Job summary
The Security Assurance function is primarily internal facing, seeking to secure NHSE systems and data. Ensuring systems are secure by design using National Cyber Security Centre's (NCSC) Secure Design guidance combined with a cyber control framework, aligned to best practice, to ensure that systems are secure.
An extraordinary health and care service deserves exceptional talent to support its delivery. As such, this is a role with real purpose, integral to our strategic plans, delivered across a national Health and Social Care system which includes 220 individual NHS Trusts; 13 Arm's Length Bodies and over 40,000+ primary care organisations.
The STRAPSO will work to the Protective Security Lead and will manage security sensitive locations and communication systems (inc. CRYPTO) on behalf of NHSE.
They will be responsible for investigating security breaches, conducting security audits, conducting STRAP induction/de-inductions and leading STRAP induction briefings.
The post of Security Advisor/Analyst has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 20% per annum.
Please be aware that RRP is none contractual and subject to review.
Main duties of the job
Working to the Protective Security Lead, the Security Advisor /Analyst will:
- Manage NHS England's ability to protect and handle information of the highest classification and sensitivity. This information is vital to the success of operational activity as we receive and share critical intelligence from different sources.
- Be responsible for maintaining accreditation of the STRAP environment in accordance with the STRAP Supplement which will include planning and liaison with the NTA's.
- Be responsible for all aspects of security for the material and those personnel who are authorised to access it, as well as managing the associated Information and Communications Technology.
- Provide appropriate advice on STRAP security and policy to those who need it.
- Supervise management of risks and issues to ensure delivery of operational and organisational objectives.
- Lead and/or participate in security audit and incident investigation processes.
About us
What's in it for you
- A role as part of a dynamic team using data and digital technology to transform health and care.
- A range of opportunities to build your experience in an environment where your work has a direct and positive impact.
- A real commitment to your personal and professional development with access to a broad range of learning opportunities
The NHS England board have set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all, which will inform the detailed design work and we will achieve this purpose by:
- Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities.
- Making the NHS a great place to work, where our people can make a difference and achieve their potential.
- Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care
- Optimising the use of digital technology, research, and innovation
- Delivering value for money.
If you would like to know more or require further information, please visithttps://www.england.nhs.uk/.
Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person.
Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.
Job description
Job responsibilities
Please see the attached Job Description and Person Specification for more information about the role and responsibilities. Please ensure your supporting statement includes demonstratable evidence and specific examples on how you meet the criteria for each of the key skills specified. This will be used in both the shortlisting and interview processes.
Important: Please be aware there are residency requirements you need to meet:
This role will require the successful candidate to acquire Developed Vetting (DV) clearance through UKSV and undergo STRAP induction, you must also have full UK Nationality. To meet DV requirements, you must have a minimum 10 years continuous UK residency. This may in certain cases be reduced to seven years with relevant overseas checks for the three remaining years. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role can still apply for a DV clearance.
Job description
Job responsibilities
Please see the attached Job Description and Person Specification for more information about the role and responsibilities. Please ensure your supporting statement includes demonstratable evidence and specific examples on how you meet the criteria for each of the key skills specified. This will be used in both the shortlisting and interview processes.
Important: Please be aware there are residency requirements you need to meet:
This role will require the successful candidate to acquire Developed Vetting (DV) clearance through UKSV and undergo STRAP induction, you must also have full UK Nationality. To meet DV requirements, you must have a minimum 10 years continuous UK residency. This may in certain cases be reduced to seven years with relevant overseas checks for the three remaining years. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role can still apply for a DV clearance.
Person Specification
Knowledge and Experience
Essential
- Understanding of the STRAP Supplement and Cabinet Office Security Policy Framework, with proven knowledge of the processes, tools and techniques required. Group Security Policies - particularly Secure ICT and STRAP.
- Knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect organisational data.
Desirable
- Knowledge of and the ability to utilise tools and techniques for assessing the effectiveness of security measures, identifying potential risk exposures, and protecting the availability, confidentiality and audit trails of information from destruction or manipulation.
Skills
Essential
- Knowledge of technologies and technology-based solutions dealing with security issues; ability to apply these in protecting information security across the organisation.
Desirable
- Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
- Knowledge of IT security policies, standards, and procedures; ability to utilise a variety of administrative skill sets and technical knowledge to ensure cyber security compliance
Qualifications
Essential
- Post graduate level degree or equivalent level of experience
Desirable
- Membership of a relevant professional body (ISACA, ISC2, SANS, CIISec, SyI)
Person Specification
Knowledge and Experience
Essential
- Understanding of the STRAP Supplement and Cabinet Office Security Policy Framework, with proven knowledge of the processes, tools and techniques required. Group Security Policies - particularly Secure ICT and STRAP.
- Knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect organisational data.
Desirable
- Knowledge of and the ability to utilise tools and techniques for assessing the effectiveness of security measures, identifying potential risk exposures, and protecting the availability, confidentiality and audit trails of information from destruction or manipulation.
Skills
Essential
- Knowledge of technologies and technology-based solutions dealing with security issues; ability to apply these in protecting information security across the organisation.
Desirable
- Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
- Knowledge of IT security policies, standards, and procedures; ability to utilise a variety of administrative skill sets and technical knowledge to ensure cyber security compliance
Qualifications
Essential
- Post graduate level degree or equivalent level of experience
Desirable
- Membership of a relevant professional body (ISACA, ISC2, SANS, CIISec, SyI)
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
