Job summary
The Infrastructure & Cyber Security Department would like to recruit a Cyber Security Analyst to join the team that supports the digital infrastructure at Powys Teaching Health Board.
We're keen to recruit a dedicated and motivated individual to help improve and maintain the health board's cyber security posture.
This position will be part of a growing team of specialists to provide technical expertise, advice across the health board.
Main duties of the job
The primary function of this role is to pro-actively identify cyber security risks and take appropriate actions to mitigate and protect the health boards digital services. Ensuring that new and existing services adhere health board requirements, industry best practice and legislative mandates.
The successful candidate will ensure that no additional risk is introduced as a result of the adoption of new software and services.
We are looking for candidates who can demonstrate experience and skills in the following areas:
- A strong technical background - including networking, computing, software development, systems integration and compliance frameworks.
- an understanding of defence in depth cyber security controls.
- operational experience of Authentication, Authorisation and Access Controls in both on-premises and cloud service deployments.
- an ability to assess and document cyber risks along with possible mitigations for new and existing services.
- Experience using Endpoint Detection & Response platforms.
- Experience implementing and managing Firewall Security Access Control Lists
- Experience using SIEM Platform, and detailed log analysis.
- Experience using vulnerability scanning solutions and developing remediation plans.
- Experience communicating cyber security best practices to end users.
About us
Being the smallest Heath Board in Wales means that you won't get lost in the crowd. Everybody at Powys Teaching Health Board is valued for the contribution they make to our varied and diverse portfolio of community-based services. Together, we can continue to make a real difference to our patients and build on our unrivalled reputation.
As a supportive and progressive employer, we actively encourage you to carve out a career with us, through a range of development pathways. We're also lucky enough to be situated in one of the most beautiful rural counties in Britain, let alone Wales! Achieving a healthy 'life work' balance is essential, and something we recognise by prioritising your well-being.
To start your journey with us, and to learn more about what we can offer you please visit: https://pthb.nhs.wales/working-for-us/. There you will find information about our benefits and values, read staff experiences and more about what our beautiful county has to offer.
Job description
Job responsibilities
The post holder will be responsible for:
- Contributing to the Cyber Security and Compliance Strategy
- Operational delivery of the day-to-day Cyber Security Monitoring and Management
- Deputising for the Head of Infrastructure & Cyber Security when required
- Present and make the case for controls and measures to deliver effective ICT security/cyber security
- Manage and maintain the Cyber Security & Compliance Service Improvement Plan
- Be a key figure for ICT Security/Cyber Security System development and adoption
Applicants should also read the attached job description prior to application.
Job description
Job responsibilities
The post holder will be responsible for:
- Contributing to the Cyber Security and Compliance Strategy
- Operational delivery of the day-to-day Cyber Security Monitoring and Management
- Deputising for the Head of Infrastructure & Cyber Security when required
- Present and make the case for controls and measures to deliver effective ICT security/cyber security
- Manage and maintain the Cyber Security & Compliance Service Improvement Plan
- Be a key figure for ICT Security/Cyber Security System development and adoption
Applicants should also read the attached job description prior to application.
Person Specification
Experience
Essential
- Experienced with Network segmentation and Network Access Controls (802.1x, MAB)
- Azure Cloud Solutions and Azure AD
- Intermediate to high level of experience with SIEM solutions
- Experience of Cyber Risk Management
- Knowledge and experience of industry standard technology such as: Microsoft Windows Client and Server operating systems Microsoft MDE (ATP /Defender)
- Relevant experience in health service or other major large-scale customer service-oriented organisation
- Expert and detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents
- Understanding of GDPR / NIS Regulations
- Expert and detailed knowledge and experience in the investigation and remediation malware infections and outbreaks
- Detailed knowledge and experience in cyber security threat analysis and the use of software utilities to identify potential threats and eliminate false positives
- Skilled in the installation and configuration of endpoint and perimeter cyber-security solutions and software agents
- Knowledge of Cyber security best practices
- Experience of working with service requests
- Maintaining accurate records for customers and colleagues
- Knowledge of IT infrastructure including Networking, Firewalls, TCP/IP, Active Directory, DNS and DHCP
Desirable
- Experience with PAM solutions
- Experience with SIEM Platforms
Qualifications & Knowledge
Essential
- Educated to Masters level or similar discipline relevant to an IT Security equivalent such as CISM, CISSP, CISMP
- Specialist knowledge of Cisco/Microsoft/CompTIA/CompTIA+
- Certified Ethical Hacker, Security+ Security compliance testing Security architecture
- Evidence of continuous professional development
- Good working knowledge of NHS terms and conditions
- Up to date knowledge of Release and Change Management IT Service Management ITIL V3 or V4
Desirable
- Analysis of network penetration testing
- Application vulnerability assessments
Values
Essential
Other
Essential
- Ability to travel within geographical area Flexible approach to work
Aptitude & Abilities
Essential
- Highly developed problem solving and analysis skills in areas which may be complex
- Enthusiastic and innovative
- Excellent communication skills both written and verbal, demonstrate tact and diplomacy when working with others
- Work within ICT Security/Cyber Security Frameworks and policies
- Pragmatic and strategic thinker, developer of practical and effective solutions with an aptitude for developing new skills
- Self-motivated and project focussed
- Output qualitative and quantitative risk assessments/analysis
- Attention to detail, accurate and a strong quality first approach
- Team player, self-starter, pro-active and resourceful
- Ability to work under pressure
- Willing to work as part of a team and pick up ad-hoc work as requested
- Excellent computer skills and experience of Microsoft Office Suite with the ability to master new applications
Desirable
Person Specification
Experience
Essential
- Experienced with Network segmentation and Network Access Controls (802.1x, MAB)
- Azure Cloud Solutions and Azure AD
- Intermediate to high level of experience with SIEM solutions
- Experience of Cyber Risk Management
- Knowledge and experience of industry standard technology such as: Microsoft Windows Client and Server operating systems Microsoft MDE (ATP /Defender)
- Relevant experience in health service or other major large-scale customer service-oriented organisation
- Expert and detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents
- Understanding of GDPR / NIS Regulations
- Expert and detailed knowledge and experience in the investigation and remediation malware infections and outbreaks
- Detailed knowledge and experience in cyber security threat analysis and the use of software utilities to identify potential threats and eliminate false positives
- Skilled in the installation and configuration of endpoint and perimeter cyber-security solutions and software agents
- Knowledge of Cyber security best practices
- Experience of working with service requests
- Maintaining accurate records for customers and colleagues
- Knowledge of IT infrastructure including Networking, Firewalls, TCP/IP, Active Directory, DNS and DHCP
Desirable
- Experience with PAM solutions
- Experience with SIEM Platforms
Qualifications & Knowledge
Essential
- Educated to Masters level or similar discipline relevant to an IT Security equivalent such as CISM, CISSP, CISMP
- Specialist knowledge of Cisco/Microsoft/CompTIA/CompTIA+
- Certified Ethical Hacker, Security+ Security compliance testing Security architecture
- Evidence of continuous professional development
- Good working knowledge of NHS terms and conditions
- Up to date knowledge of Release and Change Management IT Service Management ITIL V3 or V4
Desirable
- Analysis of network penetration testing
- Application vulnerability assessments
Values
Essential
Other
Essential
- Ability to travel within geographical area Flexible approach to work
Aptitude & Abilities
Essential
- Highly developed problem solving and analysis skills in areas which may be complex
- Enthusiastic and innovative
- Excellent communication skills both written and verbal, demonstrate tact and diplomacy when working with others
- Work within ICT Security/Cyber Security Frameworks and policies
- Pragmatic and strategic thinker, developer of practical and effective solutions with an aptitude for developing new skills
- Self-motivated and project focussed
- Output qualitative and quantitative risk assessments/analysis
- Attention to detail, accurate and a strong quality first approach
- Team player, self-starter, pro-active and resourceful
- Ability to work under pressure
- Willing to work as part of a team and pick up ad-hoc work as requested
- Excellent computer skills and experience of Microsoft Office Suite with the ability to master new applications
Desirable
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
