Job summary
We're looking for an organised and motivated Information Security professional to join us and play a key role in delivering the information security compliance programme across all services within the NHS Business Services Authority (NHSBSA).
Therole will be based in the NHSBSA's Security & Information GovernanceTeam located at our Stella House office, Newcastle upon Tyne. In line with our hybrid working policy there is also an opportunity for working from home to be considered providing business needs are met.
So, if you are excited by the above, feel you have what it takes to be successful, and would like to join our dynamic team we would love to hear from you.
What do we offer?
- 27 days leave (increasing with length of service) plus 8 bank holidays
- Flexible working (we are happy to discuss options such as compressed hours)
- Flexi time
- Hybrid working model
- Career development
- Active wellbeing and inclusion networks
- Excellent pension
- NHS Car lease scheme
- Access to a wide range of benefits and high street discounts!
Main duties of the job
This role is based in the NHSBSA's Security & Information Governance Team organisationally and will covers both information security and information assurance.
As SIRA you will work closely the Information Governance and Information Security teams, and key NHSBSA stakeholders supporting the delivery of the information security management programme, primarily focussed on information assurance activities and related processes within the NHSBSA.
Actively supporting the continual review of the organisation's arrangements for information security management you will work with relevant stakeholders and interested parties (such as special interest groups, professional associations and security forums) to understand the information security threat landscape, trends, and emerging risks.
You will apply your understanding to analyse information security data and performance metrics from across the organisation, identify information security risks and weaknesses and recommend appropriate actions for improvement to senior management.
About us
Here at the NHS Business Services Authority (NHSBSA), what we do matters.
We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we take pride in being part of something so meaningful, that touches millions of lives.
Just as we design our services around the needs of our customers, we place our people at the heart of our organisation. That's why when you join us, you'll be empowered and given the right support to help your career grow.
As one of the UK's Best Big Companies to work for, we're all connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.
We strive to offer a fantastic colleague experience, where every voice is heard, and every colleague is supported and respected. Wellbeing, diversity and inclusion is at the centre of this, so when you join us, you can connect with our Lived Experience Networks who help us to bring our authentic selves to work.
We welcome applications from people of all backgrounds and circumstances. We are committed and proud to be a flexible employer and will endeavour to offer a working pattern that suits you wherever possible, whether that be hybrid working, flexible hours, job sharing and more.
Ready to join us on our journey to be a catalyst for better health? Apply today and see where the NHSBSA can take you.
We are people connected to care.
Job description
Job responsibilities
In this role, you are accountable for:
- Undertaking information security assurance assessments and producing NHSBSA Information Security Assurance Documentation (ISAD) for the certification of business systems
- Understanding and employing a scenario-based approach to information risk assessment
- Undertaking information security risk assessments through the evaluation of events and consequences
- Engaging with senior management (SIRO and Information Asset Owners) to ensure that they understand the information security risks relevant to their service area and to the organisation as a whole
- Co-ordinating the identification of suitable risk treatment options
- Monitoring and reporting on the effectiveness of information security controls based on the analysis of information security metrics and measures data, KPIs and KRIs
- Producing information security evidence (control assessments) to facilitate the effective and consistent application of the risk management process, ensuring that controls are reasonable, are proportionate to risk, and are aligned with business requirements
- Monitoring and reporting on compliance with information security policies, standards and procedures
- Liaising with key stakeholders to gain timely information security assurance of the business systems and activities
- Managing information security incidents and ensuring that remediation actions are taken in a timely manner
- Scoping and conducting information security internal audits in accordance with the ISMS internal audit schedule
- Participating in the development, delivery and management of the information security education, training and awareness programme
- Developing and delivering information security management awareness training for all levels of the organisation, including online and face-to-face sessions
- Establishing information security management arrangements for new services / programmes / projects ensuring that information security controls reflect best practice and are embedded within processes and procedures
- Maintaining a sound technical knowledge of information security products, systems and procedures used within the organisation
- Using credible and reliable information and information sources to provide evidence of emerging information security threats
- Providing information security support, advice and guidance to all NHSBSA teams
Job description
Job responsibilities
In this role, you are accountable for:
- Undertaking information security assurance assessments and producing NHSBSA Information Security Assurance Documentation (ISAD) for the certification of business systems
- Understanding and employing a scenario-based approach to information risk assessment
- Undertaking information security risk assessments through the evaluation of events and consequences
- Engaging with senior management (SIRO and Information Asset Owners) to ensure that they understand the information security risks relevant to their service area and to the organisation as a whole
- Co-ordinating the identification of suitable risk treatment options
- Monitoring and reporting on the effectiveness of information security controls based on the analysis of information security metrics and measures data, KPIs and KRIs
- Producing information security evidence (control assessments) to facilitate the effective and consistent application of the risk management process, ensuring that controls are reasonable, are proportionate to risk, and are aligned with business requirements
- Monitoring and reporting on compliance with information security policies, standards and procedures
- Liaising with key stakeholders to gain timely information security assurance of the business systems and activities
- Managing information security incidents and ensuring that remediation actions are taken in a timely manner
- Scoping and conducting information security internal audits in accordance with the ISMS internal audit schedule
- Participating in the development, delivery and management of the information security education, training and awareness programme
- Developing and delivering information security management awareness training for all levels of the organisation, including online and face-to-face sessions
- Establishing information security management arrangements for new services / programmes / projects ensuring that information security controls reflect best practice and are embedded within processes and procedures
- Maintaining a sound technical knowledge of information security products, systems and procedures used within the organisation
- Using credible and reliable information and information sources to provide evidence of emerging information security threats
- Providing information security support, advice and guidance to all NHSBSA teams
Person Specification
Knowledge and skills
Essential
- Knowledge of information security management
- Knowledge of technical and non-technical components of information security
- Ability to independently perform information security assurance assessments
Desirable
- Knowledge of the certification and compliance requirements relating to NHSBSA
- Knowledge of innovations in the provision of information security services
Experience
Essential
- Information security risk management experience
- Involvement in the implementation of ISO 27001 security standard
- Involvement in managing information security incidents
- Undertaking information security audits
Desirable
- Experience in risk assessment and balancing security risks with business requirements
- Involvement in the development and management of information security metrics
Qualifications
Essential
- Educated to Degree level or equivalent
- Recognised ISO27001 related qualification or IS experience (Lead Auditor, Internal Auditor, Implementer)
Desirable
- Recognised information security qualification (CISM. CRISC, CISSP)
Person Specification
Knowledge and skills
Essential
- Knowledge of information security management
- Knowledge of technical and non-technical components of information security
- Ability to independently perform information security assurance assessments
Desirable
- Knowledge of the certification and compliance requirements relating to NHSBSA
- Knowledge of innovations in the provision of information security services
Experience
Essential
- Information security risk management experience
- Involvement in the implementation of ISO 27001 security standard
- Involvement in managing information security incidents
- Undertaking information security audits
Desirable
- Experience in risk assessment and balancing security risks with business requirements
- Involvement in the development and management of information security metrics
Qualifications
Essential
- Educated to Degree level or equivalent
- Recognised ISO27001 related qualification or IS experience (Lead Auditor, Internal Auditor, Implementer)
Desirable
- Recognised information security qualification (CISM. CRISC, CISSP)
Additional information
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
