Associate Information Security Practitioner

Job description

Job responsibilities

Information security

Undertake Information Security Assessment activities, including supply chain / 3rd party assessments following National Cyber Security Centre evaluation best practices for cloud and on premise technologies.

Monitoring practices including key performance indicators on security enforcing tools such as anti-virus, patching, and driving security posture improvements.

Technical audit activities included within vulnerability management including internal scans and external security & penetration tests, forensic audits, or related investigations. This includes the ability to ensure remediation of findings are handled and fed into continuous service improvement activities.

Incident management of cyber security events of all severities, throughout the incident lifecycle.

Business Continuity

Develop, maintain, and improve data and technology Business Continuity & Disaster Recovery Plans that enable us to respond to and recover from events.

Data protection

Support information gathering and creating supporting narrative / recommendations to ensure security of data through the annual Data Security Protection Toolkit cycle.

Provide advice and expert knowledge to projects / programmes / operational services to ensure that information systems are designed to meet data protection requirements.

Risk management

Risk management activities such as maintenance of the risk register, identification and management of risk, escalations, and using risk to drive improvements.

Policies and security awareness

Contribute to the development of the Trust information Security policy framework, considering regional and national policies and practices.

Apply policy to working practices and procedures, and guide colleagues towards information security policy.

Person Specification

Skills and Experience

• Masters degree, or equivalent relevant experience
• Relevant management / leadership qualification or equivalent experience to masters level
• Relevant information security qualification or equivalent experience (example: CISM, CISSP, or plan to obtain within 12 months)
• Service management qualification or equivalent experience (example: ITIL)

• Delivery management qualification or equivalent experience (Agile, PRINCE2, etc)

Experience

• Experience in delivering and developing information security and business continuity services
• Experience of developing and implementing organisation-wide information security and business continuity related strategies, policies, and procedures
• Experience of solving complex business problems for users using technology - balancing usability with security
• Experience of supporting the transition of products from Delivery into Live Service
• Experience of working with conflicting, highly complex, and/or highly sensitive information
• Experience in managing critical incidents, and problem investigation + resolution (including managing security incident response, and information security breaches)
• Experience of contributing to, and developing enabling strategies (example: information security)
• Coaching, mentoring and supervision of others
• Management of financial budgets for a service (pay, on-call, consumables, relevant 3rd party provision contracts) and developing investment cases

• Experience in conducting or managing information security audits, penetration testing, table-top / simulation exercises, and incident investigations
• Experience of management products / services in healthcare (NHS)

Skills and Knowledge

• Deal with complex business problems and translate into information security and business continuity requirements and solutions
• Strong domain knowledge in at least one of the following areas, and the ability to acquire an adequate understanding of the other areas: oEnterprise Architecture oHMG Secure Policy Framework (SPF) and Information Assurance Maturity Model (IAMM) oISO27001 oRisk assessment and management oData security and protection toolkit (DSPT)
• Broad knowledge of enterprise technology and data solution(s) and how information security and business continuity should be considered
• Identify training needs to build and sustain information security and business continuity capability
• Prioritisation of work - within the team and across the wider Digital, Data and Technology teams
• Meet set targets or metrics for service
• Autonomous working and can delegate appropriately
• Good communication skills - tailoring your message for your audience, providing, and receiving highly complex, sensitive and/or contentious information, able to communicate complex technical information in a simple way to stakeholders
• Present complex, sensitive, and contentious information to large groups
• Strong domain knowledge and ability to keep ahead of information security and business continuity initiatives
• Design and develop our information security and business continuity tools and processes
• Systematic and methodical approach to problem solving

Personal qualities

• Relentless focus on user needs and experience
• Problem-solving mindset - focusing on improving outcomes
• Seeing the bigger picture - understand how your work and the work of your team supports wider objectives and meets the diverse needs of stakeholders
• Able to work well within a busy environment

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Moorfields Eye Hospital NHS Foundation Trust

Address

Moorfields Eye Hospital NHS Foundation Trust

162 City Road

London

EC1V 2PD

Employer's website

https://www.moorfields.nhs.uk/work-for-us