The Hillingdon Hospital NHS Foundation Trust

*Internal Only*Senior Cyber Security Specialist

Information:

This job is now closed

Job summary

The post holder is responsible for end-user cyber security support and training, and all processes relating to application management for a range of cyber security applications within the team's portfolio. The post-holder will investigate, manage and resolve issues and problems raised against the portfolio, liaising with third-party system suppliers as necessary. The post-holder will assure the specifications for and delivery of any change requests set against the team's cyber security portfolio. The post holder will be responsible for strategic planning relating the current and future configuration of the cyber security portfolio and will manage work streams within wider Digital Services projects or programmes. The post holder will also develop training programmes for the cyber security portfolio to ensure that business processes are optimised.

The post holder will act as the main cyber security liaison and lead the operation of a cyber security function comprised of a team of cyber security specialists that provide a service to all Trust staff and other users, ensuring that they meet agreed service levels and provide a responsive customer-facing service.

This is a joint role across LNW and THH and the post holder will work across organisational boundaries to align team effort and outputs to ensure coordinated delivery to meet sector goals and initiatives as required.

Main duties of the job

The post holder will support and actively participate in joint management arrangements across the North West London Integrated Care Systems (ICS) as required.

  • Day to day team leadership which fosters a customer-focused team that maintains a portfolio of cyber security applications within Digital Services.
  • Provide security assurance through regular audits and monitoring that ensures end-users are given appropriate levels of access and security to the application portfolio as defined by their job role and that accounts for leavers and locums are kept up to date and closed when required. Review and investigate cyber security incidents logged on the Trust's incident management systems.
  • Undertake training needs assessments in order to evaluate and improve the level of cyber security literacy in the wider organisation.
  • Provide on-going cyber support and awareness to staff via various training delivery methods i.e. "floor walking", structured training, drop in sessions and one to one coaching.
  • The post holder will be responsible for maintaining training modules and materials as guided by the cyber security manager. They will ensure that these materials are optimised for training for large staff groups on rotation such as students and junior doctor

About us

The Hillingdon Hospitals NHS Foundation Trust is the only acute hospital in the London Borough of Hillingdon and offers a wide range of services, including accident and emergency, inpatient care, day surgery, outpatient clinics, and maternity services. The Trust's services at Mount Vernon Hospital include routine day surgery, delivered at a modern treatment centre, a minor injuries unit, and outpatient clinics.

The safety and well-being of our patients and staff is paramount and we are making urgent improvements to address this - particularly in infection prevention and control. We are making progress by working in partnership with local GPs, charities, community services, academic partners, our local authority, neighbouring hospitals, and the wider North West London Integrated care system, and ensuring that we listen and work in partnership with our local population. We are focused on ensuring that our hospitals provide high quality, safe, and compassionate care, while we drive forward with the building of the new Hillingdon Hospital.

We have over 3,500 members of staff that are proud to care for nearly half a million people, with a vision to be an outstanding provider of healthcare through leading health and academic partnerships, transforming services, to provide the best care where needed.

Details

Date posted

30 October 2023

Pay scheme

Agenda for change

Band

Band 7

Salary

£49,178 to £55,492 a year pa inc

Contract

Permanent

Working pattern

Full-time

Reference number

394-Corp-5714905DT

Job locations

Hillingdon Hospitals NHS Trust and London North West Hospitals Trust

Pield Heath Road, Uxbridge,

Uxbridge

UB8 3NN


Job description

Job responsibilities

  • Actively contribute to the Trusts technical assurance process by reviewing requirements for new systems against local and national cyber security standards. Provide detailed technical evidence where compliancy standards cannot be met, including any remediation or risk mitigations that must be applied
  • Deliver innovative training solutions through e-learning and other tools to ensure that the team can rapidly respond to data quality concerns or help correct out of control business processes.

Problem Management

  • Provides 3rd line cyber security support and troubleshooting to resolve user issues and data security matters.
  • Technical lead for cyber application and services portfolio responsible for liaison with 3rd party application vendors to deliver agreed solutions.

Cyber Security Operations Control

  • Pro-actively review, communicate and action changes in the cyber service as it evolves, ensuring that the necessary resource is available to resolve incidents and alerts either through Service Desk teams, themselves, or through escalation to the local, regional or national service provider.
  • Monitor the performance against a range of KPIs designed for the cyber portfolio covering user access, data security and system integrity, providing reports to Digital Services Management as required.
  • Report weekly and monthly on the activity of alerts, incidents, training, and support work for the teams portfolio and project work streams.
  • The post holder will provide regular reporting on managerial, department, local and national standards and alerts on both regular and an ad hoc basis. In addition the post holder will develop reports to monitor progress of training, cyber support work for the teams portfolio and project work streams.
  • To manage the specification, development and testing; either through security-specific toolsets or via the security vendor of any end-user reports or data extraction routines.
  • To support and actively participate in joint management arrangements across the North West London Integrated Care Systems (ICS) as required.

Continuity Management

  • Define the data retention policy for the cyber security systems and ensure that data back-ups are compliant.
  • Liaise with clinicians, managers, suppliers and other application managers to ensure continuity of service during planned application downtime and ensure emergency protocols and procedures are fit for purpose.

Change Management

  • To ensure the cyber security team adhere to the change control process and make sure that change requests are documented correctly and dealt with in a timely manner.
  • To communicate aspects of projects and system changes with implications for learning and training to staff across the organisation, by delivering presentations and facilitating discussions.

Software Control and Distribution

  • Create deployment plans for major information systems within the cyber security portfolio and identify critical issues when raised.
  • Responsible for security testing specifications of and delivery of new application requirements.

Cyber Security Strategy

  • Manage service operations for the cyber security portfolio and lead on the management of incidents, requests, developments, user access and problems.
  • Manage the suppliers within the cyber security portfolio to ensure performance against stated service level agreements (SLAs) are met and to ensure that these SLAs are reviewed for fitness.

Cyber Security Management

  • Manage service operations for the cyber security portfolio and lead on the management of incidents, requests, developments, user access and problems.
  • Manage the suppliers within the cyber security portfolio to ensure performance against stated service level agreements (SLAs) are met and to ensure that these SLAs are reviewed for fitness.

Configuration Management

  • Responsible for all aspects of service configuration including SIEMS, threat monitoring and protection, end-point security, network security, and other cyber security systems and apps as they become available, as well as leading the configuration project ensuring a fit for purpose cyber service configuration is agreed with the Programme team, internal stakeholders and the NHS digital cyber service team. This includes workload configuration, licence management, desktop distribution and device management, security and data protection & access management and federation.
  • Responsible for analysing user requirements and translating these requirements into solutions by modifying, developing and implementing enhancements to the relevant applications and infrastructure.
  • Work collaboratively with clinicians and managers to identify, develop and initiate improvements to the service to identify threats and opportunities which may improve business efficiency.
  • Troubleshoot technical and data security issues and identify modifications needed to meet changing user requirements.
  • Ensures that data security and any cyber reporting is compliant with NHS national standards; that the applications maintain data integrity in any integration messages through an integration engines to another application and in any data extracts to the data warehouse or external data stores.
  • Maintain the set of Standard Operating Procedures for the Teams portfolio of services.

General

  • Prepare training environments for cyber awareness virtual based events: ensuring rooms and trainers are organised; and that equipment, software and other materials are available as required.
  • Participate in the Trusts performance appraisal system and to undertake any identified training and development related to the post.
  • Represent or support the interests of the Cyber Security Team at internal and external forums.
  • Responsible for ensuring compliance with Data Security and Protection Toolkit.
  • Provide a level of support commensurate with the banding of this post to colleagues to improve their knowledge and understanding, and share own knowledge, skills and experience with others.
  • Responsible for the self-development of skills and competencies through participation in training and development activities and to maintain up to date technical and professional knowledge relevant to the post.

Please refer to the attached Job Description and Person Specification for a full list of role requirements and main responsibilities.

Job description

Job responsibilities

  • Actively contribute to the Trusts technical assurance process by reviewing requirements for new systems against local and national cyber security standards. Provide detailed technical evidence where compliancy standards cannot be met, including any remediation or risk mitigations that must be applied
  • Deliver innovative training solutions through e-learning and other tools to ensure that the team can rapidly respond to data quality concerns or help correct out of control business processes.

Problem Management

  • Provides 3rd line cyber security support and troubleshooting to resolve user issues and data security matters.
  • Technical lead for cyber application and services portfolio responsible for liaison with 3rd party application vendors to deliver agreed solutions.

Cyber Security Operations Control

  • Pro-actively review, communicate and action changes in the cyber service as it evolves, ensuring that the necessary resource is available to resolve incidents and alerts either through Service Desk teams, themselves, or through escalation to the local, regional or national service provider.
  • Monitor the performance against a range of KPIs designed for the cyber portfolio covering user access, data security and system integrity, providing reports to Digital Services Management as required.
  • Report weekly and monthly on the activity of alerts, incidents, training, and support work for the teams portfolio and project work streams.
  • The post holder will provide regular reporting on managerial, department, local and national standards and alerts on both regular and an ad hoc basis. In addition the post holder will develop reports to monitor progress of training, cyber support work for the teams portfolio and project work streams.
  • To manage the specification, development and testing; either through security-specific toolsets or via the security vendor of any end-user reports or data extraction routines.
  • To support and actively participate in joint management arrangements across the North West London Integrated Care Systems (ICS) as required.

Continuity Management

  • Define the data retention policy for the cyber security systems and ensure that data back-ups are compliant.
  • Liaise with clinicians, managers, suppliers and other application managers to ensure continuity of service during planned application downtime and ensure emergency protocols and procedures are fit for purpose.

Change Management

  • To ensure the cyber security team adhere to the change control process and make sure that change requests are documented correctly and dealt with in a timely manner.
  • To communicate aspects of projects and system changes with implications for learning and training to staff across the organisation, by delivering presentations and facilitating discussions.

Software Control and Distribution

  • Create deployment plans for major information systems within the cyber security portfolio and identify critical issues when raised.
  • Responsible for security testing specifications of and delivery of new application requirements.

Cyber Security Strategy

  • Manage service operations for the cyber security portfolio and lead on the management of incidents, requests, developments, user access and problems.
  • Manage the suppliers within the cyber security portfolio to ensure performance against stated service level agreements (SLAs) are met and to ensure that these SLAs are reviewed for fitness.

Cyber Security Management

  • Manage service operations for the cyber security portfolio and lead on the management of incidents, requests, developments, user access and problems.
  • Manage the suppliers within the cyber security portfolio to ensure performance against stated service level agreements (SLAs) are met and to ensure that these SLAs are reviewed for fitness.

Configuration Management

  • Responsible for all aspects of service configuration including SIEMS, threat monitoring and protection, end-point security, network security, and other cyber security systems and apps as they become available, as well as leading the configuration project ensuring a fit for purpose cyber service configuration is agreed with the Programme team, internal stakeholders and the NHS digital cyber service team. This includes workload configuration, licence management, desktop distribution and device management, security and data protection & access management and federation.
  • Responsible for analysing user requirements and translating these requirements into solutions by modifying, developing and implementing enhancements to the relevant applications and infrastructure.
  • Work collaboratively with clinicians and managers to identify, develop and initiate improvements to the service to identify threats and opportunities which may improve business efficiency.
  • Troubleshoot technical and data security issues and identify modifications needed to meet changing user requirements.
  • Ensures that data security and any cyber reporting is compliant with NHS national standards; that the applications maintain data integrity in any integration messages through an integration engines to another application and in any data extracts to the data warehouse or external data stores.
  • Maintain the set of Standard Operating Procedures for the Teams portfolio of services.

General

  • Prepare training environments for cyber awareness virtual based events: ensuring rooms and trainers are organised; and that equipment, software and other materials are available as required.
  • Participate in the Trusts performance appraisal system and to undertake any identified training and development related to the post.
  • Represent or support the interests of the Cyber Security Team at internal and external forums.
  • Responsible for ensuring compliance with Data Security and Protection Toolkit.
  • Provide a level of support commensurate with the banding of this post to colleagues to improve their knowledge and understanding, and share own knowledge, skills and experience with others.
  • Responsible for the self-development of skills and competencies through participation in training and development activities and to maintain up to date technical and professional knowledge relevant to the post.

Please refer to the attached Job Description and Person Specification for a full list of role requirements and main responsibilities.

Person Specification

Person Spec

Essential

  • Education/ qualifications
  • Knowledge and experience
  • Skills, abilities and attributes

Desirable

  • ITIL Foundation or above
  • Microsoft qualification
  • Cyber security specialist qualification
Person Specification

Person Spec

Essential

  • Education/ qualifications
  • Knowledge and experience
  • Skills, abilities and attributes

Desirable

  • ITIL Foundation or above
  • Microsoft qualification
  • Cyber security specialist qualification

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

The Hillingdon Hospital NHS Foundation Trust

Address

Hillingdon Hospitals NHS Trust and London North West Hospitals Trust

Pield Heath Road, Uxbridge,

Uxbridge

UB8 3NN


Employer's website

https://www.thh.nhs.uk/index.php (Opens in a new tab)

Employer details

Employer name

The Hillingdon Hospital NHS Foundation Trust

Address

Hillingdon Hospitals NHS Trust and London North West Hospitals Trust

Pield Heath Road, Uxbridge,

Uxbridge

UB8 3NN


Employer's website

https://www.thh.nhs.uk/index.php (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Joint Head of Cyber Security

Andrew Wright

andrew.wright24@nhs.net

Details

Date posted

30 October 2023

Pay scheme

Agenda for change

Band

Band 7

Salary

£49,178 to £55,492 a year pa inc

Contract

Permanent

Working pattern

Full-time

Reference number

394-Corp-5714905DT

Job locations

Hillingdon Hospitals NHS Trust and London North West Hospitals Trust

Pield Heath Road, Uxbridge,

Uxbridge

UB8 3NN


Supporting documents

Privacy notice

The Hillingdon Hospital NHS Foundation Trust's privacy notice (opens in a new tab)