Job summary
You will provide Cyber Security advice and support to the Digital support and delivery Teams, and to the Trust's management and staff and partner organisations.
You will participate in the planning and implementation of relevant policies and procedures to ensure Cyber Security provisioning and maintenance is consistent with the Trusts goals, industry best practice and regulatory requirements. You will also be instrumental in maintaining, updating and developing playbooks for testing the Trust's response to Digital incident response and disaster recovery, and operate in an agile/DevSecOps fashion.
Main duties of the job
- Maintain in-depth knowledge of the Digital incident response plan and fully support its execution.
- Investigate and report on data breaches in accordance with instructions / oversight.
- Work with Infrastructure and Services teams to ensure proactive monitoring of Digital infrastructure.
- Perform on going Cyber Security risk assessments and audits. Where required work with the relevant Digital team to implement any remediation or mitigating controls.
- Review and advise on Cyber Security patches and software updates according to best practices, and where required raise Exceptions where such patches will cause operational issues, with mitigations clearly articulated. Participation in patching activities is also required.
- Support access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed.
- Project engagement, to work with internal and external resources in the adoption of new services and technology to ensure the continuing safety of the systems, data and network.
- Support development and maintenance of ISMS and any structured frameworks being deployed by the Trust, such as ISO27001.
- Support the development of user cyber security awareness programs and delivery to users via presentations, meet and greets, and training forums.
About us
Bedfordshire Hospitals NHS Foundation Trust provides hospital services to a growing population of around 700,000 people living across Bedfordshire and the surrounding areas across two busy hospital sites in Bedford and Luton. Both hospital sites offer key services such as A&E, Obstetrics-led Maternity and Paediatrics.
You will be joining a friendly, high performing Trust committed to ensuring the health and wellbeing of staff. As one of the largest NHS Trusts in our region you will have access to a programme of high quality training and development to help you grow your career.
We have state-of-the art facilities placing us at the heart of cutting edge health care. The Trust continues to be committed to delivering the best patient care using the best clinical knowledge and technology available.
Please note that vacancies may close prior to the advertised closing date when sufficient number of applications have been received. Please ensure that you make your application as soon as possible.
All new staff will be subject to a probationary period covering their first six months in post. Travel between hospital sites may be required.
Please review all documents attached to this advert to ensure you familiarise yourself with all requirements of the job.
Job description
Job responsibilities
The Job Description and Person Specification are attached to this job, please review for the full details and responsibilities.
- Identify threats to the confidentiality, integrity, availability, accountability, and relevant compliance for information systems and provides authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright law.
- Investigate suspected and actual breaches of Cyber Security and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions.
- Develop and maintain incident management and response capability, supervise and coordinate incident response tasks to contain exposure from an incident.
- Maintain in-depth knowledge of the Digital incident response plan and fully support its execution.
- Maintain chain of custody and observes incident handling procedures for court purposes.
Job description
Job responsibilities
The Job Description and Person Specification are attached to this job, please review for the full details and responsibilities.
- Identify threats to the confidentiality, integrity, availability, accountability, and relevant compliance for information systems and provides authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright law.
- Investigate suspected and actual breaches of Cyber Security and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions.
- Develop and maintain incident management and response capability, supervise and coordinate incident response tasks to contain exposure from an incident.
- Maintain in-depth knowledge of the Digital incident response plan and fully support its execution.
- Maintain chain of custody and observes incident handling procedures for court purposes.
Person Specification
Qualifications
Essential
- Degree level qualification or equivalent experience
- An IT Security qualification such as SSCP, CISM, CISSP, CISMP
- Commitment to continuing professional development
Desirable
- Certified Ethical Hacker, Security+
- CISCO/Microsoft or similar Certifications
Experience
Essential
- Experience of Cyber Risk Management
- Experience and knowledge of operating security tools/technologies/applications within an IT/Security environment and how they relate to cyber security, such as: SIEM/SOAR, Firewalls, Endpoint Detection and Response, Privileged, Access/Password Management, Auditing, Monitoring and Logging, Microsoft Defender for Endpoint Patching and Vulnerability Management
- Experience of investigating suspected and actual security incidents and reporting on security breaches
- Knowledge of relevant legislation, guidance and standards e.g. Network and Information Systems (NIS) Regulations, Cyber Essentials Plus, NCSC 10 Steps to Cyber Security, ISO27001
- Knowledge of Infrastructure (Server, Storage, Networking) and its interactions with Cyber Security
- Knowledge of Information Governance, the Data Security Protection Toolkit and its relationship with ICT security, legislation and the NH
- Experience with Major Cloud products
- Experience of managing and motivating staff
- Experience of mentoring staff
- Experience of working in a cross-functional fashion
Desirable
- Experience of IT service provision in a health care setting
- Experience of working in fields other than cyber security, i.e. Infrastructure or Application Development
- Working knowledge of the Data Protection Act 2018
Skills and Competencies
Essential
- Adaptable and a Change Agent
- Exceptional level of written and oral communication skills
- Ability to communicate technical outputs to a non-technical audience
- Meticulous information gathering, attention to detail and presentation skills
- Ability to persuade and negotiate for time and resources successfully
- Able to demonstrate tact and diplomacy with a flexible and adaptable approach using initiative as required
- Able to interpret and analyse complex data and communications to act, redirect or refer/escalate
- Ability to organise data and information and formulate appropriate responses and recommendations
- Ability to confidently problem solve
- Excellent time management, to be able to plan and organise on-going activities and programmes that are often complex and open to change
- Ability to work under pressure within a multi-disciplinary team and effectively evaluate conflicting demands
- Open and inclusive with people. Building constructive working relationships both internal and external to the Trust
- Work within ICT Security/Cyber Security frameworks and policies
- Co-operative team player, working to achieve team, department, directorate and organisation goals
- Ability to work out of hours and flexibly in a diverse and demanding organisation
- Pragmatic and strategic thinker, developer of practical and effective solutions with an aptitude for developing new skills
- Willingness to progress knowledge and attend internal and external training opportunities
- To organise others in line with project/work plans
Desirable
- Commitment to service development
Other
Essential
- Travel expected within geographical
- Required to work as part of an on-call escalation
Person Specification
Qualifications
Essential
- Degree level qualification or equivalent experience
- An IT Security qualification such as SSCP, CISM, CISSP, CISMP
- Commitment to continuing professional development
Desirable
- Certified Ethical Hacker, Security+
- CISCO/Microsoft or similar Certifications
Experience
Essential
- Experience of Cyber Risk Management
- Experience and knowledge of operating security tools/technologies/applications within an IT/Security environment and how they relate to cyber security, such as: SIEM/SOAR, Firewalls, Endpoint Detection and Response, Privileged, Access/Password Management, Auditing, Monitoring and Logging, Microsoft Defender for Endpoint Patching and Vulnerability Management
- Experience of investigating suspected and actual security incidents and reporting on security breaches
- Knowledge of relevant legislation, guidance and standards e.g. Network and Information Systems (NIS) Regulations, Cyber Essentials Plus, NCSC 10 Steps to Cyber Security, ISO27001
- Knowledge of Infrastructure (Server, Storage, Networking) and its interactions with Cyber Security
- Knowledge of Information Governance, the Data Security Protection Toolkit and its relationship with ICT security, legislation and the NH
- Experience with Major Cloud products
- Experience of managing and motivating staff
- Experience of mentoring staff
- Experience of working in a cross-functional fashion
Desirable
- Experience of IT service provision in a health care setting
- Experience of working in fields other than cyber security, i.e. Infrastructure or Application Development
- Working knowledge of the Data Protection Act 2018
Skills and Competencies
Essential
- Adaptable and a Change Agent
- Exceptional level of written and oral communication skills
- Ability to communicate technical outputs to a non-technical audience
- Meticulous information gathering, attention to detail and presentation skills
- Ability to persuade and negotiate for time and resources successfully
- Able to demonstrate tact and diplomacy with a flexible and adaptable approach using initiative as required
- Able to interpret and analyse complex data and communications to act, redirect or refer/escalate
- Ability to organise data and information and formulate appropriate responses and recommendations
- Ability to confidently problem solve
- Excellent time management, to be able to plan and organise on-going activities and programmes that are often complex and open to change
- Ability to work under pressure within a multi-disciplinary team and effectively evaluate conflicting demands
- Open and inclusive with people. Building constructive working relationships both internal and external to the Trust
- Work within ICT Security/Cyber Security frameworks and policies
- Co-operative team player, working to achieve team, department, directorate and organisation goals
- Ability to work out of hours and flexibly in a diverse and demanding organisation
- Pragmatic and strategic thinker, developer of practical and effective solutions with an aptitude for developing new skills
- Willingness to progress knowledge and attend internal and external training opportunities
- To organise others in line with project/work plans
Desirable
- Commitment to service development
Other
Essential
- Travel expected within geographical
- Required to work as part of an on-call escalation
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
