NHS Business Services Authority

Cyber Security Specialist

Information:

This job is now closed

Job summary

Are you passionate about cyber security and an experienced people manager looking to make a difference with your skills and influence?

We are looking for a Cyber Security Team Leader to join our DDAT team. This is a unique opportunity to support our people to ensure the security of our network infrastructure and information systems, while enabling open and modern secure digital services.

As Team Leader, you will lead a team to support the NHSBSA business areas to understand and shape security requirements whilst driving staff development, and career progression. Leading on key people processes such as one-to-ones, and performance reviews, while maintaining a strong focus on colleague wellbeing.

You will be an active member of the DDAT department based in Newcastle, on a hybrid working model where we all come together for 1 or 2 days per week. This is an exciting opportunity for someone who can enthuse a team and support them to rationalise highly complex technical information transforming it into understandable content for others to work with

What do we offer?

  • 27 days leave (increasing with length of service) plus 8 bank holidays
  • Flexible working (we are happy to discuss options such as compressed hours)
  • Flexi time
  • Hybrid working model (we are currently working largely remotely)
  • Career development
  • Active wellbeing and inclusion networks
  • Excellent pension (23.7% employer contribution)
  • NHS Car lease scheme
  • Access to a wide range of benefits and high street discounts!

Main duties of the job

As a Cyber Security Team Leader, your main responsibilities will include (but not limited to):

  • The management of day-to-day activities and general management of the security operations team including development, recruitment, performance management and pastoral care.
  • Supporting the outputs of the Cyber Security Improvement Programme.
  • Ensuring appropriate access control and monitoring on NHS BSA IT systems.
  • Actively monitoring and undertaking activities that mitigate threats to the integrity of the NHS BSA's Information Assets.
  • Supporting the team to perform forensically sound acquisitions of computer systems and associated media.
  • Supporting the management of the ICT security incident process.
  • Carrying out reviews, internal audits and spot-checks to ensure the effective operation of security monitoring and alerting.
  • Providing expert help and guidance across the lifecycle of a security solution implementation.

Please review the attached job description and person specification for a full list of responsibilities for the role.

About us

Here at the NHS Business Services Authority (NHSBSA), what we do matters.

We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we take pride in being part of something so meaningful, that touches millions of lives.

Just as we design our services around the needs of our customers, we place our people at the heart of our organisation. That's why when you join us, you'll be empowered and given the right support to help your career grow.

As one of the UK's Best Big Companies to work for, we're all connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.

We strive to offer a fantastic colleague experience, where every voice is heard, and every colleague is supported and respected. Wellbeing, diversity and inclusion is at the centre of this, so when you join us, you can connect with our Lived Experience Networks who help us to bring our authentic selves to work.

We welcome applications from people of all backgrounds and circumstances. We are committed and proud to be a flexible employer and will endeavour to offer a working pattern that suits you wherever possible, whether that be hybrid working, flexible hours, job sharing and more.

Ready to join us on our journey to be a catalyst for better health? Apply today and see where the NHSBSA can take you.

We are people connected to care.

Details

Date posted

12 February 2025

Pay scheme

Agenda for change

Band

Band 7

Salary

£46,148 to £52,809 a year

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

914-BSA6983627

Job locations

Stella House

Goldcrest Way

Newcastle upon Tyne

NE15 8NY


Job description

Job responsibilities

In this role, you are accountable for

Security Operations

1. To ensure appropriate access control and monitoring on NHS BSA IT systems is maintained.

2. Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSAs Information Assets. Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience

3. Ensure that all controls are in place to ensure continued certification to the Information Security Management Standard ISO27001 and continued adherence to the National Cyber Security Centre cloud security principles.

4. When required conduct forensically sound acquisitions of computer systems and associated media to accumulate evidence in the area of forensic computer science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law.

5. Support the management of the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSAs systems, taking appropriate remedial action, including addressing any performance related targets not met by internal and external suppliers.

6. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS, vulnerability and patch management, Email and Web Filtering, anti-malware, and hardening of operating systems and applications

7. Recognises decisions that have implications beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly.

8. Fully engage and contribute to delivery of projects, change and continuous improvements by providing specialist information security advice.

9. Provides constructive and timely expert advice to system developers on whether proposed solutions are likely to gain assurance.

10. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and non-technical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and service design is successfully translated, built delivered and operated to meet security and business requirements

11. Supports the strategic direction of the Cyber security operation function by assisting with the development, maintenance, promotion and stewardship of Security Procedures and Standards, in accordance with the NHS BSAs requirements, IG policies and procedures, legislation and EU Directives.

Knowledge Management

12. Maintain detailed technical knowledge of IT Security products, systems, policies and procedures used within the NHS BSA

13. Keeping abreast of technological and maintain an excellent understanding of the use of technology in delivering business objectives.

14. Identify and support opportunities to further develop skills to meet the changing needs of the business Taking ownership for decision making within own area, seeking support and feedback to develop well thought out solutions, processes and work as required, and in conjunction with agreed procedures.

Relationship Management

15. Working across/within different programmes as needed and to translate business security requirements into IT services and solutions.

16. To work with NHSBSA staff and Third Parties to ensure that security standards, governance and processes are in place for producing and maintaining up to date, comprehensive, comprehensible documentation which will include IT service security blueprints for all systems and services.

17. Identify opportunities, engaging and fostering relationships and partnership working within the organisation, and with third parties, identify and deliver value to the organisation.

18. Working collaboratively with Professional Leads to identify, implement, and support team and individual development.

Information Management

19. Research of the marketplace and constant awareness of industry trends and innovation using information to inform the Cyber security strategy of the NHSBSA and as input to design activities.

20. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within security operations.

21. Monitor, report, present or escalate issues as appropriate to the Cyber Security Operations Team Lead

Delivery Management

22. Carry out Information Risk Assessments and produce comprehensive Risk Assessment Documentation in accordance with the National Cyber Security Centre best practice.

23. Acts as an SME and recognised point of contact for advising on queries covering their area of responsibility from internal and external sources. Establishing the Cyber Security operations team as the go to team for advice on such matters. Advises on standards and tools in their own specialism.

24. Managing staff workload and completing own assigned tasks, to a high quality and within agreed timelines. Delivering continuous improvements to enhance own and business areas; co-ordinating and delivery of work across multiple strands such as continuous improvement, project related work, and operational tasks, and escalating issues at appropriate times.

25. Providing feedback on functional and non-functional requirements to ensure the overall needs of the business are met from a Cyber Security perspective

26. Participating in procurement processes for hardware and software. Reviewing functional requirements and providing nonfunctional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.

People Management

27. The management of day-to-day activities and general management of colleagues.

28. Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.

29. Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating, and reporting on the impact and success of implemented training plans.

30. Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape

In addition to the above accountabilities, as post holder you are expected to

1. Undertake additional duties and responsibilities in line with the purpose of your role and as agreed by your line manager.

2. Demonstrate NHSBSA values and core capabilities in all aspects of your work.

3. Encourage an environment where your own and colleagues safety and well-being is promoted.

4. Contribute to a culture which values diversity and inclusion.

5. Follow NHSBSA policies, procedures, and protocols as they apply to your role.

Job description

Job responsibilities

In this role, you are accountable for

Security Operations

1. To ensure appropriate access control and monitoring on NHS BSA IT systems is maintained.

2. Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSAs Information Assets. Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience

3. Ensure that all controls are in place to ensure continued certification to the Information Security Management Standard ISO27001 and continued adherence to the National Cyber Security Centre cloud security principles.

4. When required conduct forensically sound acquisitions of computer systems and associated media to accumulate evidence in the area of forensic computer science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law.

5. Support the management of the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSAs systems, taking appropriate remedial action, including addressing any performance related targets not met by internal and external suppliers.

6. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS, vulnerability and patch management, Email and Web Filtering, anti-malware, and hardening of operating systems and applications

7. Recognises decisions that have implications beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly.

8. Fully engage and contribute to delivery of projects, change and continuous improvements by providing specialist information security advice.

9. Provides constructive and timely expert advice to system developers on whether proposed solutions are likely to gain assurance.

10. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and non-technical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and service design is successfully translated, built delivered and operated to meet security and business requirements

11. Supports the strategic direction of the Cyber security operation function by assisting with the development, maintenance, promotion and stewardship of Security Procedures and Standards, in accordance with the NHS BSAs requirements, IG policies and procedures, legislation and EU Directives.

Knowledge Management

12. Maintain detailed technical knowledge of IT Security products, systems, policies and procedures used within the NHS BSA

13. Keeping abreast of technological and maintain an excellent understanding of the use of technology in delivering business objectives.

14. Identify and support opportunities to further develop skills to meet the changing needs of the business Taking ownership for decision making within own area, seeking support and feedback to develop well thought out solutions, processes and work as required, and in conjunction with agreed procedures.

Relationship Management

15. Working across/within different programmes as needed and to translate business security requirements into IT services and solutions.

16. To work with NHSBSA staff and Third Parties to ensure that security standards, governance and processes are in place for producing and maintaining up to date, comprehensive, comprehensible documentation which will include IT service security blueprints for all systems and services.

17. Identify opportunities, engaging and fostering relationships and partnership working within the organisation, and with third parties, identify and deliver value to the organisation.

18. Working collaboratively with Professional Leads to identify, implement, and support team and individual development.

Information Management

19. Research of the marketplace and constant awareness of industry trends and innovation using information to inform the Cyber security strategy of the NHSBSA and as input to design activities.

20. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within security operations.

21. Monitor, report, present or escalate issues as appropriate to the Cyber Security Operations Team Lead

Delivery Management

22. Carry out Information Risk Assessments and produce comprehensive Risk Assessment Documentation in accordance with the National Cyber Security Centre best practice.

23. Acts as an SME and recognised point of contact for advising on queries covering their area of responsibility from internal and external sources. Establishing the Cyber Security operations team as the go to team for advice on such matters. Advises on standards and tools in their own specialism.

24. Managing staff workload and completing own assigned tasks, to a high quality and within agreed timelines. Delivering continuous improvements to enhance own and business areas; co-ordinating and delivery of work across multiple strands such as continuous improvement, project related work, and operational tasks, and escalating issues at appropriate times.

25. Providing feedback on functional and non-functional requirements to ensure the overall needs of the business are met from a Cyber Security perspective

26. Participating in procurement processes for hardware and software. Reviewing functional requirements and providing nonfunctional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.

People Management

27. The management of day-to-day activities and general management of colleagues.

28. Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.

29. Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating, and reporting on the impact and success of implemented training plans.

30. Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape

In addition to the above accountabilities, as post holder you are expected to

1. Undertake additional duties and responsibilities in line with the purpose of your role and as agreed by your line manager.

2. Demonstrate NHSBSA values and core capabilities in all aspects of your work.

3. Encourage an environment where your own and colleagues safety and well-being is promoted.

4. Contribute to a culture which values diversity and inclusion.

5. Follow NHSBSA policies, procedures, and protocols as they apply to your role.

Person Specification

Personal Qualities, Knowledge and Skills

Essential

  • 1.Developing, implementing and maintaining effective control monitoring activities, ensuring compliance with Information Security Standards ISO27001
  • 2.Extensive experience of managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
  • 3.Designing and recommending appropriate controls to enable the achievement of Cyber security and wider business goals.
  • 4.Evaluation of threat intelligence data from multiple sources to inform decision making
  • 5.A range of skills and specialism across a diverse and detailed technical knowledge, covering web technology applications and services, information, infrastructure, cloud and managed service architectures
  • 6.Has a real interest in information security and ensures they keep up-to-date with the latest Security news
  • 7.Knowledge of risk management techniques and the application of a risk based approach to managing security
  • 8.Has a sufficiently broad understanding of risk management to be able to effectively set and undertake Accreditation work

Qualifications

Essential

  • Degree calibre or demonstrable experience in an Information Technology related field.
  • 1.ICT qualification OR recent ICT experience
  • 2.Other professionally recognised ICT/ Security certification such as: oCompTIA: A+, Network+, Security+ oCCNA oITIL v3 or v4 foundation. oBTEC HNC Computing or Security

Desirable

  • 1.IT Security Officer / IA Technical Architect at CCP associate or practitioner level. With the capability to enable effective IT security across a wide portfolio of ICT
  • 2.ITIL foundation
  • 3.Project Management Foundation (Prince 2)
  • 4.A Professional Certification or qualification in Information Security (CISA, CISMP, CISM, CISSP, CRISC) or other relevant professional IT security qualification.

Experience

Essential

  • 1.Recent security or support experience
  • 2.Experience of working as part of a team to provide a service to customers
  • 3.Experience of effectively learning new skills and developing oneself
  • 4.Information Security Management Systems ISO27001
  • 5.Experience with software and security architectures.
  • 6.The production of ICT security reports/MI for relevant parties
  • 7.Experience in security due diligence and security assurance reviews of 3rd party suppliers.
  • 8.Working within a combination of outsourced and in house ICT provision
  • 9.Hands on experience with the design of ICT security mitigation measures to meet Information Security work based assessments

Desirable

  • 1.Cloud Security & monitoring
  • 2.Development of a security architecture design
  • 3.Risk assessment and balancing security risks with business requirements.

Extensive Knowledge of Inforamtation Security in the following areas

Essential

  • 1.Windows and Linux operating Systems
  • 2.Virtualisation
  • 3.Penetration Testing
  • 4.Risk Management Process
  • 5.Public Services Network (PSN) and NHS N3
  • 6.Security monitoring and auditing
  • 7.Computer Forensics
  • 8.Database Security
Person Specification

Personal Qualities, Knowledge and Skills

Essential

  • 1.Developing, implementing and maintaining effective control monitoring activities, ensuring compliance with Information Security Standards ISO27001
  • 2.Extensive experience of managing security technologies including; firewalls, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
  • 3.Designing and recommending appropriate controls to enable the achievement of Cyber security and wider business goals.
  • 4.Evaluation of threat intelligence data from multiple sources to inform decision making
  • 5.A range of skills and specialism across a diverse and detailed technical knowledge, covering web technology applications and services, information, infrastructure, cloud and managed service architectures
  • 6.Has a real interest in information security and ensures they keep up-to-date with the latest Security news
  • 7.Knowledge of risk management techniques and the application of a risk based approach to managing security
  • 8.Has a sufficiently broad understanding of risk management to be able to effectively set and undertake Accreditation work

Qualifications

Essential

  • Degree calibre or demonstrable experience in an Information Technology related field.
  • 1.ICT qualification OR recent ICT experience
  • 2.Other professionally recognised ICT/ Security certification such as: oCompTIA: A+, Network+, Security+ oCCNA oITIL v3 or v4 foundation. oBTEC HNC Computing or Security

Desirable

  • 1.IT Security Officer / IA Technical Architect at CCP associate or practitioner level. With the capability to enable effective IT security across a wide portfolio of ICT
  • 2.ITIL foundation
  • 3.Project Management Foundation (Prince 2)
  • 4.A Professional Certification or qualification in Information Security (CISA, CISMP, CISM, CISSP, CRISC) or other relevant professional IT security qualification.

Experience

Essential

  • 1.Recent security or support experience
  • 2.Experience of working as part of a team to provide a service to customers
  • 3.Experience of effectively learning new skills and developing oneself
  • 4.Information Security Management Systems ISO27001
  • 5.Experience with software and security architectures.
  • 6.The production of ICT security reports/MI for relevant parties
  • 7.Experience in security due diligence and security assurance reviews of 3rd party suppliers.
  • 8.Working within a combination of outsourced and in house ICT provision
  • 9.Hands on experience with the design of ICT security mitigation measures to meet Information Security work based assessments

Desirable

  • 1.Cloud Security & monitoring
  • 2.Development of a security architecture design
  • 3.Risk assessment and balancing security risks with business requirements.

Extensive Knowledge of Inforamtation Security in the following areas

Essential

  • 1.Windows and Linux operating Systems
  • 2.Virtualisation
  • 3.Penetration Testing
  • 4.Risk Management Process
  • 5.Public Services Network (PSN) and NHS N3
  • 6.Security monitoring and auditing
  • 7.Computer Forensics
  • 8.Database Security

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

NHS Business Services Authority

Address

Stella House

Goldcrest Way

Newcastle upon Tyne

NE15 8NY


Employer's website

https://careers.nhsbsa.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

NHS Business Services Authority

Address

Stella House

Goldcrest Way

Newcastle upon Tyne

NE15 8NY


Employer's website

https://careers.nhsbsa.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Infrastructure Services Team Manager

Carl Wood

carl.wood@nhsbsa.nhs.uk

0000000000

Details

Date posted

12 February 2025

Pay scheme

Agenda for change

Band

Band 7

Salary

£46,148 to £52,809 a year

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

914-BSA6983627

Job locations

Stella House

Goldcrest Way

Newcastle upon Tyne

NE15 8NY


Supporting documents

Privacy notice

NHS Business Services Authority's privacy notice (opens in a new tab)