Security Operations Manager

Job description

Job responsibilities

In this role, you are accountable for:

Specialist Skills

1. Lead and Manage a Security operations function including the selection, design, justification, implementation and operation of information security controls, management strategies and standards.
2. Functional management of the Organisations Security operations centre activities including vulnerability management, security incident and event management. Maintenance of threat monitoring alarms/indicators to mitigate threats.
3. Monitor the development of new and emerging tools, technologies and products to assess potential value and identifying opportunities to enhance capabilities, products and services within the organisation.
4. Drive new ideas to improve on all services within the team by way of technology or procedural improvements, which has an impact on other teams/directorates across the organisation
5. Responsible for the research and development of technical products and services with potential for offering service improvement and, where appropriate, the evaluation and justification of costs and benefits to customers
6. Promotes and assists Information Governance in the establishment and implementation of procedures to enhance and maintain the NHS BSAs Information Security Management System and attain compliance with ISO27001, ISO20000 and other relevant ICT standards.
7. Manage the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSAs systems, taking appropriate remedial action
8. Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSAs Information Assets. Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience

Staff Management

1. Line management of staff within multi-disciplinary teams operating within the NHS BSA discipline, absence and work performance policies, management information and resource requests to inform forward planning and resource management, whilst completing own assigned tasks to a high quality and within agreed timelines.
2. Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.
3. Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating and reporting on the impact and success of implemented training plans
4. Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape.

Financial Management

1. Responsibility for budget management processes in accordance with NHS BSAs policies, standing orders, financial regulations, and legislative requirements.
2. Managing and monitoring budget spend, including resource estimates against projects and change initiatives, ongoing management of product licenses, ensuring sufficient coverage whilst controlling costs
3. Contribute to and prepare proposals for change including producing necessary estimates, mandates, and business cases within the technology department.

Knowledge Management

1. Keeping abreast of technological and maintain an excellent understanding of the use of technology in delivering business objectives.
2. Identify and support opportunities for the team to further develop their skills to meet the changing needs of the business Taking ownership for decision making within own area, seeking support and feedback to develop well thought out solutions, processes and work as required, and in conjunction with agreed procedures.
3. Maintain own knowledge and expertise at the forefront of sector knowledge. Investigate research and development to support future business needs. Develop an understanding of emerging technologies and business opportunities

Relationship Management

1. Establishes and maintains communication with individuals and groups about difficult or highly complex matters overcoming any problems in communication. Communicates effectively at all levels to both technical and non-technical audiences, verbally and in writing taking account of confidentiality and sensitivity constraints where appropriate. Ensures good and effective communication channels are in place with all internal and external stakeholders.
2. Required to build working relationships, maintain communication and resolve complex issues with external suppliers and business leads relating to service delivery to ensure Incidents, Problems and Change Requests are resolved. Work is delivered against agreed quality criteria and monitor to ensure within agreed budget & timescales.
3. Brings together technical specialists from different teams across in-house delivery and 3rd party suppliers to ensure joined up approach to both operational service delivery and to roadmap and improvement planning with the technical knowledge to convene and lead both service improvement and innovation workshops and major problem management activities.

1. Work with organisations external to the NHSBSA (e.g. the DHSC and Track and Trace when necessary to assist in clarifying their needs and requirements and be capable of devising options for ICT security solutions, along with full assessment and cost estimation.

Information Management

1. Handles sensitive commercial & financial information, ensuring that the ICT solution architectural designs adhere to relevant legislation and standards including for example, Information Security, NHS Confidentiality and Data Protection legislation.

1. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within team, reviewing individual and team performances including outputs from appraisals, development needs, and trends are identified, and anomalies understood and reports generated and delivered to agreed frequency, methods and processes.
2. Monitoring, reviewing accuracy and authorising a number of activities including financial claims leave requests and timesheet submissions at both team and individual level to both assure accuracy and to inform forward planning and resource management.

Delivery Management

1. Drives the strategic direction of the ICT security operation function by the development, maintenance, promotion and stewardship of ICT Security Procedures and Standards, in accordance with the NHS BSAs requirements, IG policies and procedures, legislation and EU Directives.
2. Managing staff workload and completing own assigned tasks, to a high quality and within agreed timelines. Delivering continuous improvements to enhance own and business areas; co-ordinating and delivery of work across multiple strands such as continuous improvement, project related work, and operational tasks, and escalating issues at appropriate times.
3. Preparing plans to enable the delivery and management of projects and programmes undertaken by the team. Providing operational direction in the preparation of plans to deliver systems and service across the organisation.
4. Manage and implement approaches strategies, standards, practices and policies across the team, ensuring and monitoring the timely delivery of business objectives within budget through the management of projects and programmes.
5. Providing feedback on functional and non-functional requirements to ensure the overall needs of the business are met from an ICT perspective
6. Participating in procurement processes for hardware and software. Reviewing functional requirements and providing non-functional requirements to ensure the overall needs of the business are met from an ICT perspective.

Person Specification

Qualifications

Essential

• Degree caliber with relevant in-depth knowledge of the subject matter and
• A Professional Certification or qualification in Information Security (CISA, CISMP, CISM, CISSP, CRISC) or other relevant professional IT security qualification.

Desirable

• Master's Degree or equivalent Post Graduate qualification
• IT Security Officer at CCP practitioner or Senior Practitioner Level: With the capability to enable effective IT security across a wide portfolio of ICT
• ITIL foundation
• Project Management Foundation (Prince 2)

Personal Qualities, Knowledge and Skills

Essential

• Developing, implementing and maintaining effective control monitoring activities, ensuring compliance with Information Security Standards ISO27001
• Extensive experience of managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
• Designing and recommending appropriate controls to enable the achievement of ICT security and wider business goals. oBusiness change, rationalisation and transformation
• Evaluation of threat intelligence data from multiple sources to inform decision making
• A range of skills and specialism across a diverse and detailed technical knowledge, covering web technology applications and services, information, infrastructure, cloud and managed service architectures.
• Planning and organisational skills across a broad range of activities to support the delivery of project planning and resource management.
• Communicating and negotiating with internal and external bodies, suppliers and organisations to reach satisfactory outcomes for the organisation.

Desirable

• Has a real interest in information security and ensures they keep up-to-date with the latest Security news - such as monitoring GovCertUK, CiSP, CareCERT and vendors as appropriate.

Experience

Essential

• Proven team leader and motivator with a demonstrable track record of the Management and development of security operation teams
• Leading and managing staff to deliver organisational goals and objectives
• Engaging and building relationships with a range of stakeholders to support delivery of business outcomes
• Experience of working within a variety of IT support environments.
• Leading businesses ICT security activities
• The production of ICT security reports/MI for relevant parties
• Experience in security due diligence and security assurance reviews of 3rd party suppliers.
• Working within a combination of outsourced and in house ICT provision.
• Hands on experience with the design of ICT security mitigation measures to meet Information Security work-based assessments

Desirable

• Cloud Security & monitoring
• Development of a security architecture design

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

NHS Business Services Authority

Address

Stella House

Goldcrest Way

Newcastle upon Tyne

NE15 8NY

Employer's website

https://www.nhsbsa.nhs.uk/what-we-do/work-us (Opens in a new tab)