Senior Cyber Security Officer (Asset Security), Band 6
Job summary
As a Senior Cyber Security Officer you will work within the Cyber Security Team and will be responsible for the proactive scanning, monitoring, triage and response to cyber vulnerabilities identified across the Gloucestershire Integrated Care System (ICS).
Main duties of the job
You will take ownership of diverse incidents and service requests presented via our service management tool and see them through to completion.
The post holder will proactively seek out, report on and remediate vulnerabilities within the Gloucestershire ICS environment, using a diverse suite of security tools.
You will assist with audits against the standards and frameworks such Data Security & Protection Toolkit, Cyber Essentials Plus and ISO 27001.
You will flag new and inventive ways to protect the confidentiality, integrity and accessibility of ICS information assets and be integral to any associated proof of concept work.
The post-holder will be expected to convey a positive, professional image, representing the Digital Team. They must demonstrate a proactive approach to meet requests for support, and exercise appropriate initiative in a high profile and busy environment and be able to demonstrate the ability to liaise effectively and confidently with people at all levels.
About us
Gloucestershire Hospitals NHS Foundation Trust is the largest employer in the county and with over 8,000 staff, we are one of the largest NHS trusts in the UK. We offer a generous annual leave allowance, excellent bank rates, access to the excellent NHS Pension Scheme, discounts for local shops, restaurants and services, access to our health and well-being hub, access to our two on-site nurseries, flexible working options, discounted public transport, reward and recognition schemes, exercise and activity classes and membership to our popular hospital choir.
Job description
Job responsibilities
Maintain, further develop and assist in implementation of Information Security Management Systems in use within the ICS in line with the requirements of Data Security and Protection Toolkit, National Guidelines and Security Best practice
Support the development of good practice and workable security operating procedures in relation to cyber security across the system and provide specialist knowledge and analyse to improve the safety and stability of systems.Propose changes and improvements to IT security policies and procedures, implementing changes under the direction of Cyber Security Lead
Provide proactive monitoring, review, analysis and interpretation of security incidents and alerts using security technologies such as Sophos Central management console, Microsoft Defender for Endpoint and other security platforms, to ensure that alerts are resolved quickly by the appropriate team
Act as a senior member of the team responsible for the monitoring, detection and response to cyber security events, ensuring the appropriate technical response and timely remediation of threat alerts
Act as an escalation and co-ordination point for cyber related incidents. investigate suspected and actual breaches of IT security and undertake reporting/remedial action as required
Be part of an on call rota to cover security related events outside of working hours alongside the wider CITS 24\7 service.
Maintain detailed logs of any security events, incidents and remedial recommendations and actions taken
Perform ongoing IT Security risk assessments and audits to ensure that IT Systems are adequately protected
Coordinate work with the wider IT operational and project teams, information asset owners and system managers to ensure all solutions utilise IT Security best practices
Work with vendors, outside consultants and other 3rd parties to improve IT security within the organisation
Help facilitate regular penetration testing exercises of the Trusts perimeter network, to gather intelligence from these exercises and use these to generate lessons learned and drive Continuous Improvement
Collaborate with cyber security team colleagues to prepare operational security reports and KPIs, including security event and security incident alerts from network, infrastructure, end point, database, application and data security controls.
Responsible for ensuring that at all times, the highest standards of customer service are delivered.
Provide advice and act, where necessary, in response to Audit findings and recommendations in respect of information security
Review and advise on IT Security patches, software updates and vulnerabilities according to best practices
Identify threats to the confidentiality, integrity, availability, accountability and relevant compliance for information systems and provide authoritative advice and guidance on the application and operation of all types of security controls.
Work closely with organisation information governance teams to maintain legislative and regulatory requirements in regards to data protection and records management
Maintain currency with security and security enhancing technologies and brief colleagues as needed to enable measures, to be implemented where and when necessary or desirable
Ensure that access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed
Review cyber security threat notifications received from the NHS Digital Carecert service, using detailed log information, a variety of software utilities and software management tools to identify potential threats and eliminate false positives
Demonstrate a detailed knowledge and experience of the installation, configuration and maintenance of PCs and mobile devices and an understanding of network protocols, including TCP/IP, and their use in relation to network operating systems and perimeter security
Apply a comprehensive knowledge of best practice in relation to cyber-security, malware prevention and critical security updates and a knowledge of Microsoft Windows server technologies and Active Directory infrastructure and be able to communicate requirements to a wide variety of users
Ensure personal prioritisation and management of allocated tasks and workload
Person Specification
Qualifications
- Relevant Degree or in IT Field or Stem subject or equivalent experience
- ITIL Foundation Certificate
- Evidence of continued professional development within the field of cyber security
- CISSP or equivalent qualification
- ISACA CISM/CISA Certification
Experience
- Substantial to Extensive experience working in a Security Operations Centre or similar environment
- Experience of working in a high-pressured front-line environment
- Experience using IT Systems & Microsoft Office
- Working knowledge of IT systems in a healthcare environment
- Experience of working in a multidisciplinary team
Knowledge / Skills
- Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives
- Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents
- Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks
- Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security.
- Understanding of the requirements for Business Continuity /Disaster Recovery and practical experience
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer details
Employer name
Gloucestershire Hospitals NHS Foundation Trust
Address
Trustwide
Gloucestershire (Gloucester / Cheltenham)
GL1 3NN
https://www.gloshospitals.nhs.uk/
- Company
- Gloucestershire Hospitals NHS Foundation Trust
- Location
- Gloucestershire (Gloucester / Cheltenham), United Kingdom GL1 3NN
- Employment Type
- Permanent
- Salary
- £37338.00 - £44962.00 a year
- Posted
- Company
- Gloucestershire Hospitals NHS Foundation Trust
- Location
- Gloucestershire (Gloucester / Cheltenham), United Kingdom GL1 3NN
- Employment Type
- Permanent
- Salary
- £37338.00 - £44962.00 a year
- Posted