledge of NHS Data Security and Protection Toolkit
- In depth knowledge of common cyber security related toolsets, vulnerabilities and mitigations
- Proven experience of managing a work force
Experience
Essential
- Demonstrates considerable experience of working within a technical discipline, e.g. cloud services, Active Directory Administration, Virtualisation, Vulnerability testing tools
- Demonstrates considerable experience managing security remediation activities
- Experience of developing and delivering an Information Security service to a large organisation
- Ability to generate statistics/analysis, write reports and develop business cases
- Experience of working with internal and external auditors
- Experience of working with senior stakeholders in providing mitigation and assurance as part of the DSPT
Desirable
- Experience of security improvement programmes within the NHS
Qualifications
Essential
- Educated to degree level in relevant subject or equivalent experience
- Qualification in information Security (e.g. GIAC, GSEC, ISC2, CISSP etc. )
Desirable
- Penetration Testing/Ethical Hacking Certification (e.g. CEH, OSCP)
- Appropriate vendor technical accreditations/knowledge (CISCO, VMWare, Microsoft, etc)
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
