Cyber Security Analyst
Job summary
Join SHPU as a Cyber Security Analyst and play a key role in protecting critical NHS systems and data.
This is an exciting opportunity to work with modern security tools, tackle real-world cyber challenges, and contribute to a proactive security team. If you're passionate about cyber security and want to make a meaningful impact, we'd love to hear from you.
Why Join SHPU?- Make a Difference - Protect systems and data that directly support patient care and frontline services.
- Meaningful Work - Play a vital role defending against real and evolving cyber threats.
- Professional Growth - Develop your skills in a supportive environment with opportunities to learn new technologies and approaches.
- Forward-Thinking Team - Be part of a team committed to innovation, continuous improvement, and strong cyber resilience.
Main duties of the job
The Cyber Security Analyst is responsible for protecting the Trust's systems and data by identifying, analysing, and mitigating cyber security risks. The role involves monitoring security threats, responding to incidents, and ensuring compliance with NHS standards.
Key responsibilities include providing expert cyber security advice, conducting risk assessments, maintaining security tools and procedures, and staying up to date with emerging threats. The post holder will work closely with internal teams and external bodies (e.g. NHS England, NCSC) to manage security alerts and improve the organisation's security posture.
The role also requires contributing to policy development, delivering security awareness activities, supporting vulnerability management and patching, and providing hands-on technical support to Digital Services.
Effective prioritisation, stakeholder engagement, and the ability to manage complex information are essential.
About us
We are passionate about providing the very best care to the people we support, and we're looking for amazing people who share this passion to join us.
What is it that makes our Trust such a special place to work? Well, it's all about the people. Our staff, service users, carers and families all come from such diverse backgrounds and all have expertise and stories to share.
It's important that you feel supported in your role, that the people who you work with are as passionate as you are and that your health and wellbeing is taken care of
If you're interested in developing your career, you'll have access to a range of training and education opportunities, including apprenticeships, work experience and placements, as well as the chance to get involved in research.
We are very proud of the difference we make to people's lives each and every day and if that's something that you'd like to be part of we'd love to have you with us.
Job description
Job responsibilities
The Cyber Security Analyst role is part of the Digital Technical Services team and reports directly to the Infrastructure and Cyber Security Manager. This position is responsible for supporting the Trusts cyber security capability by maintaining and continuously improving security tools, technologies, and processes.
The post holder will monitor, analyse, and investigate potential security threats, ensuring the confidentiality, integrity, and availability of NHS systems and data. Working proactively, the Cyber Security Analyst will identify vulnerabilities, respond to incidents, and contribute to strengthening the organisations overall security posture.
This role plays a critical part in protecting the Trust from evolving cyber threats while ensuring compliance with relevant industry standards, NHS guidelines, and regulatory requirements. The successful candidate will collaborate closely with internal teams and stakeholders to promote best practice, support risk management activities, and help drive ongoing security improvements across the organisation.
Main Duties
- Provide professional advice on cyber security including phishing, computer security and cybercrime.Be responsible for advising and guiding stakeholders with the interpretation of relevant cyber policy to enable compliance with organisational standards.
- Identify potential security risks and develop strategies to mitigate these. This involves receiving complex and sensitive information, to enable conducting risk assessments, analysing security threats, and developing risk treatment plans.
- Conduct risk assessments as appropriate and advise the Trust on IT Security concerns. Under the instruction of the Infrastructure and Cyber Security manager ensure IT Security risks are clearly identified, recorded, managed and directly communicated to Digital Senior Management Team accordingly.
- Maintain high level knowledge of new threat vectors, tactics, techniques and procedures (TTPs) and vulnerabilities.
- Maintain compliance with various standards in place e.g., Data Security and Protection Toolkit, NHS Cyber Alerts, Cyber Essentials, Network, and Information Systems Regulations etc.
- Liaise with NHS England, National Cyber Security Centre (NCSC) and other relevant bodies as required ensuring IT Security advisories, directives and notifications are actioned and logged. This includes but is not limited to threat & vulnerability alerts, vendor and other specialist threat intelligence feeds.
- Provide specialist technical contribution into drafting and/or maintaining of the Trusts formal Digital Security related policies.Respond to high-priority, complex, sensitive and critical events and incidents, in a timely manner. Provide actionable recommendations and mitigation measures to prevent or reduce the impact of potential breaches.
- Assist with the interpretation and communication of developments in national cyber security legislation, policy and best practice. (this will involve analysing complex digital information which is multifaceted where there may be a number of potential outcomes)
- Work with the Trusts Communications Team to formulate communication across the Trust to raise awareness and alertness to any cyber threats and best practices
- Analyse computer, server and network logs including vulnerabilities and known attacks and cross reference on the MITRE framework and known TTPs. this will involve analysing complex digital information which is multifaceted where there may be a number of potential outcomes.
- Ensure the ongoing management, maintenance and use of cyber security standard operating Procedures (SOPs).Prioritisation of work based on severity, knowing when and how to escalate as necessary and offering advice to technical team members around prioritisation.
- Ensure that all security and vulnerability releases are being deployed to all on premise and hosted servers and end point devices safely and effectively, using your judgement to mitigate any service impacting issues
- Regularly carry out research on products and services as part of your role, exploring findings and making use of effective new technologies.
- Support in the selection of controls and engage in risk assessments and controls gap analysis.
- Lead on specialised workstreams and projects such as undertaking cyber risk assessments, that are complex in their nature.
- Plan, prioritise and manage conflicting agendas and priorities in order to meet challenging deadlines.
- Provide specialist assistance to Digital Services on technical security issues including hands on technical configuration and day-to-day operation of devices and software.
Person Specification
Training and qualifications
- Educated to Degree Level in an appropriate IT discipline, or equivalent, relevant experience.
- ITILv4 Qualification
- Professional Cyber Security qualification.
Experience
- Specialist knowledge acquired through post graduate diploma level or equivalent experience.
- Previous experience of working in the cyber security field.
- Experience of working within IT for the NHS or wider healthcare community.
- Understanding of Information Governance and IT policies and procedures within an NHS environment.
Knowledge and skills
- Knowledge of existing and emerging key Microsoft and Cyber Security technologies and understanding of how they can be applied to achieve digital objectives.
- Excellent communication skills to convey technical digital / cyber issues to a non-technical digital / cyber audience
- Able to undertake complex audits of technical Infrastructure, record results, interpret them and report outcomes accurately
- Able to prioritise and organise own work ensuring this is completed in an accurate and timely manner.
- Experience delivering, implementing or operating IT infrastructure (networks, servers, desktop, etc.)
- Digital Assessment Technology Criteriaand Data Protection Impact Assessments
- Experience of working within IT for the NHS or wider healthcare community
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.
Employer details
Employer name
Sheffield Health Partnership University NHS Foundation Trust
Address
Wardsend Road
Wardsend Road North
Sheffield
S6 1LX
United Kingdom
Employer's website
https://www.sheffieldpartnership.nhs.uk/