ICT Cyber Security Specialist
Job summary
We are seeking an experienced and motivated ICT Cyber Security Specialist to support the delivery of the Trust's cyber security capability across a large, complex and clinically critical digital environment. The role plays an important part in protecting core ICT services, clinical systems, patient data and other Trust services by ensuring cyber risks are actively identified, analysed and managed.
Working within the ICT Cyber Security Team, the post holder will contribute to maintaining a strong cyber security posture through operational security activities, assurance work and close collaboration with colleagues across ICT, Information Governance and the wider organisation. The role requires a practical, analytical approach, strong attention to detail and the ability to work proactively in a fast-paced environment.
This is a hands-on operational role that supports Trust-wide compliance with national and NHS cyber security requirements and provides assurance to senior stakeholders that cyber risks are being effectively controlled. The role offers the opportunity to work across a broad range of systems, services and security domains in an organisation where cyber security directly supports patient safety and service resilience.
Please note the advert may close early due to reaching a high number of applications.
Main duties of the job
The post holder will monitor and respond to cyber security alerts and notifications, investigate security events, and carry out technical analysis of systems and logs to identify vulnerabilities and reduce risk. The role includes managing and maintaining cyber security systems, records and registers, and contributing to audits, risk assessments, business impact assessments and incident response activities.
The post holder will support mandatory cyber assurance frameworks, maintain audit readiness, and contribute to the development and review of cyber security policies, procedures and incident response plans. The role involves providing specialist cyber security advice, supporting security due diligence for projects and third-party access, and contributing to staff awareness and training initiatives.
The post holder will manage competing priorities, support business continuity activities, remain up to date with national and NHS cyber guidance, and work collaboratively with colleagues across ICT, Information Governance and the wider Trust. Occasional out-of-hours working and limited activity in clinical areas may be required.
About us
The Trust provides a full range of local and specialist services across its five sites. The trust-wide strategy of Strong Roots, Global Reach is our Vision to be BOLD, Brilliant people, Outstanding care, Leaders in Research, Innovation and Education, Diversity, Equality and Inclusion at the heart of everything we do. By being person-centred, digitally-enabled, and focused on sustainability, we aim to take Team King's to another level.
We are at a pivotal point in our history and we require individuals who are ready to join a highly professional team and make a real, lasting difference to our patients and our people.
King's is committed to delivering Sustainable Healthcare for All via our Green Plan. In line with national Greener NHS ambitions, we have set net zero carbon targets of 2040 for our NHS Carbon Footprint and 2045 for our NHS Carbon Footprint Plus. Everyone's contribution is required in order to meet the goals set out in our Green Plan and we encourage all staff to work responsibly, minimising their contributions to the Trust's carbon emissions, waste and pollution wherever possible.
Job description
Job responsibilities
The ICT Cyber Security Specialist is a key operational role within the Trusts ICT Cyber Security Team, responsible for delivering defined elements of the Trusts cyber security work programme and supporting the ongoing protection of systems, services and information assets. The post holder will work under the direction of the ICT Head of Cyber Security and will be expected to take ownership of assigned cyber security systems, activities and workstreams, ensuring they are operated, maintained and documented in line with Trust policies, national guidance and recognised good practice.
The role involves undertaking detailed technical and analytical activities to support the prevention, detection and management of cyber security threats. This includes analysing complex system and security information, correlating alerts and events, and supporting detailed investigations to determine root cause, impact and required remediation. The post holder will ensure investigations and outcomes are appropriately documented, communicated and escalated in line with agreed processes.
The post holder will lead and contribute to a range of assurancefocused activities, including vulnerability assessments, crosssite cyber security audits, risk assessments, business impact assessments and gap analysis. Findings will be used to inform proportionate recommendations, with the post holder working collaboratively with ICT service teams to agree mitigating actions and track progress to completion. This work supports the Trusts ability to demonstrate effective cyber risk management and operational resilience.
A significant element of the role is supporting the Trusts cyber governance and compliance obligations. The post holder will contribute to maintaining audit readiness and assurance evidence for national and NHSmandated frameworks, including the Data Security and Protection Toolkit, Cyber Essentials Plus and ISO 27001 controls. This includes maintaining supporting documentation, registers, logs, procedures and systemlevel security artefacts, and supporting internal and external audits as required.
The role includes supporting the secure introduction and ongoing management of systems, services and suppliers by contributing to cyber security reviews and due diligence activity. This involves ensuring appropriate security documentation and controls are in place before access is granted, maintaining central records of thirdparty and contractor access, and supporting regular review to ensure access remains appropriate, current and compliant. The post holder will also support the management and periodic review of privileged accounts.
The post holder will contribute to the development, review and continuous improvement of cyber security policies, procedures and incident response arrangements, ensuring they remain aligned with legislation, NHS guidance and emerging threats. The role includes providing specialist advice and guidance to colleagues across ICT, Information Governance, clinical and corporate services, supporting informed decisionmaking and effective risk management.
The post holder will support staff awareness and training activity where required and contribute to the Trusts wider cyber security engagement and communication approach. The role requires the ability to balance structured assurance activity with operational responsiveness, manage changing priorities and contribute to business continuity planning and exercises.
Occasional outofhours working may be required to support operational needs. The role may involve limited activity within clinical environments and requires adherence to Trust health, safety and infection control requirements.
Person Specification
Education and Qualifications
- Educated to degree level/equivalent IT qualification or, equivalent experience.
- Commitment to continuing professional development.
- Cyber Security certifications (e.g. CISSP, CISM, ComTIA Security+)
Knowledge and Experience
- Experience of working in a technical support role and proven experience in analysis and the support of IT systems.
- Demonstrable skills in the interrogation and analysis of complex logs and data
- Experience and demonstrable knowledge of working with a variety of security systems and software.
- Experience of and confident in communicating with varied teams/departments at all levels.
- Demonstrable experience in the use of MS Office in particular sound working knowledge of Word and Excel.
- Clear understanding of the role of ICT Security and the importance of security, data protection governance and network and information systems regulations
- At least one year of working in an ICT Security role.
- Experience of working in the NHS.
- Knowledge of the NHS Digital Data Security and Protection Toolkit, Cyber Essentials Plus and awareness of ISO Standards and National Cyber Security Centre 10 Steps to Cyber Security
Skills and Competencies
- Proficient in information gathering, analysis and documentation
- Logical, methodical approach with an aptitude for problem solving and determination to resolve matters.
- Strong attention to detail and accuracy.
- Excellent written and verbal communication
- Good Presentation Skills
- Advanced keyboard skills.
- Ability to manage own workload and re-prioritise depending on day-to-day demands, meet targets and deadlines.
- Confident to use own initiative to a 1st/2nd line resolution stage whilst having the ability to recognise when escalation is appropriate.
- Ability to be flexible in line with the demands on the team and the department and work out of hours as and when required.
- Willing to contribute ideas and new concepts to the team to improve the efficiency and effectiveness of processes and output.
- Ability to develop sound and productive working relationships with a wide range of teams and organisations including staff and key partners, other Trusts
- Tactful and diplomatic whilst having the ability to remain steadfast when under pressure.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.
Employer details
Employer name
King's College Hospital NHS Foundation Trust
Address
Cross site
Denmark Hill
London
SE5 9RS
United Kingdom
Employer's website
https://www.kch.nhs.uk/