Job summary
We are seeking a dynamic IT Security & Continuity Manager to join our Digital Operations team.
The post holder will be responsible for maintaining a practical approach to cyber threat management and lead the planning of future IT security solutions and improvements to the security of existing systems and infrastructure. This includes the practical and systematic assessment of security controls, incorporating auditing and monitoring of security and continuity controls across all areas, providing assurance for user authentication and privileged account use, safe and timely patching of assets, end user and device hardening, vulnerability scanning, penetration testing and remediation of discovered cybersecurity vulnerabilities, as part of the wider set of controls and objectives required to maintain compliance the NHS CAF-DSPT.
The post holder will also develop and maintain IT security related policies and procedures, lead the Trust's operational cyber security meetings, and attend and present as required at local governance meetings and represent the Trust at regional cyber security groups as required.Applicants must demonstrate strong and up-to-date knowledge and experience, including best practices in areas such as firewalls, monitoring solutions (SIEM and EDR), privileged access management, VPN, Windows and Linux, network equipment, IoT appliances, cloud and SaaS, along with user communications and training, incident response, business continuity and disaster recovery.
Main duties of the job
Responsible for assessing and providing evidence for the Trust's achievement of DSPT compliance, including the requirements of the NCSC CAF.
Responsible for reviewing and continually improving cyber security and continuity in the Trust, including the maintenance of robust processes for managing cyber security incidents and co-ordinating response and resolution actions within a suspected or proven cyber security incident or where aspects of continuity are otherwise engaged.Responsible for management and reporting of security alerts and vulnerabilities locally and in line with the NHS national cyber operations service.
Ensure that all risks and issues relating to cyber security are fully documented with risk assessments undertaken and recorded on the Trust's risk management system, which supports the risk register.Participate as required in an on-call rota for Digital.
About us
DBTH is one of Yorkshire's Leading acute trusts, serving a population of more than 440,000. Our services are based over three main hospital sites and several additional services employing over 7,000 colleagues.
At DBTH we have a comprehensive framework of behaviours that guide us in our daily working lives, these form the DBTH Way. We pride ourselves on our commitment to the values of We Care and now the DBTH Way builds upon these foundations, providing further clarity on what it means to embody these values in our everyday interactions.
As an organisation that supports flexible working, we want to be sure that you can work in a way that is best for us and for our patients, and for you. Speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.
As an equal opportunities employer, we encourage applicants from all sectors of the community, particularly from under-represented groups including those with disabilities, members of our ethnic minorities and LGBTQ+ communities.
We offer a range of benefits to support our people including:o Extensive range of learning opportunitieso NHS Pension Schemeo Generous holiday entitlement in line with Terms & Conditionso Comprehensive health and wellbeing supporto NHS Car Lease schemes and a range of salary sacrifice schemeo Discounts on restaurants, getaways, shopping and finance through external providers.
Job description
Job responsibilities
Please see attached to the advert a job description and person specification for further details. Please ensure you read both documents carefully.
Please note, if your application is successful, you will be required to present original certificates of qualifications that are listed in the person specification under essential.
Job description
Job responsibilities
Please see attached to the advert a job description and person specification for further details. Please ensure you read both documents carefully.
Please note, if your application is successful, you will be required to present original certificates of qualifications that are listed in the person specification under essential.
Person Specification
Qualifications/Training
Essential
- Master's degree, CISSP and CISM certifications, or equivalent relevant experience
- Demonstrable evidence of continuing professional development in IT security
- ITIL certification or equivalent experience
Desirable
- CISA certification
- CCSP certification
- Management Qualification
- PRINCE II trained
Knowledge and Experience
Essential
- Experience in a relevant senior IT role in an organisation of 3,000+ users
- Experience of the NHS DSPT and NDG security standards, and the NCSC CAF
- Experience and understanding of the security aspects of Active Directory, Entra ID, Intune, Defender EDR, NHS M365, Imprivata OneSign, PrivacyIDEA, Windows 10/11, Windows Server, SQL Server, Microsoft Identity Manager, Microsoft NPS/RADIUS, SCSM/WSUS, BeyondTrust PAM, VMware vSphere, Omnissa Horizon and Workspace ONE, SolarWinds Orion and SEM, Palo Alto PAN-OS, or other comparable systems and infrastructure
- Experience of designing, implementing, and documenting security policies at technical / system level and at corporate / organisational level
- Experience of vulnerability assessments, penetration testing, and security audits; incident investigations; threat hunting, and able to develop plans and monitor and report on progress to required outcomes
Desirable
- Previous experience in a relevant senior IT role in an NHS acute hospital and understanding of the NHS environment in relation to IT Security
- Conversant with the relevant legislation within which IT security operates (CMA, NIS, GDPR, etc)
- Familiar with ISMS security control standards such as ISO 27001, SOC2, PCI DSS, or NIST
- Experience of developing and implementation of an organisational wide disaster recovery plan in accordance with the needs of the business
- Applied knowledge of digital forensics
Personal Attributes & Skills
Essential
- Proven ability to operate / think laterally & work on own initiative
- Ability to influence at senior levels of both the IM&T Directorate and wider Trust
- Ability to communicate in non-technical language to a wide range of audiences
- Able to prioritise and work within imposed deadlines
- Ability to co-develop board reports and business cases to solve strategic issues
- Ability to think strategically and keep track of process towards achievement of milestones
- Potential to develop and change within the changing NHS
- Ability to work on-call and take the lead on managing response to any given issue or incident within the remit of the post and team
Desirable
- An appreciation of the skills and staffing mix within the NHS environment
- Have a flexible approach to working and be available to work outside normal hours as and when required
Person Specification
Qualifications/Training
Essential
- Master's degree, CISSP and CISM certifications, or equivalent relevant experience
- Demonstrable evidence of continuing professional development in IT security
- ITIL certification or equivalent experience
Desirable
- CISA certification
- CCSP certification
- Management Qualification
- PRINCE II trained
Knowledge and Experience
Essential
- Experience in a relevant senior IT role in an organisation of 3,000+ users
- Experience of the NHS DSPT and NDG security standards, and the NCSC CAF
- Experience and understanding of the security aspects of Active Directory, Entra ID, Intune, Defender EDR, NHS M365, Imprivata OneSign, PrivacyIDEA, Windows 10/11, Windows Server, SQL Server, Microsoft Identity Manager, Microsoft NPS/RADIUS, SCSM/WSUS, BeyondTrust PAM, VMware vSphere, Omnissa Horizon and Workspace ONE, SolarWinds Orion and SEM, Palo Alto PAN-OS, or other comparable systems and infrastructure
- Experience of designing, implementing, and documenting security policies at technical / system level and at corporate / organisational level
- Experience of vulnerability assessments, penetration testing, and security audits; incident investigations; threat hunting, and able to develop plans and monitor and report on progress to required outcomes
Desirable
- Previous experience in a relevant senior IT role in an NHS acute hospital and understanding of the NHS environment in relation to IT Security
- Conversant with the relevant legislation within which IT security operates (CMA, NIS, GDPR, etc)
- Familiar with ISMS security control standards such as ISO 27001, SOC2, PCI DSS, or NIST
- Experience of developing and implementation of an organisational wide disaster recovery plan in accordance with the needs of the business
- Applied knowledge of digital forensics
Personal Attributes & Skills
Essential
- Proven ability to operate / think laterally & work on own initiative
- Ability to influence at senior levels of both the IM&T Directorate and wider Trust
- Ability to communicate in non-technical language to a wide range of audiences
- Able to prioritise and work within imposed deadlines
- Ability to co-develop board reports and business cases to solve strategic issues
- Ability to think strategically and keep track of process towards achievement of milestones
- Potential to develop and change within the changing NHS
- Ability to work on-call and take the lead on managing response to any given issue or incident within the remit of the post and team
Desirable
- An appreciation of the skills and staffing mix within the NHS environment
- Have a flexible approach to working and be available to work outside normal hours as and when required
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
