Trac proudly powers the recruitment for

NHS Business Services Authority

About

The NHSBSA values and respects the diversity of its employees, and aims to recruit a workforce which reflects our diverse communities. We welcome applications irrespective of people’s age, disability, gender, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances.

We have policies and procedures in place to ensure that all applicants are treated fairly and consistently at every stage of the recruitment process, including an invitation to the first stage of the selection process and consideration of reasonable adjustments for people who have a disability.

The NHSBSA will not normally re-engage a former employee in any capacity including in a self-employed/consultancy capacity; through an agency; in a temporary or permanent post or to a supply list, for a period of 12 months after the redundancy date.

Contact

Address
NHS Business Services Authority
Stella House
Goldcrest Way
Newburn Riverside
Newcastle Upon Tyne
Tyne and Wear
NE15 8NY
Contact Number
0191 283 8950

Find out more

Jobs Website
Closed
Ref: 914-BSA4815 Vacancy ID: 6650860

Cyber Security Specialist

Closed for applications on: 29-Oct-2024 00:01

Closed

Closed for applications on: 29-Oct-2024 00:01

Location

Stella House
Goldcrest Way
Newcastle upon Tyne
NE15 8NY
Tyne and Wear

Contract type & working pattern

Fixed term: 2 years (.)
  • Full time
  • Flexible working
37.5 hours per week

Salary

£46,148 - £52,809 per annum
Yearly

(NHS AfC: Band 7)

Specialty

Cyber Security

Job overview

Are you passionate about cyber security and looking for an opportunity to make a real difference with your work? The NHS Business Services Authority (NHSBSA) is seeking a Cyber Security Specialist to join our Digital, Data and Technology (DDAT) team. This is a unique opportunity to ensure the security of NHSBSA network infrastructure and information systems, while enabling open and modern secure digital services.

As a Cyber Security Specialist, you will work closely with NHSBSA business areas to understand and shape their security requirements. You will be an active member of the DDAT department based in Newcastle, with occasional travel to other locations. This is an exciting opportunity for someone who can rationalise highly complex technical information and transform it into understandable content for others to work with

What do we offer?

  • 27 days leave (increasing with length of service) plus 8 bank holidays
  • Flexible working (we are happy to discuss options such as compressed hours)
  • Flexi time
  • Hybrid working model (we are currently working largely remotely)
  • Career development
  • Active wellbeing and inclusion networks
  • Excellent pension (23.7% employer contribution)
  • NHS Car lease scheme
  • Access to a wide range of benefits and high street discounts!

Advert

As a Cyber Security Specialist, your main responsibilities will be

  • Support the project lead to deliver the 2 year Cyber Security Improvement Programme activities and own key project deliverables including.
  • Activities associated to the Cyber Assessment Framework
  • Maturing cloud security through assessment and audit outputs and recommendations
  • Providing expert help and guidance across security solutions in alignment with relevant frameworks and standards
  • Undertaking activities that mitigate threats to the integrity of the NHS BSA's Information Assets.
  • Carrying out reviews, internal audits and spot-checks to ensure the effective operation of security systems.
  • Support where required the management of the ICT security incident process.

The successful candidate will have extensive experience of managing security technologies, delivering programmes across multiple teams and services and have a real interest in Cyber Security.

You will also have a broad understanding of risk management and the ability to effectively set and undertake Accreditation work.

Please review the attached job description and person specification for a full list of responsibilities for the role.

 

Working for our organisation

Here at the NHS Business Services Authority (NHSBSA), what we do matters.   

 We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we take pride in being part of something so meaningful, that touches millions of lives.    

 Just as we design our services around the needs of our customers, we place our people at the heart of our organisation. That’s why when you join us, you’ll be empowered and given the right support to help your career grow.   

 As one of the UK’s Best Big Companies to work for, we’re all connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.   

We strive to offer a fantastic colleague experience, where every voice is heard, and every colleague is supported and respected. Wellbeing, diversity and inclusion is at the centre of this, so when you join us, you can connect with our Lived Experience Networks who help us to bring our authentic selves to work.   

We welcome applications from people of all backgrounds and circumstances. We are committed and proud to be a flexible employer and will endeavour to offer a working pattern that suits you wherever possible, whether that be hybrid working, flexible hours, job sharing and more.   

 Ready to join us on our journey to be a catalyst for better health? Apply today and see where the NHSBSA can take you.   

We are people connected to care.

Detailed job description and main responsibilities

Job responsibilities

In this role, you will be working within the Cyber Security Improvement Project and will be responsible for clear project deliverables and activities within them to include:

Security Operations

  1. To ensure appropriate access control and monitoring on NHS BSA IT systems is maintained.
  2. Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSA’s Information Assets.  Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience.
  3. Ensure that all controls are in place to ensure continued certification to the Information Security Management Standard ISO27001 and continued adherence to the National Cyber Security Centre cloud security principles.
  4. When required conduct forensically sound acquisitions of computer systems and associated media to accumulate evidence in the area of forensic computer science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law.
  5. Support the management of the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSA’s systems, taking appropriate remedial action, including addressing any performance related targets not met by internal and external suppliers.
  6. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS, vulnerability and patch management, Email and Web Filtering, anti-malware, and hardening of operating systems and applications.
  7. Recognises decisions that have implications beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly.
  8. Fully engage and contribute to delivery of projects, change and continuous improvements by providing specialist information security advice.
  9. Provides constructive and timely expert advice to system developers on whether proposed solutions are likely to gain assurance.
  10. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and non-technical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and service design is successfully translated, built delivered and operated to meet security and business requirements.
  11. Supports the strategic direction of the Cyber security operation function by assisting with the development, maintenance, promotion and stewardship of Security Procedures and Standards, in accordance with the NHS BSA’s requirements, IG policies and procedures, legislation and EU Directives.  

Knowledge Management

12. Maintain detailed technical knowledge of IT Security products,                              systems,  policies and procedures used within the NHS BSA.

13. Keeping abreast of technological and maintain an excellent                                      understanding of the use of technology in delivering business                                objectives.

14. Identify and support opportunities to further develop skills to meet the          changing needs of the business Taking ownership for decision making                within own area, seeking support and feedback to develop well thought          out solutions, processes and work as required, and in conjunction with            agreed procedures. 
 
Relationship Management

15. Working across/within different programmes as needed and to                             translate business security requirements into IT services and solutions.

16. To work with NHSBSA staff and Third Parties to ensure that security                 standards, governance and processes are in place for producing and                  maintaining up to date, comprehensive, comprehensible                                            documentation which will include IT service security “blueprints” for all          systems and services.

17. Identify opportunities, engaging and fostering relationships and                          partnership working within the organisation, and with third parties, to              identify and deliver value to the organisation.

18. Working collaboratively with Professional Leads to identify, implement,           and support team and individual development. 
 
Information Management

19. Research of the marketplace and constant awareness of industry                        trends and innovation using information to inform the Cyber security              strategy of the NHSBSA and as input to design activities.

20. Implement, monitor and report on a number of areas including agreed              service levels, KPI's and standards within security operations.

21. Monitor, report, present or escalate issues as appropriate to the Cyber            Security Operations Team Lead
 
Delivery Management

22. Carry out Information Risk Assessments and produce comprehensive              Risk Assessment Documentation in accordance with the National                       Cyber  Security Centre best practice.

23. Acts as an SME and recognised point of contact for advising on queries           covering their area of responsibility from internal and external sources.           Establishing the Cyber Security operations team as the “go to” team for           advice on such matters. Advises on standards and tools in their own                   specialism.

24. Managing staff workload and completing own assigned tasks, to a high            quality and within agreed timelines.  Delivering continuous                                      improvements to enhance own and business areas; co-ordinating and             delivery of work across multiple strands such as continuous                                     improvement, project related work, and operational tasks, and                               escalating issues at appropriate times.

25. Providing feedback on functional and non-functional requirements to              ensure the overall needs of the business are met from a Cyber Security            perspective.

26. Participating in procurement processes for hardware and software.                  Reviewing functional requirements and providing nonfunctional                          requirements to ensure the overall needs of the business are met from           a  Cyber Security perspective. 
 
 People Management

  1. The management of day-to-day activities and general management of colleagues.
  2. Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.
  3. Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating, and reporting on the impact and success of implemented training plans.
  4. Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape. 

In addition to the above accountabilities, as post holder you are expected to

  1. Undertake additional duties and responsibilities in line with the purpose of your role and as agreed by your line manager.
  2. Demonstrate NHSBSA values and core capabilities in all aspects of your work.
  3. Encourage an environment where your own and colleagues’ safety and well-being is promoted.
  4. Contribute to a culture which values diversity and inclusion.
  5. Follow NHSBSA policies, procedures, and protocols as they apply to your role.

 

Person specification

Personal Qualities, Knowledge and Skills

Essential criteria
  • 1. Developing, implementing and maintaining effective control monitoring activities, ensuring compliance with Information Security Standards ISO27001
  • 2. Extensive experience of managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
  • 3. Designing and recommending appropriate controls to enable the achievement of Cyber security and wider business goals.
  • 4. Evaluation of threat intelligence data from multiple sources to inform decision making
  • 5. A range of skills and specialism across a diverse and detailed technical knowledge, covering web technology applications and services, information, infrastructure, cloud and managed service architectures
  • 6. Has a real interest in information security and ensures they keep up-to-date with the latest Security news
  • 7. Knowledge of risk management techniques and the application of a risk based approach to managing security
  • 8. Has a sufficiently broad understanding of risk management to be able to effectively set and undertake Accreditation work

Qualifications

Essential criteria
  • Degree calibre or demonstrable experience in an Information Technology related field.
  • 1. ICT qualification OR recent ICT experience
  • 2. Other professionally recognised ICT/ Security certification such as: • CompTIA: A+, Network+, Security+ • CCNA • ITIL v3 or v4 foundation. • BTEC HNC Computing or Security
Desirable criteria
  • 1. IT Security Officer / IA Technical Architect at CCP associate or practitioner level. With the capability to enable effective IT security across a wide portfolio of ICT
  • 2. ITIL foundation
  • 3. Project Management Foundation (Prince 2)
  • 4. A Professional Certification or qualification in Information Security (CISA, CISMP, CISM, CISSP, CRISC) or other relevant professional IT security qualification.

Experience

Essential criteria
  • 1. Recent security or support experience
  • 2. Experience of working as part of a team to provide a service to customers
  • 3. Experience of effectively learning new skills and developing oneself
  • 4. Information Security Management Systems ISO27001
  • 5. Experience with software and security architectures.
  • 6. The production of ICT security reports/MI for relevant parties
  • 7. Experience in security due diligence and security assurance reviews of 3rd party suppliers.
  • 8. Working within a combination of outsourced and in house ICT provision
  • 9. Hands on experience with the design of ICT security mitigation measures to meet Information Security work based assessments
Desirable criteria
  • 1. Cloud Security & monitoring
  • 2. Development of a security architecture design
  • 3. Risk assessment and balancing security risks with business requirements.

Extensive Knowledge of Inforamtation Security in the following areas

Essential criteria
  • 1. Windows and Linux operating Systems
  • 2. Virtualisation
  • 3. Penetration Testing
  • 4. Risk Management Process
  • 5. Public Services Network (PSN) and NHS N3
  • 6. Security monitoring and auditing
  • 7. Computer Forensics
  • 8. Database Security

Documents

Further details / informal visits contact

Name
Gary Simpson
Job title
Security Operations Manager
Email address
[email protected]
Telephone number
0000000000
LGBTQIE Top 100 2023
LGBTQIE Gold Award 2023
Menopause Friendly Employer
Disability confident leader
Armed Forces Covenant Gold Award
ENEI Gold '22
Better Health at Work Award
Step into health
Carer Confident -Accomplished
Stonewall Top 100 Employers in 2023
Care Confident Employer
Best Big Companies 2024
Outstanding to work for 2024
NFP Body's Top 5 to work for

No longer accepting applications

Sorry, this vacancy is no longer accepting applications.

You can search for similar jobs on the employer's job board, or visit our national jobs board Health Jobs UK.