Job summary
The Cyber Security team are looking to recruit a Senior IT Specialist, to work with all stakeholders, providing a high degree of support to operational services, penetration testing and forensics activity with skills as described in the job description. This is a permanent position.What we are looking for?We are seeking candidates with the commitment, experience, skills and knowledge to provide the necessary level of cyber security involvement for services across NHS Wales. Candidates must be capable of managing the robust and consistent design and assurance required to support the delivery of any associated new digital services. Experienced in managing the delivery and provision of cyber security services within a large and complex organisation, you will have excellent planning and organization skills, coupled with practical knowledge of risk management methodology. An exceptional communicator, you shall be expected to establish working relationships with staff at all levels within Digital Health and Care Wales, including clinicians and the wider user community.
Main duties of the job
What you'll be doing
As a Senior IT Specialist, you will take responsibility for leading on the support for key services and provide assurance as to the operation of all national IT systems.
You will work autonomously and as part of the team on Security projects, and provide feedback and progress updates to team members on all work. You will be expected to work with a range of stakeholders across other operational teams; project managers and service management, to champion the cyber security assurance for the service. In this respect you shall be responsible for identifying risks and implementing resolution and/or mitigation through service improvement plans.
Why join us? You want the opportunity to work on a continuous stream of new challenges. You are committed to improving the level of cyber security for users of NHS systems in Wales and wish to ensure that the services we develop are first-class and able to deliver better care to those who need it. You are able to define the level of risk presented to the business, and then develop solutions to mitigate it. You are committed to continual improvement and education in the field of cyber security.
The ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
About us
Digital Health and Care Wales (DHCW) is part of the NHS Wales family and has an important role in changing the way health and care services are delivered through technology and data. The organisation supports frontline staff with modern systems and access to important information about their patients, while empowering the people of Wales to manage their own health through digital NHS Wales services.
Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.
Join our game changing, life-saving team and start making a real difference to health and care services in Wales.
Job description
Job responsibilities
What specific skills do you need?
We are looking for candidates who can demonstrate proven experience and strong skills in the following areas:-
- An understanding of the malicious attack processes along with the ability to test services for vulnerabilities
- An understanding of network protocols in relation to security device controls and the risks they could introduce to the network
- Experience in managing and maintaining Windows and/or Linux servers
- Knowledge and experience in using vulnerability management and assessment tools
- Good verbal and written communications skills. Ability to clarify technical detail and confidently communicate associated business risks
- Able to work proactively under pressure and deliver against individual and team KPIs
- Proven ability to manage complex Cyber Security Incidents, and appropriate communications
- Experience of security solutions for infrastructure and application architectures (eg Remote Access, VPN & Firewalls, Cryptography, code analysis, and management of security testing remediation) and their ability to mitigate risks
- Understanding of risk management, with ability to undertake risk assessments and communicate the perceived risk
- Understanding the need of a national assurance programme and how this is delivered by good assurances processes
- A good understanding of best practice security controls for market leading technologies
You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac
Job description
Job responsibilities
What specific skills do you need?
We are looking for candidates who can demonstrate proven experience and strong skills in the following areas:-
- An understanding of the malicious attack processes along with the ability to test services for vulnerabilities
- An understanding of network protocols in relation to security device controls and the risks they could introduce to the network
- Experience in managing and maintaining Windows and/or Linux servers
- Knowledge and experience in using vulnerability management and assessment tools
- Good verbal and written communications skills. Ability to clarify technical detail and confidently communicate associated business risks
- Able to work proactively under pressure and deliver against individual and team KPIs
- Proven ability to manage complex Cyber Security Incidents, and appropriate communications
- Experience of security solutions for infrastructure and application architectures (eg Remote Access, VPN & Firewalls, Cryptography, code analysis, and management of security testing remediation) and their ability to mitigate risks
- Understanding of risk management, with ability to undertake risk assessments and communicate the perceived risk
- Understanding the need of a national assurance programme and how this is delivered by good assurances processes
- A good understanding of best practice security controls for market leading technologies
You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac
Person Specification
Qualifications and/or Knowledge
Essential
- Educated to degree level (preferably ICT or Cyber Security) or equivalent experience and a recognised qualification in Cyber Security, or equivalent level of work experience and knowledge
- Evidence of relevant further higher level professional development.
Desirable
- Professional Cyber Security qualification or equivalent
- ITIL practitioner or equivalent qualification or experience
- Knowledge of penetration testing and vulnerability management methodologies and techniques
Experience
Essential
- Relevant experience working in IT/Cyber Security
- A good technical understanding of application and network security
- Experience in providing relevant technical / security support at appropriate level
- Working with vulnerability assessment/ management tools
Desirable
- Experience with ICT service provision in a health care setting
- SOP/Procedure writing
- Working with SIEM solutions
- Experience in Risk management processes
Aptitude and Abilities
Essential
- Ability to provide guidance and support to less experienced team members.
- Ability to communicate clearly with non-technical staff and end users.
- Ability to challenge poor behaviour
- Sound judgment, decision making, and organisational skills
- Ability to work on own initiative, organise own workload, and deliver projects with minimal support.
- Provide clear reports to senior management
- Able to evaluate and assist in selection of best practice security tools
- Root Cause Analysis of security incidents
- Good keyboard skills and application use.
Desirable
- A broad range of ICT Skills and understanding
- Ability to speak Welsh
Person Specification
Qualifications and/or Knowledge
Essential
- Educated to degree level (preferably ICT or Cyber Security) or equivalent experience and a recognised qualification in Cyber Security, or equivalent level of work experience and knowledge
- Evidence of relevant further higher level professional development.
Desirable
- Professional Cyber Security qualification or equivalent
- ITIL practitioner or equivalent qualification or experience
- Knowledge of penetration testing and vulnerability management methodologies and techniques
Experience
Essential
- Relevant experience working in IT/Cyber Security
- A good technical understanding of application and network security
- Experience in providing relevant technical / security support at appropriate level
- Working with vulnerability assessment/ management tools
Desirable
- Experience with ICT service provision in a health care setting
- SOP/Procedure writing
- Working with SIEM solutions
- Experience in Risk management processes
Aptitude and Abilities
Essential
- Ability to provide guidance and support to less experienced team members.
- Ability to communicate clearly with non-technical staff and end users.
- Ability to challenge poor behaviour
- Sound judgment, decision making, and organisational skills
- Ability to work on own initiative, organise own workload, and deliver projects with minimal support.
- Provide clear reports to senior management
- Able to evaluate and assist in selection of best practice security tools
- Root Cause Analysis of security incidents
- Good keyboard skills and application use.
Desirable
- A broad range of ICT Skills and understanding
- Ability to speak Welsh
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
