Job summary
From providing 24/7
support desks, to cyber security specialists, to logistics and distribution our
technical services cater for the full spectrum of an organisations typical IT
needs. We deliver technology services to hundreds of individual GP practices, large
hospitals and various national bodies
We are excited to be
growing our team and we are looking for like-minded individuals to be a part of
that. If you are looking for a challenging and rewarding career with
opportunities to make a real difference in a supportive and inclusive
environment then we want to hear from you
We are looking for an
experienced cyber security professional to join our IT service and ensure our platforms
and services remain secure as well as being compliant with the many governance
regimes that apply to our organisation such as ISO27001. The role requires an
individual who can work in a collaborative multidisciplinary culture who
thrives within a fast-paced environment. To achieve our vision requires an
individual who is committed, passionate and who can lead and motivate resources
bridging the gap between technical experts and management colleagues
This is an exciting opportunity at NECS and will include deploying new
technologies alongside strengthening technical capability to plan for and
respond to cyber related incidents. As a key part of the IT management
structure and leading a small team of experts, the role will oversee and assure
the security considerations of all NECS products and services
Main duties of the job
Lead the provision of cyber security services
supporting internal teams and customers
Define the organisations cyber security
posture and associated delivery roadmap
Work with numerous stakeholders to ensure
cyber security is considered across all service operations including at TDA,
CAB and associated ITIL processes
Ensure all NECS digital products and
platforms comply with requisite security standards
Develop and implement cyber incident response
and audit plans
Support and mentor a small team of cyber
security professionals
Ideal Candidate:
Experience and understanding across a broad
spectrum of IT services including network, cloud, EUC and the associated cyber
safeguards
A creative thinker able to find solutions to
technically and politically sensitive problems
CISSP and/or CISM certified
Proven track record of delivery cyber
security support across a complex multi-dimensional organisation
A methodical approach to delivery ensuring
all activities and fully documented and maintained
Knowledge of logging, audit and threat
assessment tools and techniques
Able, and willing, to take a collaborative
approach to work - placing the organisations goals and needs at the forefront
of decision-making
Comfortable leading complex discussions
interpreting technical considerations to a diverse audience
Evidence of continual professional
development
About us
A career with NECS is an opportunity to develop in
whatever path you choose. Join NECS and you will experience a purpose and view
the impact you can make.
At NECS we are proud to be part of the NHS family. We are one of the few truly customer-owned entities
within the NHS. We have a national footprint, with customers across the UK and
abroad. Our customer base has diversified significantly, and we are now very
pleased to be serving NHS providers as well as commissioners, NHS England,
Local Authorities, General Practices.
NECS combines specialist skills and
expertise with scale and resilience to achieve results. We combine core NHS
values with a sharp focus on customer care and a relentless pursuit of
continuous improvement. We see ourselves as a key partner in the development,
delivery and future success of the healthcare system.
Our people are the heart of our
organisation. We strive to ensure they feel trusted, valued and empowered.
Were passionate about nurturing and developing people. When you join us, we
want you to grow, and we offer many opportunities for you to do that as well as
an excellent benefits package including:
Commitment to your development and allocated
time for training opportunities
Starting at 27 days holiday (with the
opportunity to extend this if you choose to)
Volunteering opportunities
Hybrid Working
Lease Car scheme
Cycle to Work scheme
Employee Assistance Programme
Childcare Vouchers
Job description
Job responsibilities
Lead the provision of a robust IT
security service to support numerous data rich applications for use within NECS
and by its customers both on-premise and cloud hosted.
Oversee the configuration and maintenance
of security and threat detection systems.
Identify and proactively manage the cyber
risks, threats and vulnerabilities associated with the delivery of strategic plans
and operational service ensuring appropriate actions are taken to mitigate or
respond.
Provide automated threat detection
systems ensuring all activity systems are proactively monitored.
Oversee the development and delivery IT
security framework built upon complex technical standards and evolving best
practice.
Risk assesses all new and potential IT
systems, applications, packages and services, including SaaS platforms.
Lead the analysis of security incidents
and near miss events. Ensure they are
investigated and reported on with the emphasis on preventing reoccurrence.
Organise and lead a team of staff to
undertake cyber security related actions and tasks as required to protect NECS
its customers, service users and the general public as far as possible from the
impact of cyber security incident.
Lead the internal and external cyber
audit plans.
Provide effective leadership, training,
support, generate enthusiasm and motivation in the team members to ensure that
they are appropriately empowered to carry out the responsibilities of their
role.
Maintain highly specialist knowledge and expertise in
cyber security and measures to mitigate cyber risks.
Please see attached Job Description in Supporting Documents for more information.
Job description
Job responsibilities
Lead the provision of a robust IT
security service to support numerous data rich applications for use within NECS
and by its customers both on-premise and cloud hosted.
Oversee the configuration and maintenance
of security and threat detection systems.
Identify and proactively manage the cyber
risks, threats and vulnerabilities associated with the delivery of strategic plans
and operational service ensuring appropriate actions are taken to mitigate or
respond.
Provide automated threat detection
systems ensuring all activity systems are proactively monitored.
Oversee the development and delivery IT
security framework built upon complex technical standards and evolving best
practice.
Risk assesses all new and potential IT
systems, applications, packages and services, including SaaS platforms.
Lead the analysis of security incidents
and near miss events. Ensure they are
investigated and reported on with the emphasis on preventing reoccurrence.
Organise and lead a team of staff to
undertake cyber security related actions and tasks as required to protect NECS
its customers, service users and the general public as far as possible from the
impact of cyber security incident.
Lead the internal and external cyber
audit plans.
Provide effective leadership, training,
support, generate enthusiasm and motivation in the team members to ensure that
they are appropriately empowered to carry out the responsibilities of their
role.
Maintain highly specialist knowledge and expertise in
cyber security and measures to mitigate cyber risks.
Please see attached Job Description in Supporting Documents for more information.
Person Specification
Qualifications
Essential
- Professional qualification at Masters degree level in an information or related discipline or equivalent experience.
- CISSP or CISM
Experience
Essential
- Evidence of continued professional development.
- Demonstrable experience of defining and agreeing an appropriate target security posture across complex pan-organisation environments.
- Significant experience in design of complex IT infrastructure solutions with a focus on security, process and controls.
- Significant experience in a security or cyber role at a senior management level.
- Substantial experience of leading large teams within a formal and structured environment following ITIL.
Knowledge & Skills
Essential
- Highly specialist analytical skills to interpret complex security standards and requirements to derive workplans for the team.
- Effective interpersonal and influencing skills and the ability to interpret and communicate complex information to staff with varying technical knowledge.
- Capability to digest complex facts or situations requiring in-depth analysis with the ability to formulate solutions where there are a number of options available.
Person Specification
Qualifications
Essential
- Professional qualification at Masters degree level in an information or related discipline or equivalent experience.
- CISSP or CISM
Experience
Essential
- Evidence of continued professional development.
- Demonstrable experience of defining and agreeing an appropriate target security posture across complex pan-organisation environments.
- Significant experience in design of complex IT infrastructure solutions with a focus on security, process and controls.
- Significant experience in a security or cyber role at a senior management level.
- Substantial experience of leading large teams within a formal and structured environment following ITIL.
Knowledge & Skills
Essential
- Highly specialist analytical skills to interpret complex security standards and requirements to derive workplans for the team.
- Effective interpersonal and influencing skills and the ability to interpret and communicate complex information to staff with varying technical knowledge.
- Capability to digest complex facts or situations requiring in-depth analysis with the ability to formulate solutions where there are a number of options available.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
