Job summary
We are looking for an experienced and enthusiastic Cyber Security professional to join our team and assist in managing and maintaining the security of ITC systems. This fixed-term 9 month role is key to the operational effectiveness of cyber security across the organisation and responsible for providing ICT/Cyber Security technical advice and expertise as a subject matter expert. Working as part of the Information Security Team you will be a lead in developing and managing systems for the prevention and response to malware and ransomware, web and email filtering, security information event management (SIEM), and be able to demonstrate an in-depth knowledge of associated risks. You will also contribute to ICT Governance systems including ISO27001 and the NHS DSPT.
Eligibility for UK National Security Vetting is essential to this role.
The Counter Fraud Authority has offices in London, Coventry and Newcastle and there is the opportunity for office based, hybrid or home working based at any of these locations. In addition to the advertised salary working in the London area will attract High Cost Area Supplement where appropriate
****We reserve the right to close this vacancy before the advertised closing date should we receive a significant number of applications
Main duties of the job
Working with the Information Security Lead and team to actively manage, review, and develop systems and processes to ensure the security of the NHSCFA ICT infrastructure and information systems. To develop and support a range of cyber security products and services including proactively assessing and investigating potential items of risk and of vulnerabilities in ICT systems. The post holder will work with NHSCFA business areas to understand and shape their security requirement, ensuring that personal data and other information assets are secured whilst enabling open and modern secure digital services. They will maintain an excellent knowledge of information security principles and practices ensuring timely technical support is provided to satisfy business needs.
About us
We have offices based in Coventry, Newcastle and London and also offer flexible and home based working. The NHSCFA values and respects the diversity of its employees, and aims to recruit a workforce which reflects our diverse communities. We welcome applications irrespective of people's age, disability, gender, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances. We have policies and procedures in place to ensure that all applicants are treated fairly and consistently at every stage of the recruitment process, including an invitation to the first stage of the selection process and consideration of reasonable adjustments for people who have a disability. If you are applying to undertake this role on a secondment basis you should have agreement to being released from your current role in principle, prior to submitting an application form. When you apply for this role you will be redirected to our recruitment system TRAC. Please apply without delay as reserve the right to close any vacancies from further submissions when we have received sufficient applications from which to make a shortlist. The CFA does not hold a sponsor licence in respect of skilled worker visas and so is unable to employ candidates requiring sponsorship
Job description
Job responsibilities
Manage, monitor, and develop NHSCFA cyber security operations and ICT security infrastructure in order to manage and reduce cyber risk and mitigate cyber threats:
Actively monitor NHSCFA ICT systems
Ensure appropriate access control is maintained
Perform security testing as directed
Carry out vulnerability assessments and remediation
Please see full Job Description and Person Specification.
Job description
Job responsibilities
Manage, monitor, and develop NHSCFA cyber security operations and ICT security infrastructure in order to manage and reduce cyber risk and mitigate cyber threats:
Actively monitor NHSCFA ICT systems
Ensure appropriate access control is maintained
Perform security testing as directed
Carry out vulnerability assessments and remediation
Please see full Job Description and Person Specification.
Person Specification
Knowledge and Experience
Essential
- Detailed technical knowledge across a diverse range of areas including web technologies, applications and services, information systems and cloud infrastructure, and managed service architectures
- Experience of developing, implementing and maintaining effective control monitoring activities, ensuring compliance with ISO27001
- Experience of designing and recommending appropriate controls to enable the achievement of IT security and wider business goals.
- Experience of evaluating threat intelligence data from multiple sources to inform decision making.
Desirable
- Has a real interest in Information Security and ensures they keep up to date with the latest security news. Line management experience
Specialist Knowledge
Essential
- Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
- Demonstrate extensive knowledge Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP Demonstrate extensive knowledge of Information Security in the following areas: oWindows & Linux operating systems oCloud security (AWS, Azure, SaaS cloud applications) oVirtualisation oISO27001 oRisk Management Process oSecurity Monitoring and auditing oDatabase security oProduction of IT security reports/MI for relevant parties oSecurity due diligence and security assurance reviews of 3rd party suppliers oWorking with a combination of outsourced and in-house IT provision oExperience of designing IT security mitigation measures to meet information security work-based assessments.
Desirable
- Experience and knowledge of some of the following: oICT application security architecture and design oSoftware security architecture oDigital Forensics oPublic Services Network (PSN) and NHS N3 oICT systems hardware (Server, PC etc.) oPenetration Testing oNetwork (LAN/WAN) security
Qualifications
Essential
- Degree or equivalent in an Information Technology or related field, or significant demonstrable experience.
- A professional certification or qualification in Information Security (CISMP, CISSP, CCSP) or other relevant professional IT qualification.
- Comptia Security+
- ISO27001 Foundation
Desirable
- EC-Council Certified Ethical Hacker
- ISO27001 Auditor or Lead Implementor
- Microsoft Certified: Azure Security Engineer Associate
- ISACA CRISC
- ITIL foundation
- Project management foundation (Prince 2)
Communication Skills
Essential
- Clearly demonstrates impactful communication skills (oral, written and presentation) in both formal and informal settings, articulating complex ideas to broad audiences
Person Specification
Knowledge and Experience
Essential
- Detailed technical knowledge across a diverse range of areas including web technologies, applications and services, information systems and cloud infrastructure, and managed service architectures
- Experience of developing, implementing and maintaining effective control monitoring activities, ensuring compliance with ISO27001
- Experience of designing and recommending appropriate controls to enable the achievement of IT security and wider business goals.
- Experience of evaluating threat intelligence data from multiple sources to inform decision making.
Desirable
- Has a real interest in Information Security and ensures they keep up to date with the latest security news. Line management experience
Specialist Knowledge
Essential
- Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
- Demonstrate extensive knowledge Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP Demonstrate extensive knowledge of Information Security in the following areas: oWindows & Linux operating systems oCloud security (AWS, Azure, SaaS cloud applications) oVirtualisation oISO27001 oRisk Management Process oSecurity Monitoring and auditing oDatabase security oProduction of IT security reports/MI for relevant parties oSecurity due diligence and security assurance reviews of 3rd party suppliers oWorking with a combination of outsourced and in-house IT provision oExperience of designing IT security mitigation measures to meet information security work-based assessments.
Desirable
- Experience and knowledge of some of the following: oICT application security architecture and design oSoftware security architecture oDigital Forensics oPublic Services Network (PSN) and NHS N3 oICT systems hardware (Server, PC etc.) oPenetration Testing oNetwork (LAN/WAN) security
Qualifications
Essential
- Degree or equivalent in an Information Technology or related field, or significant demonstrable experience.
- A professional certification or qualification in Information Security (CISMP, CISSP, CCSP) or other relevant professional IT qualification.
- Comptia Security+
- ISO27001 Foundation
Desirable
- EC-Council Certified Ethical Hacker
- ISO27001 Auditor or Lead Implementor
- Microsoft Certified: Azure Security Engineer Associate
- ISACA CRISC
- ITIL foundation
- Project management foundation (Prince 2)
Communication Skills
Essential
- Clearly demonstrates impactful communication skills (oral, written and presentation) in both formal and informal settings, articulating complex ideas to broad audiences
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
