NHSJobs.com

Swydd ddisgrifiad a phrif gyfrifoldebau manwl

In this role, you are accountable for
Security Operations

1.    To ensure appropriate access control and monitoring on NHS BSA IT systems is maintained.

2.    Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSA’s Information Assets.  Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience

3.      Ensure that all controls are in place to ensure continued certification to the Information Security Management Standard ISO27001 and continued adherence to the National Cyber Security Centre cloud security principles.

4.    When required conduct forensically sound acquisitions of computer systems and associated media to accumulate evidence in the area of forensic computer science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law.

5.    Support the management of the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSA’s systems, taking appropriate remedial action, including addressing any performance related targets not met by internal and external suppliers.

6.     Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS, vulnerability and patch management, Email and Web Filtering, anti-malware, and hardening of operating systems and applications

7.     Recognises decisions that have implications beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly.

8.    Fully engage and contribute to delivery of projects, change and continuous improvements by providing specialist information security advice.

9.    Provides constructive and timely expert advice to system developers on whether proposed solutions are likely to gain assurance.

10. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and non-technical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and service design is successfully translated, built delivered and operated to meet security and business requirements

11. Supports the strategic direction of the Cyber security operation function by assisting with the development, maintenance, promotion and stewardship of Security Procedures and Standards, in accordance with the NHS BSA’s requirements, IG policies and procedures, legislation and EU Directives. 

Knowledge Management

12. Maintain detailed technical knowledge of IT Security products, systems, policies and procedures used within the NHS BSA

13. Keeping abreast of technological and maintain an excellent understanding of the use of technology in delivering business objectives.  

14. Identify and support opportunities to further develop skills to meet the changing needs of the business Taking ownership for decision making within own area, seeking support and feedback to develop well thought out solutions, processes and work as required, and in conjunction with agreed procedures.

Relationship Management

15. Working across/within different programmes as needed and to translate business security requirements into IT services and solutions.

16. To work with NHSBSA staff and Third Parties to ensure that security standards, governance and processes are in place for producing and maintaining up to date, comprehensive, comprehensible documentation which will include IT service security “blueprints” for all systems and services. 

17. Identify opportunities, engaging and fostering relationships and partnership working within the organisation, and with third parties, to identify and deliver value to the organisation.

18. Working collaboratively with Professional Leads to identify, implement, and support team and individual development.

Information Management

19. Research of the marketplace and constant awareness of industry trends and innovation using information to inform the Cyber security strategy of the NHSBSA and as input to design activities. 

20. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within security operations.

21. Monitor, report, present or escalate issues as appropriate to the Cyber Security Operations Team Lead

Delivery Management

22.  Carry out Information Risk Assessments and produce comprehensive Risk Assessment Documentation in accordance with the National Cyber Security Centre best practice.

23. Acts as an SME and recognised point of contact for advising on queries covering their area of responsibility from internal and external sources. Establishing the Cyber Security operations team as the “go to” team for advice on such matters. Advises on standards and tools in their own specialism. 

24.  Managing staff workload and completing own assigned tasks, to a high quality and within agreed timelines.  Delivering continuous improvements to enhance own and business areas; co-ordinating and delivery of work across multiple strands such as continuous improvement, project related work, and operational tasks, and escalating issues at appropriate times. 

25. Providing feedback on functional and non-functional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.

26. Participating in procurement processes for hardware and software.  Reviewing functional requirements and providing nonfunctional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.

 People Management

1.    The management of day-to-day activities and general management of colleagues.

2.    Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.

3.    Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating, and reporting on the impact and success of implemented training plans.

4.    Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape. 

In addition to the above accountabilities, as post holder you are expected to

1.     Undertake additional duties and responsibilities in line with the purpose of your role and as agreed by your line manager.

2.     Demonstrate NHSBSA values and core capabilities in all aspects of your work.

3.     Encourage an environment where your own and colleagues’ safety and well-being is promoted.

4.     Contribute to a culture which values diversity and inclusion.

5.     Follow NHSBSA policies, procedures, and protocols as they apply to your role.