Cyber Security Specialist

Job description

Job responsibilities

In this role, you are accountable forSecurity Operations

1. To ensure appropriate access control and monitoring on NHS BSA IT systems is maintained.

2. Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSAs Information Assets. Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience

3. Ensure that all controls are in place to ensure continued certification to the Information Security Management Standard ISO27001 and continued adherence to the National Cyber Security Centre cloud security principles.

4. When required conduct forensically sound acquisitions of computer systems and associated media to accumulate evidence in the area of forensic computer science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law.

5. Support the management of the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSAs systems, taking appropriate remedial action, including addressing any performance related targets not met by internal and external suppliers.

6. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS, vulnerability and patch management, Email and Web Filtering, anti-malware, and hardening of operating systems and applications

7. Recognises decisions that have implications beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly.

8. Fully engage and contribute to delivery of projects, change and continuous improvements by providing specialist information security advice.

9. Provides constructive and timely expert advice to system developers on whether proposed solutions are likely to gain assurance.

10. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and non-technical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and service design is successfully translated, built delivered and operated to meet security and business requirements

11. Supports the strategic direction of the Cyber security operation function by assisting with the development, maintenance, promotion and stewardship of Security Procedures and Standards, in accordance with the NHS BSAs requirements, IG policies and procedures, legislation and EU Directives.

Knowledge Management

12. Maintain detailed technical knowledge of IT Security products, systems, policies and procedures used within the NHS BSA

13. Keeping abreast of technological and maintain an excellent understanding of the use of technology in delivering business objectives.

14. Identify and support opportunities to further develop skills to meet the changing needs of the business Taking ownership for decision making within own area, seeking support and feedback to develop well thought out solutions, processes and work as required, and in conjunction with agreed procedures.

Relationship Management

15. Working across/within different programmes as needed and to translate business security requirements into IT services and solutions.

16. To work with NHSBSA staff and Third Parties to ensure that security standards, governance and processes are in place for producing and maintaining up to date, comprehensive, comprehensible documentation which will include IT service security blueprints for all systems and services.

17. Identify opportunities, engaging and fostering relationships and partnership working within the organisation, and with third parties, to identify and deliver value to the organisation.

18. Working collaboratively with Professional Leads to identify, implement, and support team and individual development.

Information Management

19. Research of the marketplace and constant awareness of industry trends and innovation using information to inform the Cyber security strategy of the NHSBSA and as input to design activities.

20. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within security operations.

21. Monitor, report, present or escalate issues as appropriate to the Cyber Security Operations Team Lead

Delivery Management

22. Carry out Information Risk Assessments and produce comprehensive Risk Assessment Documentation in accordance with the National Cyber Security Centre best practice.

23. Acts as an SME and recognised point of contact for advising on queries covering their area of responsibility from internal and external sources. Establishing the Cyber Security operations team as the go to team for advice on such matters. Advises on standards and tools in their own specialism.

24. Managing staff workload and completing own assigned tasks, to a high quality and within agreed timelines. Delivering continuous improvements to enhance own and business areas; co-ordinating and delivery of work across multiple strands such as continuous improvement, project related work, and operational tasks, and escalating issues at appropriate times.

25. Providing feedback on functional and non-functional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.

26. Participating in procurement processes for hardware and software. Reviewing functional requirements and providing nonfunctional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.

People Management

1. The management of day-to-day activities and general management of colleagues.

2. Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.

3. Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating, and reporting on the impact and success of implemented training plans.

4. Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape.

In addition to the above accountabilities, as post holder you are expected to

1. Undertake additional duties and responsibilities in line with the purpose of your role and as agreed by your line manager.

2. Demonstrate NHSBSA values and core capabilities in all aspects of your work.

3. Encourage an environment where your own and colleagues safety and well-being is promoted.

4. Contribute to a culture which values diversity and inclusion.

5. Follow NHSBSA policies, procedures, and protocols as they apply to your role.

Person Specification

Personal Qualities, Knowledge and Skills

• 1.Developing, implementing and maintaining effective control monitoring activities, ensuring compliance with Information Security Standards ISO27001
• 2.Extensive experience of managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
• 3.Designing and recommending appropriate controls to enable the achievement of Cyber security and wider business goals.
• 4.Evaluation of threat intelligence data from multiple sources to inform decision making
• 5.A range of skills and specialism across a diverse and detailed technical knowledge, covering web technology applications and services, information, infrastructure, cloud and managed service architectures
• 6.Has a real interest in information security and ensures they keep up-to-date with the latest Security news
• 7.Knowledge of risk management techniques and the application of a risk based approach to managing security
• 8.Has a sufficiently broad understanding of risk management to be able to effectively set and undertake Accreditation work

Qualifications

• Degree calibre or demonstrable experience in an Information Technology related field.
• 1.ICT qualification OR recent ICT experience
• 2.Other professionally recognised ICT/ Security certification such as: oCompTIA: A+, Network+, Security+ oCCNA oITIL v3 or v4 foundation. oBTEC HNC Computing or Security

• 1.IT Security Officer / IA Technical Architect at CCP associate or practitioner level. With the capability to enable effective IT security across a wide portfolio of ICT

Experience

• 1.Recent security or support experience
• 2.Experience of working as part of a team to provide a service to customers
• 3.Experience of effectively learning new skills and developing oneself
• 4.Information Security Management Systems ISO27001
• 5.Experience with software and security architectures.
• 6.The production of ICT security reports/MI for relevant parties
• 7.Experience in security due diligence and security assurance reviews of 3rd party suppliers.
• 8.Working within a combination of outsourced and in house ICT provision
• 9.Hands on experience with the design of ICT security mitigation measures to meet Information Security work based assessments

• 1.Cloud Security & monitoring
• 2.Development of a security architecture design
• 3.Risk assessment and balancing security risks with business requirements.

Extensive Knowledge of Inforamtation Security in the following areas

• 1.Windows and Linux operating Systems
• 2.Virtualisation
• 3.Penetration Testing
• 4.Risk Management Process
• 5.Public Services Network (PSN) and NHS N3
• 6.Security monitoring and auditing
• 7.Computer Forensics
• 8.Database Security

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.

Employer details

Employer name

NHS Business Services Authority

Address

Stella House

Goldcrest Way

Newcastle upon Tyne

NE15 8NY

https://www.nhsbsa.nhs.uk/what-we-do/work-us