Job summary
This is an exciting time for us: our Cyber Security and Compliance team is growing and you could be part if it! We have an opportunity for a Senior Cyber Security Engineer with a solid background in ICT Infrastructure and/ or Cyber Security to help us develop the in-house knowledge, skills and resilience we need.
This role is based at either of our Ipswich Hospital or Colchester Hospital sites, but we have a flexible approach to home working.
We are an ambitious trust with a simple vision, to provide the communities we serve with excellent healthcare and build a better future for the people of east Suffolk and North Essex. To help us do this, we will work closely with our local partners to deliver more of the joined-up services and care our residents need.
So if your ambition matches ours, it's time to work together.
If we receive sufficient applications, this post may close before the stated closing date.
Main duties of the job
- Develop procedures for technical security in support of mandated policies.
- Review and carry out plans for incident handling and response.
- Carry out risk assessments and recommend actions to address risks.
- Perform internal audits and vulnerability assessments to identify areas of risk and propose ways to strengthen cyber security.
- Support the delivery of planned compliance reviews and assisting the Operational ICT management to ensure any gaps are addressed.
- Support the work with external stakeholders for example CareCERT, CESG, and auditing organisations.
- Investigate and report on data breaches in accordance with instructions/ oversight from Head of IT Security and Compliance, Associate Director of ICT Operations, or Director of Digital and Logistics.
- Develop an understanding of the Trust's and NHS Network, Telecoms & IT systems sufficiently well to be able to support and advise on cybersecurity matters.
- Implement, maintain, and support security infrastructure, solutions, and controls in accordance with Trust and NHS policy and industry best practice.
- Provide specialist advice on ICT security and assist with resolving complex security challenges both within the cybersecurity team as well as the broader ICT team.
- Provide advice on innovation of policies, procedures, guidelines for maintenance of ICT Security.
- Support contact for liaison with NHS England CareCERT, Cyber Associates Network, and NCSC services.
About us
One of the largest Trust's in East Anglia, East Suffolk and North Essex NHS Foundation Trust (ESNEFT) provide hospital and community health services to people living across a wide geographical area. We deliver care from two main hospitals in Colchester and Ipswich, six community hospitals and in patients' own homes. You will be joining a team of almost 12,000 amazing colleagues providing care to approximately a million people.
Along with supporting you to achieve your career goals we offer a generous pension scheme, unsocial hours payments (if applicable), 27 days annual leave on commencement (pro rata) and access to a range of NHS discounts. Our Staff Health and Wellbeing programme offer a range of services including mental health support. We offer a range of flexible working opportunities.
Our philosophy is that Time Matters to everyone. Across the Trust, we concentrate on improving the things we do and removing those which do not work or cause time delays for our staff and patients.
If you are passionate about patient care and want to develop your skills and knowledge then we are keen to hear from you.
Find out about living and working with us - https://www.youtube.com/watch?v=GkPu7HphU8A
Job description
Job responsibilities
For full details of the responsibilities and duties of this role please see the attached job description.
Job description
Job responsibilities
For full details of the responsibilities and duties of this role please see the attached job description.
Person Specification
Experience
Essential
- Proven experience in a Support/Infrastructure management Capacity with experience of supporting a complex multi-vendor environment.
- Ability to work proactively under own initiative, take responsibility and demonstrate leadership.
- Handling complex organisational issues and constraints.
- Proven experience of workload planning and delivery of key targets within a service environment.
- Development and documentation of standard build documents and operating procedures
- Infrastructure design, concepts and fault finding
- Experience of managing /leading a team
- Experience of facilitating change in practice to improve services.
- Project management/co-ordination
Desirable
- NHS IT experience
- Technical cybersecurity experience including network firewalls, anti-malware, and SIEM.
- Experience in risk management, asset management, vulnerability management, or incident response.
- Cyber assessment frameworks (e.g. NCSC CAF)
- Understanding and experience in ITIL3/4 and ISO27001
Qualifications
Essential
- Relevant degree or equivalent qualification or significant experience of working at degree level
- Management /leadership qualification or equivalent knowledge at post graduate level
- Evidence of continued professional development
Desirable
- Cyber Security Qualification
- Project Management Qualification
- Application Vendor Qualification
- ITIL Qualification
Knowledge and Skills
Essential
- LAN/WAN & Wireless Networking design and concepts as well as good understanding of TCP/IP concepts and theory
- Information Security concepts (Asset Management, Risk Management, Threat and Vulnerability Management, Identity and Access Management, Logging and Monitoring, Security Configuration and Architecture, and Cyber Response and Recovery).
- Microsoft Active Directory and Windows server and client operating systems
- Extensive knowledge of IT architecture and standards
- Systems and networking security (e.g. enterprise firewalls, antimalware solutions, intrusion detection and prevention)
- Financial procedures including budgetary management, contract management
- Enterprise network technology experience (e.g. Extreme, Cisco etc)
Desirable
- HSCN network and NHS Cybersecurity
- Office365/ Azure/ Cloud
- Sophos XDR, Microsoft 365 Defender/ Defender for Endpoint
- Business Resilience concepts (Business Continuity and Disaster Recovery)
- Scripting (e.g. Powershell) and database administration (MSSQL)
- Vulnerability Assessment and Risk Management
- Preparing user guidance on cybersecurity topics
Person Specification
Experience
Essential
- Proven experience in a Support/Infrastructure management Capacity with experience of supporting a complex multi-vendor environment.
- Ability to work proactively under own initiative, take responsibility and demonstrate leadership.
- Handling complex organisational issues and constraints.
- Proven experience of workload planning and delivery of key targets within a service environment.
- Development and documentation of standard build documents and operating procedures
- Infrastructure design, concepts and fault finding
- Experience of managing /leading a team
- Experience of facilitating change in practice to improve services.
- Project management/co-ordination
Desirable
- NHS IT experience
- Technical cybersecurity experience including network firewalls, anti-malware, and SIEM.
- Experience in risk management, asset management, vulnerability management, or incident response.
- Cyber assessment frameworks (e.g. NCSC CAF)
- Understanding and experience in ITIL3/4 and ISO27001
Qualifications
Essential
- Relevant degree or equivalent qualification or significant experience of working at degree level
- Management /leadership qualification or equivalent knowledge at post graduate level
- Evidence of continued professional development
Desirable
- Cyber Security Qualification
- Project Management Qualification
- Application Vendor Qualification
- ITIL Qualification
Knowledge and Skills
Essential
- LAN/WAN & Wireless Networking design and concepts as well as good understanding of TCP/IP concepts and theory
- Information Security concepts (Asset Management, Risk Management, Threat and Vulnerability Management, Identity and Access Management, Logging and Monitoring, Security Configuration and Architecture, and Cyber Response and Recovery).
- Microsoft Active Directory and Windows server and client operating systems
- Extensive knowledge of IT architecture and standards
- Systems and networking security (e.g. enterprise firewalls, antimalware solutions, intrusion detection and prevention)
- Financial procedures including budgetary management, contract management
- Enterprise network technology experience (e.g. Extreme, Cisco etc)
Desirable
- HSCN network and NHS Cybersecurity
- Office365/ Azure/ Cloud
- Sophos XDR, Microsoft 365 Defender/ Defender for Endpoint
- Business Resilience concepts (Business Continuity and Disaster Recovery)
- Scripting (e.g. Powershell) and database administration (MSSQL)
- Vulnerability Assessment and Risk Management
- Preparing user guidance on cybersecurity topics
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
