South West London Integrated Care Board

Security Analyst

Information:

This job is now closed

Job summary

This role is part of the ICT Enterprise Security Team which implements and manages the processes and policies to cover all aspects of technical and physical security across all Infrastructure assets. The team also assists in ensuring all new technologies and technical changes adhere to Security standards and that the ICT service remains compliant with NHS and industry regulations and standards.

An organisation such as the ICB is reliant on its IT systems and information being secure and available at all times. In addition, it is essential that IT Services are delivered in a cost effective manner to industry wide standards such as ITIL, CE+ and ISO27001. The post holder will provide assistance to the Lead Enterprise Security Manager to ensure all aspectsof Security and related tasks are delivered within timeframes set to budget and within defined scopes.The role is designed to build a combination of subject matter expertise and technical skills to develop a strong service delivery.

Note the postholder may be expected to participate in the out-of-hours on-call rota for the ICB infrastructure and the customers it provides a service to.

Main duties of the job

The post holder will undertake the following duties and responsibilities:

o Assist the Lead Enterprise Security Manager to ensure all new and changed technologies meet NHS and Industry security standards.o Play an active role in the ICT Change Authority, Design Authority, and development of new solutions.o Develop and produce reports to ensure compliance to Security standards including, Accredited Safe Haven (ASH), Data Protection and Security Toolkit (DPST) CE+, ISO270001 to name a few.o Undertake ICT Security projects as required directed by the Lead Enterprise Security Manager, or appointed manager.o Act as a Technical resource for IT Security solution implementationso Develop, publish, review, and amend all ICT Security Policies to meet therequirements of the defined review cycle.

About us

NHS South West London Integrated Care Board works with partners from across the South West London Integrated Care System (ICS) to develop plans to meet the health needs of the population and secure the provision of health services, and is directly accountable for NHS spend and performance in South West London.

ICBs are statutory NHS bodies responsible for planning and allocating resources to meet the four core purposes of integrated care systems (ICSs):

  • to improve outcomes in population health and healthcare;
  • tackle inequalities in outcomes, experience and access;
  • enhance productivity and value for money and;
  • help the NHS support broader social and economic development.

Details

Date posted

31 May 2024

Pay scheme

Agenda for change

Band

Band 7

Salary

£49,178 to £55,492 a year Inclusive of Outer London HCAS per annum

Contract

Permanent

Working pattern

Full-time

Reference number

491-SWLIT19

Job locations

120 The Broadway

Wimbledon

SW19 1RH


Job description

Job responsibilities

Implement security controls and initiatives to ensure compliance with the organisational Security Policy. Lead security evaluation activities utilising security tests such as commissioned IT Health Checks, auditing, vulnerability scanning and penetration testing to name a few [but not exhaustive].

Report testing results to management and commissioning customers. Documenting and managing completion of required corrective actions, remediation activities and recommendations using well documented and managed improvement and implementation plans.

Ensure procedures and documentation are followed to manage, safeguard, and support a secure environment.

Ensure that all IT Security documentation is continually up to date. Develop and implement new procedures through the correct channels where necessary, to ensure smooth running of the service. Support the collation of information and reporting requirements to ensure NHS and ICT Industry security compliance, to include NHS Digital reporting requirements during cyber incidents.

Support the reporting cycle as specified in the ICT Security and Incident Management Policies Evaluate new security technology developments, to include the recommendation of new technologies, where appropriate internally for evaluation and PoC as suitable.

Benchmark the IT Security Service to demonstrate quality and level of service being provided to its clients.

Perform ICT Security risk assessment, business impact analysis and accreditation for all major information systems within the organisation.

Use judgment in setting the day to day priorities to include delegation of tasks and provision of ongoing support where required.

Manage problem resolution internally and escalation to outside suppliers where appropriate.

Support the following ITIL v3 processes Risk, Capacity, Availability, IT Service Continuity, Information Security, Compliance, Architecture and Supplier Management Manage all toolsets, dashboards, alert mechanisms, and systems, including outputs and resulting tasks and remediations as required to deliver Secure Infrastructure and Security Compliance to the SWL ICB and its customers.

Please refer to the Job Description for further details.

Job description

Job responsibilities

Implement security controls and initiatives to ensure compliance with the organisational Security Policy. Lead security evaluation activities utilising security tests such as commissioned IT Health Checks, auditing, vulnerability scanning and penetration testing to name a few [but not exhaustive].

Report testing results to management and commissioning customers. Documenting and managing completion of required corrective actions, remediation activities and recommendations using well documented and managed improvement and implementation plans.

Ensure procedures and documentation are followed to manage, safeguard, and support a secure environment.

Ensure that all IT Security documentation is continually up to date. Develop and implement new procedures through the correct channels where necessary, to ensure smooth running of the service. Support the collation of information and reporting requirements to ensure NHS and ICT Industry security compliance, to include NHS Digital reporting requirements during cyber incidents.

Support the reporting cycle as specified in the ICT Security and Incident Management Policies Evaluate new security technology developments, to include the recommendation of new technologies, where appropriate internally for evaluation and PoC as suitable.

Benchmark the IT Security Service to demonstrate quality and level of service being provided to its clients.

Perform ICT Security risk assessment, business impact analysis and accreditation for all major information systems within the organisation.

Use judgment in setting the day to day priorities to include delegation of tasks and provision of ongoing support where required.

Manage problem resolution internally and escalation to outside suppliers where appropriate.

Support the following ITIL v3 processes Risk, Capacity, Availability, IT Service Continuity, Information Security, Compliance, Architecture and Supplier Management Manage all toolsets, dashboards, alert mechanisms, and systems, including outputs and resulting tasks and remediations as required to deliver Secure Infrastructure and Security Compliance to the SWL ICB and its customers.

Please refer to the Job Description for further details.

Person Specification

Knowledge and Experience

Essential

  • Demonstrated experience of co-ordinating projects in complex and challenging environments
  • Significant experience of operating in a Cyber Security remit previously
  • Evidence of continued professional development in the Cyber Security arena
  • Demonstrated experience of co-ordinating projects in complex and challenging environments
  • Experience of managing risks and reporting
  • Experience of managing Incidents and problems
  • Experience in a senior technical ICT Security role
  • Working experience with Industry renowned standard practice and policies [CE+/ISO27001]
  • Extensive experience completing ICT Security Risk assessment and managing risk mitigations
  • Extensive experience producing ICT Security Policies and managing the policy life cycle
  • Significant experience of successfully operating in a politically sensitive environment
  • Experience of managing risks and reporting
  • Experience of drafting briefing papers and correspondence for a senior audience
  • Experience of monitoring budgets and business planning processes
  • Demonstrated experience in a Healthcare environment
  • Experience of setting up and implementing internal processes and procedures

Skills and Abilities

Essential

  • Ability to analyse very complex issues where material is conflicting and drawn from multiple sources
  • Numerate and able to understand complex financial issues combined with deep analytical skills
  • Intermediate/advanced Keyboard skill - intermediate/advance ability to use Microsoft Office package
  • Comprehensive knowledge of project principles, techniques and tools, such as Prince 2 ? A/I Ability to prepare and produce concise communications for dissemination to a broad range of stakeholders as required; ? A/I Demonstrated capability to plan over short, medium and long -term timeframes and adjust plans and resource requirements accordingly
  • Ability to prepare and produce concise communications for dissemination to a broad range of stakeholders as required
  • Demonstrated capability to plan over short, medium and long -term timeframes and adjust plans and resource requirements accordingly

Other

Essential

  • Ability to work as part of a team and work flexibly to provide support to other departments and teams as and when necessary
  • Demonstrates commitment to NHS and organisational values and behaviours
  • Demonstrate commitment and role model behaviours and actions that support equality, diversity, belonging and inclusion
  • Strong compassionate and inclusive leadership

Qualifications

Essential

  • Educated to degree level in relevant subject or equivalent level qualification or significant experience of working at a similar level in specialist area
  • Post-graduate degree in relevant subject
  • ITIL Qualified Security Related Qualification [SSCP/CISM/CISSP or similar]
  • Evidence of continued professional development
Person Specification

Knowledge and Experience

Essential

  • Demonstrated experience of co-ordinating projects in complex and challenging environments
  • Significant experience of operating in a Cyber Security remit previously
  • Evidence of continued professional development in the Cyber Security arena
  • Demonstrated experience of co-ordinating projects in complex and challenging environments
  • Experience of managing risks and reporting
  • Experience of managing Incidents and problems
  • Experience in a senior technical ICT Security role
  • Working experience with Industry renowned standard practice and policies [CE+/ISO27001]
  • Extensive experience completing ICT Security Risk assessment and managing risk mitigations
  • Extensive experience producing ICT Security Policies and managing the policy life cycle
  • Significant experience of successfully operating in a politically sensitive environment
  • Experience of managing risks and reporting
  • Experience of drafting briefing papers and correspondence for a senior audience
  • Experience of monitoring budgets and business planning processes
  • Demonstrated experience in a Healthcare environment
  • Experience of setting up and implementing internal processes and procedures

Skills and Abilities

Essential

  • Ability to analyse very complex issues where material is conflicting and drawn from multiple sources
  • Numerate and able to understand complex financial issues combined with deep analytical skills
  • Intermediate/advanced Keyboard skill - intermediate/advance ability to use Microsoft Office package
  • Comprehensive knowledge of project principles, techniques and tools, such as Prince 2 ? A/I Ability to prepare and produce concise communications for dissemination to a broad range of stakeholders as required; ? A/I Demonstrated capability to plan over short, medium and long -term timeframes and adjust plans and resource requirements accordingly
  • Ability to prepare and produce concise communications for dissemination to a broad range of stakeholders as required
  • Demonstrated capability to plan over short, medium and long -term timeframes and adjust plans and resource requirements accordingly

Other

Essential

  • Ability to work as part of a team and work flexibly to provide support to other departments and teams as and when necessary
  • Demonstrates commitment to NHS and organisational values and behaviours
  • Demonstrate commitment and role model behaviours and actions that support equality, diversity, belonging and inclusion
  • Strong compassionate and inclusive leadership

Qualifications

Essential

  • Educated to degree level in relevant subject or equivalent level qualification or significant experience of working at a similar level in specialist area
  • Post-graduate degree in relevant subject
  • ITIL Qualified Security Related Qualification [SSCP/CISM/CISSP or similar]
  • Evidence of continued professional development

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

South West London Integrated Care Board

Address

120 The Broadway

Wimbledon

SW19 1RH


Employer's website

https://www.southwestlondon.icb.nhs.uk (Opens in a new tab)

Employer details

Employer name

South West London Integrated Care Board

Address

120 The Broadway

Wimbledon

SW19 1RH


Employer's website

https://www.southwestlondon.icb.nhs.uk (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Infrastructure and Cyber Security

Mervyn Hughes

mervyn.hughes@swlondon.nhs.uk

Details

Date posted

31 May 2024

Pay scheme

Agenda for change

Band

Band 7

Salary

£49,178 to £55,492 a year Inclusive of Outer London HCAS per annum

Contract

Permanent

Working pattern

Full-time

Reference number

491-SWLIT19

Job locations

120 The Broadway

Wimbledon

SW19 1RH


Supporting documents

Privacy notice

South West London Integrated Care Board's privacy notice (opens in a new tab)