Job summary
Assist the Cybersecurity Manager with technical matters in relation to the Trusts IT Security work programme, with specific focus on supporting the Electronic Patient Record (EPR) implementation.
Act as technical reference point for all matters related to cybersecurity and take responsibility for implementation and administration of Trust IT security systems and services.
Contribute to the evaluation, development and implementation of Trust IT security maintaining compliance with the Data Security and Protection Toolkit (DSPT) to ultimately improve the cybersecurity posture of the systems, services and data security infrastructure supported by the South Devon Health Informatics Service.
Main duties of the job
o Perform ongoing IT Security risk assessments and audits to ensure that IT Systems are adequately protectedo Coordinate with other SDHIS Teams, stakeholders and suppliers to ensure all solutions use IT Security best practiceso Collaborate with vendors, outside consultants and other 3rd parties to improve IT security within the organisationo Provide advice and act, where necessary, in response to Audit findings and recommendations in respect of information securityo Review and advise on IT Security patches, software updates and vulnerabilities according to best practiceso Identify threats to the confidentiality, integrity, availability, accountability and relevant compliance for information systems and provide authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright lawo Maintain currency with security and security enhancing technologies and brief colleagues as needed to enable measures, to be implemented where and when necessary or desirableo Ensure that access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed
About us
Why Work With Us
You will be part of a technical team responsible for managing a full range of IT Security functions to enable the effective provision of a secure environment to support all the digital systems, services and clinical functions of the local health community and wider One Devon area. We are a small but very supportive team who are enthusiastic about delivering a quality service by constantly challenging the way we do things; striving for continuous improvement and finding ways to work smarter.We are an initiative-taking, caring team who are flexible and promote a healthy work/home life balance.
Job description
Job responsibilities
Work effectively with EPR programme stakeholders to ensure programme delivery and benefits realisation Build and develop productive working relationships with stakeholders such as clinicians, technical & non-technical teams, other NHS organisations and suppliers Treat all co-workers with respect and value differences and diversity Establish effective communication within and between teams, reinforced by timely and professional documentation Uses influence & persuasion skills to secure agreement/co-operation Communicate highly complex technical information, tailoring approach to suit audience
Identify priorities for system design, development and operation Able to analyse complex scenarios such as system failures, fault-finding, or non-optimal performance where solutions require detailed analysis and evaluation of multiple options/solutions. Use judgement to identify and recommend preferred options/solutions considering clinical and operational impact
Plan, oversee and manage complex technical implementations having significant impacts on clinical and operational areas Manage complex workstreams involving multiple parties and/or technical disciplines Maintain agility of approach in response to changing priorities and developing situations Ensure effective scheduling and deployment of resources Plan non-business as usual activities such as project work effectively drawing upon established principles such as PRINCE
Job description
Job responsibilities
Work effectively with EPR programme stakeholders to ensure programme delivery and benefits realisation Build and develop productive working relationships with stakeholders such as clinicians, technical & non-technical teams, other NHS organisations and suppliers Treat all co-workers with respect and value differences and diversity Establish effective communication within and between teams, reinforced by timely and professional documentation Uses influence & persuasion skills to secure agreement/co-operation Communicate highly complex technical information, tailoring approach to suit audience
Identify priorities for system design, development and operation Able to analyse complex scenarios such as system failures, fault-finding, or non-optimal performance where solutions require detailed analysis and evaluation of multiple options/solutions. Use judgement to identify and recommend preferred options/solutions considering clinical and operational impact
Plan, oversee and manage complex technical implementations having significant impacts on clinical and operational areas Manage complex workstreams involving multiple parties and/or technical disciplines Maintain agility of approach in response to changing priorities and developing situations Ensure effective scheduling and deployment of resources Plan non-business as usual activities such as project work effectively drawing upon established principles such as PRINCE
Person Specification
Qualifications and Training
Essential
- Degree Level IT qualification or relevant equivalent experience
- ITIL4 Foundation Certification
Desirable
- ISC2 CISSP/SSCP or other security related certification e.g. CompTIA Security+/MS SC-900
- ISC2 CCSP or other cloud-based security certification e.g. AZ-500/ CompTIA Cloud+
- ISACA CISM/CISA Certification
Knowledge and Experience
Essential
- Relevant experience in health service or other major large-scale customer service-oriented organisation
- Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents
- Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks
- Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security.
- Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives
Desirable
- Experience of working in the NHS
- Knowledge of Data Security and Protection Toolkit requirements
- Understanding of IT Legislation, specifically GDPR, FOI and DPA
Specific Skills
Essential
- Good communication skills, personable and friendly, able to work productively and unsupervised using own initiative
- Must be a good team worker
Person Specification
Qualifications and Training
Essential
- Degree Level IT qualification or relevant equivalent experience
- ITIL4 Foundation Certification
Desirable
- ISC2 CISSP/SSCP or other security related certification e.g. CompTIA Security+/MS SC-900
- ISC2 CCSP or other cloud-based security certification e.g. AZ-500/ CompTIA Cloud+
- ISACA CISM/CISA Certification
Knowledge and Experience
Essential
- Relevant experience in health service or other major large-scale customer service-oriented organisation
- Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents
- Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks
- Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security.
- Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives
Desirable
- Experience of working in the NHS
- Knowledge of Data Security and Protection Toolkit requirements
- Understanding of IT Legislation, specifically GDPR, FOI and DPA
Specific Skills
Essential
- Good communication skills, personable and friendly, able to work productively and unsupervised using own initiative
- Must be a good team worker
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
