Job summary
We are looking for an experienced and enthusiastic professional to join our team in managing, maintaining, and improving the security of ITC systems. This role is key to the operational effectiveness of cyber security across the organisation and responsible for providing ICT/Cyber Security technical advice and expertise as a subject matter expert. You will be a lead in developing and managing systems for the prevention and response to cyber threats including malware and ransomware, web and email filtering, security information event management (SIEM), and be able to demonstrate knowledge of risks. You will also contribute to ICT Governance systems including ISO27001 and the NHS DSPT.
Vetting - Residency requirement: This NHCFA position requires the role-holder to hold security clearance to at least SC level. To meet National Security Vetting requirements for SC clearance you must have resided in the UK for a minimum of 3 out of the past 5 years. https://www.gov.uk/government/organisations/united-kingdom-security-vetting.You do not need to already have SC clearance. However, failure to achieve the requirements for SC after offer will affect employment
Please apply without delay as we reserve the right to close this vacancy before the advertised closing date should we receive a significant number of applications.
Potential applicants can contact Simon Clark atsimon.clark@nhscfa.gov.uk if you have any questions regarding the role.
Main duties of the job
Work with the Information & Cyber Security Manager and team to actively manage, review, and develop systems and processes to ensure the security of the NHSCFA ICT infrastructure and information systems.
Develop and support a range of cyber security products and services and proactively assess, investigate, and mitigate risks and vulnerabilities in ICT systems.
Work with NHSCFA business areas to understand and shape their security requirement, ensuring that personal data and other information assets are secure whilst enabling open and modern secure digital services.
Maintain an excellent knowledge of information security principles and practices ensuring timely technical support is provided to satisfy business needs.
For a detailed job description and main responsibilities, please see the full Job Description and Person Specification. Do not send CVs; they will not be accepted.
About us
We have offices based in Coventry, Newcastle and London and offer flexible, hybrid, office and home-based working. In addition to the advertised salary working in the London area will attract High-Cost Area Supplement where appropriate.
Visa:The NHSCFA does not hold a sponsor licence in respect of skilled worker visas. and so is unable to employ candidates requiring sponsorship. Applications requiring Visa sponsorship or with dependency on another's visa will not be accepted.
Job description
Job responsibilities
- Report or escalate issues as appropriate to the Information and Cyber Security Manager.
- Produce reports for cyber security operations, including agreed service levels, KPI's and standards where applicable.
- Assess the effectiveness of Security Controls by conducting reviews, internal audits and spot-checks of ICT Security Infrastructure elements including: firewall, IDS/IPS, anti-malware, web and email filtering, MDM, SIEM, patch and vulnerability management.
For a detailed job description and main responsibilities, please see the full Job Description and Person Specification.
Job description
Job responsibilities
- Report or escalate issues as appropriate to the Information and Cyber Security Manager.
- Produce reports for cyber security operations, including agreed service levels, KPI's and standards where applicable.
- Assess the effectiveness of Security Controls by conducting reviews, internal audits and spot-checks of ICT Security Infrastructure elements including: firewall, IDS/IPS, anti-malware, web and email filtering, MDM, SIEM, patch and vulnerability management.
For a detailed job description and main responsibilities, please see the full Job Description and Person Specification.
Person Specification
Knowledge and Experience
Essential
- Detailed technical knowledge across a diverse range of areas including web technologies, applications and services, information systems and cloud infrastructure, and managed service architectures.
- Experience of developing, implementing and maintaining effective control monitoring activities, ensuring compliance with ISO27001.
- Experience of designing and recommending appropriate controls to enable the achievement of IT security and wider business goals.
- Experience of evaluating threat intelligence data from multiple sources to inform decision making.
Desirable
- Has a real interest in Information Security and ensures they keep up to date with the latest security news.
- Line management experience.
Specialist Knowledge
Essential
- Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP.
- Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP. Demonstrate extensive knowledge of Information Security in the following areas: oWindows & Linux operating systems. oCloud security (AWS, Azure, SaaS cloud applications). oVirtualisation. oISO27001. oRisk Management Process. oSecurity Monitoring and auditing. oDatabase security. oProduction of IT security reports/MI for relevant parties. oSecurity due diligence and security assurance reviews of 3rd party suppliers. oWorking with a combination of outsourced and in-house IT provision. oExperience of designing IT security mitigation measures to meet information security work-based assessments.
Desirable
- Experience and knowledge of some of the following: oICT application security architecture and design. oSoftware security architecture. oDigital Forensics. oPublic Services Network (PSN) and NHS network. oICT systems hardware (Server, PC etc.) oPenetration Testing. oNetwork (LAN/WAN) security
Qualifications
Essential
- Degree or equivalent in an Information Technology or related field, or significant demonstrable experience.
- A professional certification or qualification in Information Security (CISMP, CISSP, CCSP) or other relevant professional IT qualification.
- Comptia Security+
- ISO27001 Foundation.
Desirable
- EC-Council Certified Ethical Hacker.
- ISO27001 Auditor or Lead Implementor.
- Microsoft Certified: Azure Security Engineer Associate.
- ISACA CRISC.
- ITIL foundation.
- Project management foundation (Prince 2).
Communication Skills
Essential
- Clearly demonstrates impactful communication skills (oral, written and presentation) in both formal and informal settings, articulating complex ideas to broad audiences.
Person Specification
Knowledge and Experience
Essential
- Detailed technical knowledge across a diverse range of areas including web technologies, applications and services, information systems and cloud infrastructure, and managed service architectures.
- Experience of developing, implementing and maintaining effective control monitoring activities, ensuring compliance with ISO27001.
- Experience of designing and recommending appropriate controls to enable the achievement of IT security and wider business goals.
- Experience of evaluating threat intelligence data from multiple sources to inform decision making.
Desirable
- Has a real interest in Information Security and ensures they keep up to date with the latest security news.
- Line management experience.
Specialist Knowledge
Essential
- Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP.
- Extensive experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP. Demonstrate extensive knowledge of Information Security in the following areas: oWindows & Linux operating systems. oCloud security (AWS, Azure, SaaS cloud applications). oVirtualisation. oISO27001. oRisk Management Process. oSecurity Monitoring and auditing. oDatabase security. oProduction of IT security reports/MI for relevant parties. oSecurity due diligence and security assurance reviews of 3rd party suppliers. oWorking with a combination of outsourced and in-house IT provision. oExperience of designing IT security mitigation measures to meet information security work-based assessments.
Desirable
- Experience and knowledge of some of the following: oICT application security architecture and design. oSoftware security architecture. oDigital Forensics. oPublic Services Network (PSN) and NHS network. oICT systems hardware (Server, PC etc.) oPenetration Testing. oNetwork (LAN/WAN) security
Qualifications
Essential
- Degree or equivalent in an Information Technology or related field, or significant demonstrable experience.
- A professional certification or qualification in Information Security (CISMP, CISSP, CCSP) or other relevant professional IT qualification.
- Comptia Security+
- ISO27001 Foundation.
Desirable
- EC-Council Certified Ethical Hacker.
- ISO27001 Auditor or Lead Implementor.
- Microsoft Certified: Azure Security Engineer Associate.
- ISACA CRISC.
- ITIL foundation.
- Project management foundation (Prince 2).
Communication Skills
Essential
- Clearly demonstrates impactful communication skills (oral, written and presentation) in both formal and informal settings, articulating complex ideas to broad audiences.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
