Job overview

Manage, and responsible for the operation, installation and maintenance of the Trust’s ICT network and security infrastructure, systems and software, providing advanced level operational support on a range of network devices and associated services in order to support over 15,000 users across 6 hospital sites, running 24/7/365.

Monitor networks to detect any suspicious or activities and take measures, such as installing firewalls, to defend against malicious attacks on the systems.

Correct flaws in any of the Trust’s security systems, solutions and programs while recommending specific measures that can improve the Trust’s overall security profile.

Main duties of the job

• Actively manage and maintain the Trust's network and security infrastructure, systems and software.

• Implement and recommend controls that will improve the Trust’s security posture.

• Regularly develop, maintain and update policies, procedures, guidelines and standards for all relevant systems and processes.

• Proactively monitor the infrastructure with the available tools to identify suspicious activities and take preemptive action to defend against them.

• Take the lead on vulnerability management.

• Ensure patching is done regularly in accordance with the agreed standards and completed within agreed procedures.

• Effectively and actively use threat intelligence to improve our security posture.

• Provide technical assistance and expertise during incident resolution.

• Work closely with relevant parties to ensure compliance with various standards.

Working for our organisation

Barts Health is one of the largest NHS trusts in the country, and one of Britain’s leading healthcare providers.

The Barts Health group of NHS hospitals is entering an exciting new era on our improvement journey to becoming an outstanding organisation with a world-class clinical reputation. Having lifted ourselves out of special measures, we now have the impetus and breathing space to chart a fresh course in which we are continually striving to improve all our services for patients.

Our vision is to be a high-performing group of NHS hospitals, renowned for excellence and innovation, and providing safe and compassionate care to our patients in east London and beyond. That means being a provider of excellent patient safety, known for delivering consistently high standards of harm-free care and always caring for patients in the right place at the right time. It also means being an outstanding place to work, in which our WeCare values and behaviours are visible to all and guide us in how we work together.

We strive to live by our WeCare values and are committed to promoting inclusion, where every staff member has a sense of belonging. We value our differences and fully advocate, cultivate and support an inclusive working environment.

Detailed job description and main responsibilities

We are dedicated to being an outstanding place to work and will work with you to get the best experience. We know flexible working is not a one size fits all and will mean something different to everyone. We are inclusive, so if you are interested in flexible working, please speak to the recruiting manager.

• Support in the regular review of IT Security risks and record identified risks in the risk register.
• Identify and recommend risk mitigation plans whilst ensuring that the relevant teams take appropriate action to implement the plans.
• Respond promptly to alerts from the various security monitoring tools and follow the Trust’s cyber incident response plan to take appropriate action.
• Provide relevant input to the technical and executive reports about cyber incidents and remediation activities.
• Carry out routine daily checks on the various security tools to ensure they are working optimally. 
• Identify relevant sources of threat intelligence updates that can be used to improve our security posture.
• Provide support in the design of new security systems or upgrade existing ones.
• Perform both internal and external security audits, as well as conduct security assessments through vulnerability testing and risk analysis.
• Use advanced analytic tools to determine emerging threat patterns and vulnerabilities.
• Actively participate in the review of third-party vendors and software.
• Contribute and support the annual DPST audit. 

The full job description provides an overview of the key tasks and responsibilities of the role, and the person specification outlines the qualifications, skills, experience, and knowledge required. For both documents, please view the attachment/s below.

Person specification

Knowledge

Essential criteria

Significant technical knowledge of security principles, controls, risk and threat mitigation. Good general knowledge of IT infrastructure (network, PCs, firewalls, telephones, servers) Knowledge of web applications and their common vulnerabilities. Understanding of cyber security frameworks e.g CAF, NIST, DSPT, ISO 27001. Awareness and understanding of emerging IT developments and potential implications

Desirable criteria

Knowledge of Cloud technologies.

Communication

Essential criteria

Highly effective interpersonal and coordinating skills with the ability to interpret and communicate complex information to staff with varying degrees of technical know how. Excellent written and verbal communication skills suitable for a range of audiences, including chairing of meetings Able to document routine fixes in the ICT knowledge base and training documents Able to work effectively as part of a team Able to lead and direct individuals to achieve a common aim.

Qualifications

Essential criteria

Educated to degree level in an IT-related subject (or equivalent experience) Professional Cybersecurity qualification (CISMP, Security +, Cysa +) Professional Computer networking qualification (CCNA)

Desirable criteria

CISSP qualification ITIL Foundation qualification

Experience

Essential criteria

Significant experience of working in a large organisation (over 5,000 users) with a proven experience of leading or actively involved in a wide variety of cybersecurity responsibilities. Practical and extensive experience of threat detection, intrusion prevention/detection techniques and attack vectors. Technical and working knowledge of different security tools. Experience of working in an ITIL environment. Experience of conducting risk assessments and developing mitigation plans Experience of working with a wide range of 3rd parties; managed services; and managing relationships. Experience of using threat intelligence effectively to improve security posture. Demonstrable experience of vulnerability management and taking actions to remediate findings. Experience of conducting security assessment for third parties.

Desirable criteria

Experience of working in an enterprise network environment Previous experience in a similar position within the NHS or healthcare provider Demonstrable experience of IT security experience in an enterprise network. Experience of automating routine infrastructure tasks with scripting tools Experience of writing technical and executive reports. Demonstrable experience of reviewing and recommending IT security solutions and controls. Experience of responding to cyber incidents. Experience of participating in a DSPT audit.