Job summary Assist the Cybersecurity Manager with technical matters in relation to the Trusts IT Security work programme, with specific focus on supporting the Electronic Patient Record (EPR) implementation. Act as technical reference point for all matters related to cybersecurity and take responsibility for implementation and administration of Trust IT security systems and services. Contribute to the evaluation, development and implementation of Trust IT security maintaining compliance with the Data Security and Protection Toolkit (DSPT) to ultimately improve the cybersecurity posture of the systems, services and data security infrastructure supported by the South Devon Health Informatics Service. Main duties of the job o Perform ongoing IT Security risk assessments and audits to ensure that IT Systems are adequately protectedo Coordinate with other SDHIS Teams, stakeholders and suppliers to ensure all solutions use IT Security best practiceso Collaborate with vendors, outside consultants and other 3rd parties to improve IT security within the organisationo Provide advice and act, where necessary, in response to Audit findings and recommendations in respect of information securityo Review and advise on IT Security patches, software updates and vulnerabilities according to best practiceso Identify threats to the confidentiality, integrity, availability, accountability and relevant compliance for information systems and provide authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright lawo Maintain currency with security and security enhancing technologies and brief colleagues as needed to enable measures, to be implemented where and when necessary or desirableo Ensure that access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed About us Why Work With Us You will be part of a technical team responsible for managing a full range of IT Security functions to enable the effective provision of a secure environment to support all the digital systems, services and clinical functions of the local health community and wider One Devon area. We are a small but very supportive team who are enthusiastic about delivering a quality service by constantly challenging the way we do things; striving for continuous improvement and finding ways to work smarter.We are an initiative-taking, caring team who are flexible and promote a healthy work/home life balance. Date posted 14 February 2025 Pay scheme Agenda for change Band Band 6 Salary £37,338 to £44,962 a year per annum Contract Fixed term Duration 19 months Working pattern Full-time Reference number 388-6992880-EPR Job locations Regent House Regent Close Torquay TQ2 7AN Job description Job responsibilities Work effectively with EPR programme stakeholders to ensure programme delivery and benefits realisation Build and develop productive working relationships with stakeholders such as clinicians, technical & non-technical teams, other NHS organisations and suppliers Treat all co-workers with respect and value differences and diversity Establish effective communication within and between teams, reinforced by timely and professional documentation Uses influence & persuasion skills to secure agreement/co-operation Communicate highly complex technical information, tailoring approach to suit audience Identify priorities for system design, development and operation Able to analyse complex scenarios such as system failures, fault-finding, or non-optimal performance where solutions require detailed analysis and evaluation of multiple options/solutions. Use judgement to identify and recommend preferred options/solutions considering clinical and operational impact Plan, oversee and manage complex technical implementations having significant impacts on clinical and operational areas Manage complex workstreams involving multiple parties and/or technical disciplines Maintain agility of approach in response to changing priorities and developing situations Ensure effective scheduling and deployment of resources Plan non-business as usual activities such as project work effectively drawing upon established principles such as PRINCE Job description Job responsibilities Work effectively with EPR programme stakeholders to ensure programme delivery and benefits realisation Build and develop productive working relationships with stakeholders such as clinicians, technical & non-technical teams, other NHS organisations and suppliers Treat all co-workers with respect and value differences and diversity Establish effective communication within and between teams, reinforced by timely and professional documentation Uses influence & persuasion skills to secure agreement/co-operation Communicate highly complex technical information, tailoring approach to suit audience Identify priorities for system design, development and operation Able to analyse complex scenarios such as system failures, fault-finding, or non-optimal performance where solutions require detailed analysis and evaluation of multiple options/solutions. Use judgement to identify and recommend preferred options/solutions considering clinical and operational impact Plan, oversee and manage complex technical implementations having significant impacts on clinical and operational areas Manage complex workstreams involving multiple parties and/or technical disciplines Maintain agility of approach in response to changing priorities and developing situations Ensure effective scheduling and deployment of resources Plan non-business as usual activities such as project work effectively drawing upon established principles such as PRINCE Person Specification Qualifications and Training Essential Degree Level IT qualification or relevant equivalent experience ITIL4 Foundation Certification Desirable ISC2 CISSP/SSCP or other security related certification e.g. CompTIA Security/MS SC-900 ISC2 CCSP or other cloud-based security certification e.g. AZ-500/ CompTIA Cloud ISACA CISM/CISA Certification Knowledge and Experience Essential Relevant experience in health service or other major large-scale customer service-oriented organisation Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security. Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives Desirable Experience of working in the NHS Knowledge of Data Security and Protection Toolkit requirements Understanding of IT Legislation, specifically GDPR, FOI and DPA Specific Skills Essential Good communication skills, personable and friendly, able to work productively and unsupervised using own initiative Must be a good team worker Person Specification Qualifications and Training Essential Degree Level IT qualification or relevant equivalent experience ITIL4 Foundation Certification Desirable ISC2 CISSP/SSCP or other security related certification e.g. CompTIA Security/MS SC-900 ISC2 CCSP or other cloud-based security certification e.g. AZ-500/ CompTIA Cloud ISACA CISM/CISA Certification Knowledge and Experience Essential Relevant experience in health service or other major large-scale customer service-oriented organisation Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security. Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives Desirable Experience of working in the NHS Knowledge of Data Security and Protection Toolkit requirements Understanding of IT Legislation, specifically GDPR, FOI and DPA Specific Skills Essential Good communication skills, personable and friendly, able to work productively and unsupervised using own initiative Must be a good team worker Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Employer details Employer name Torbay and South Devon NHS Foundation Trust Address Regent House Regent Close Torquay TQ2 7AN Employer's website https://www.torbayandsouthdevon.nhs.uk (Opens in a new tab)