Job summary
To assist with managing the provision of IT Security Services on behalf of EEAST taking every opportunity to protect against changes in technology, and the threat posed by a varied group of malicious actors.
To assist with defining and agreeing an appropriate target security posture for EEAST - giving due regard to risks, threats and vulnerabilities, whilst maintaining compliance with various standards in place (eg Data Security and Protection Toolkit, CareCERT, Cyber Essentials+ etc).
To support the design and delivery of the EEAST IT Security Infrastructure and associated technologies, tools, and processes to support a robust IT service whilst maintaining operational effectiveness for EEAST IT customers.
To support the IT Security and Resilience Manager, the strategic planning of current and future IT security solutions for EEAST and its customers, researching and reviewing recognised best practice and upcoming changes to technology.
To seek and implement continuous service improvement for the benefit of EEAST and its customers.
Main duties of the job
Support the provision of a robust IT security service to support numerous data-rich applications for use within EEAST and by its customers both, on premise and cloud hosted.Assist with the configuration and maintenance of security and threat detection systems.
To collaborate with a variety of organisations, including Trusts, Universities, and NHS England, in identifying new security threats and opportunities to reduce the residual security risk to the Organisation.
Identify and proactively manage the cyber risks, threats, and vulnerabilities associated with the delivery of strategic plans and operational service, ensuring appropriate actions are taken to mitigate or respond.
To support the development and delivery IT security framework built upon complex technical standards, and evolving best practice.
Assist with the risk assessment of all new and potential IT systems, applications, packages and services, including SaaS platforms.
Build and maintain relationships and work with partner organisations to ensure timely sharing of intelligence, and continuously reduce the security risks the Organisation is exposed to.
To support staff to undertake cyber security related actions and task, as required, to protect EEAST, its customers, service users and the general public, as far as possible from the impact of cyber security incident.
To support the IT Security and Resilience Manager on the internal and external cyber audit plans.
About us
Working in a multi disciplinary team, assisting and getting support from each speciality as and when required, including but not limited to organisational units and individuals outside of the Digital directorate.
Job description
Job responsibilities
Support the provision of a robust IT security service to support numerous data-rich applications for use within EEAST and by its customers both, on premise and cloud hosted.
Assist with the configuration and maintenance of security and threat detection systems.
To collaborate with a variety of organisations, including Trusts, Universities, and NHS England, in identifying new security threats and opportunities to reduce the residual security risk to the Organisation.
Identify and proactively manage the cyber risks, threats, and vulnerabilities associated with the delivery of strategic plans and operational service, ensuring appropriate actions are taken to mitigate or respond.
To support the development and delivery IT security framework built upon complex technical standards, and evolving best practice.
Assist with the risk assessment of all new and potential IT systems, applications, packages and services, including SaaS platforms.
Build and maintain relationships and work with partner organisations to ensure timely sharing of intelligence, and continuously reduce the security risks the Organisation is exposed to.
To support staff to undertake cyber security related actions and task, as required, to protect EEAST, its customers, service users and the general public, as far as possible from the impact of cyber security incident.
To support the IT Security and Resilience Manager on the internal and external cyber audit plans.
To assist with the implementation of changes to IT Infrastructure, following publication of national guidance and/or policy, minimising the potential disruption to service provision posed by a security risk.
Develop a collaborative and influencing style of working, negotiating with others to achieve the best outcomes, and embedding this approach across the Team.
To instil a culture of learning and knowledge share throughout the Digital Team to ensure the service is fully resilient.
To support the IT Security and Resilience Manager with the process of responding to tenders, and new business opportunities, with current and potential customers of the service.
To work towards having a highly specialist knowledge and expertise in cyber security and measures to mitigate cyber risks.
Through proactive account management ensure the delivery of high-quality services to EEAST customers.
Responsible for maintaining confidentiality and discretion at all times.
Employ effective communication, negotiation, and influencing skills to enable stakeholder relationships to deliver objectives. Other ad hoc duties required to meet the needs of the service.
Managing the competing agendas of an agile workforce against a background of security risks, where a wrong decision could lead to a prolonged outage or significant data breach.
Working with highly complex, technical information but presenting it in a way that is appropriate to audiences of various sizes and levels of technical understanding, who may need to be convinced that particular cyber security measures are proportionate and that their organisation needs to fund them.
Job description
Job responsibilities
Support the provision of a robust IT security service to support numerous data-rich applications for use within EEAST and by its customers both, on premise and cloud hosted.
Assist with the configuration and maintenance of security and threat detection systems.
To collaborate with a variety of organisations, including Trusts, Universities, and NHS England, in identifying new security threats and opportunities to reduce the residual security risk to the Organisation.
Identify and proactively manage the cyber risks, threats, and vulnerabilities associated with the delivery of strategic plans and operational service, ensuring appropriate actions are taken to mitigate or respond.
To support the development and delivery IT security framework built upon complex technical standards, and evolving best practice.
Assist with the risk assessment of all new and potential IT systems, applications, packages and services, including SaaS platforms.
Build and maintain relationships and work with partner organisations to ensure timely sharing of intelligence, and continuously reduce the security risks the Organisation is exposed to.
To support staff to undertake cyber security related actions and task, as required, to protect EEAST, its customers, service users and the general public, as far as possible from the impact of cyber security incident.
To support the IT Security and Resilience Manager on the internal and external cyber audit plans.
To assist with the implementation of changes to IT Infrastructure, following publication of national guidance and/or policy, minimising the potential disruption to service provision posed by a security risk.
Develop a collaborative and influencing style of working, negotiating with others to achieve the best outcomes, and embedding this approach across the Team.
To instil a culture of learning and knowledge share throughout the Digital Team to ensure the service is fully resilient.
To support the IT Security and Resilience Manager with the process of responding to tenders, and new business opportunities, with current and potential customers of the service.
To work towards having a highly specialist knowledge and expertise in cyber security and measures to mitigate cyber risks.
Through proactive account management ensure the delivery of high-quality services to EEAST customers.
Responsible for maintaining confidentiality and discretion at all times.
Employ effective communication, negotiation, and influencing skills to enable stakeholder relationships to deliver objectives. Other ad hoc duties required to meet the needs of the service.
Managing the competing agendas of an agile workforce against a background of security risks, where a wrong decision could lead to a prolonged outage or significant data breach.
Working with highly complex, technical information but presenting it in a way that is appropriate to audiences of various sizes and levels of technical understanding, who may need to be convinced that particular cyber security measures are proportionate and that their organisation needs to fund them.
Person Specification
Qualifications
Essential
- Working, or willing to be supported, towards a degree level professional qualification in an information or data security related discipline, or have equivalent experience in this or a related area.
- Evidence of continued professional development
Desirable
- CISSP or CISM qualifications
- ITIL V3 Qualification
- ITIL V4 Qualification
- CCSP and CRISC Qualification
Skills and knowledge
Essential
- Analytical skills to interpret complex security standards and requirements to derive workplans for the team
- Effective interpersonal and influencing skills and the ability to interpret and communicate complex information to staff with varying technical knowledge
- Capability to digest complex facts or situations requiring in-depth analysis with the ability to formulate solutions where there are a number of options available
- Logical approach to problem solving
- Ability to forge and maintain good working relationships with external suppliers and internal clients/departments.
- Advanced keyboard skills
- Ability to make formal and informal technical presentations
Experience
Essential
- Experience of implementing processes and procedure in line with ITIL best practices
Desirable
- Demonstrable experience of defining and agreeing an appropriate target security posture across complex pan-organisation environments
- Experience in design of complex IT infrastructure solutions with a focus on security, process and controls
- Experience in a security or cyber role
- Experience in customer account management
Personal Qualities, Abilities and Attributes
Essential
- Knowledge of enterprise level cyber security solutions
- Commitment to team-working and respect for the skills of others
- Pragmatic approach to deal with extremely complex situations
- Self-motivated, proactive and innovative with a "can do" attitude
- Ability to inspire, encourage and influence colleagues and customers to adopt the attitudes and actions that ensure not only ensure compliance with Cyber Security policies but actively decrease the risk of Cyber Security incidents
- Knowledge of logging, audit and threat assessment tools and techniques
- Knowledge of information governance standards for data security and confidentiality and an understanding of their application in practice
- Knowledge of GDPR, DP Act 2018, ISO27001, NHS Data Security and Protection Toolkit and Cyber Essentials+.
Desirable
- Knowledge and experience of implementing proactive threat management solutions across organisation
- Proficient in the use tools to manipulate and transform large and complex data at speed in the event of a cyber attack
- Aptitude to design technical solutions that will fit into long-term business objectives and strategy Ability to lead and take command of meetings
Person Specification
Qualifications
Essential
- Working, or willing to be supported, towards a degree level professional qualification in an information or data security related discipline, or have equivalent experience in this or a related area.
- Evidence of continued professional development
Desirable
- CISSP or CISM qualifications
- ITIL V3 Qualification
- ITIL V4 Qualification
- CCSP and CRISC Qualification
Skills and knowledge
Essential
- Analytical skills to interpret complex security standards and requirements to derive workplans for the team
- Effective interpersonal and influencing skills and the ability to interpret and communicate complex information to staff with varying technical knowledge
- Capability to digest complex facts or situations requiring in-depth analysis with the ability to formulate solutions where there are a number of options available
- Logical approach to problem solving
- Ability to forge and maintain good working relationships with external suppliers and internal clients/departments.
- Advanced keyboard skills
- Ability to make formal and informal technical presentations
Experience
Essential
- Experience of implementing processes and procedure in line with ITIL best practices
Desirable
- Demonstrable experience of defining and agreeing an appropriate target security posture across complex pan-organisation environments
- Experience in design of complex IT infrastructure solutions with a focus on security, process and controls
- Experience in a security or cyber role
- Experience in customer account management
Personal Qualities, Abilities and Attributes
Essential
- Knowledge of enterprise level cyber security solutions
- Commitment to team-working and respect for the skills of others
- Pragmatic approach to deal with extremely complex situations
- Self-motivated, proactive and innovative with a "can do" attitude
- Ability to inspire, encourage and influence colleagues and customers to adopt the attitudes and actions that ensure not only ensure compliance with Cyber Security policies but actively decrease the risk of Cyber Security incidents
- Knowledge of logging, audit and threat assessment tools and techniques
- Knowledge of information governance standards for data security and confidentiality and an understanding of their application in practice
- Knowledge of GDPR, DP Act 2018, ISO27001, NHS Data Security and Protection Toolkit and Cyber Essentials+.
Desirable
- Knowledge and experience of implementing proactive threat management solutions across organisation
- Proficient in the use tools to manipulate and transform large and complex data at speed in the event of a cyber attack
- Aptitude to design technical solutions that will fit into long-term business objectives and strategy Ability to lead and take command of meetings
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
