An exciting opportunity has become available for an IT Security Engineer to join our well-established IT team.
The successful applicant will be responsible for a range of Trust IT Security policy implementation and development, shaping the Trust's long-term IT patching cycle, to ensure a seamless and consistent delivery of IT Services.
Applicants must have achieved, or evidence of working towards & ability to obtain recognized IT Security qualifications such as CISMP, CISSP, CASP along with at least 3 years of experience in an IT role which should include IT security as a responsibility & dealing with vulnerabilities, risks & threats.
If this position involves a regulated activity it will require an Enhanced Disclosure & Barring Service check. The disclosure will, where appropriate to the role, include information against the Independent Safeguarding Authority barred lists for working with children, adults or both.
Where a Disclosure & Barring Service (DBS) check is required for the post, all applicants are required to cover the cost of the check.
Main duties of the job
West Midlands Ambulance Service University NHS Foundation Trust is committed to creating an inclusive, supportive, and accessible workplace for everyone where our colleagues feel empowered to succeed.
Each person plays a vital part in ensuring our organisation meets the differing needs of our communities, ultimately enabling us to save lives. We acknowledge that a workforce that reflects the communities it serves provides better patient care, and we are therefore looking for self-motivated, enthusiastic people from all backgrounds that care about making a difference to our patients.
We are committed to diversity and inclusivity at all levels. We are proud to have maintained Disability Confident Leader status, and as part of our commitments to this, we guarantee to invite all applicants who meet the essential criteria for a role to attend assessment or interview. If you have a disability or learning difficulty, and prefer to disclose it, please feel free to do so in your application. You can also contact the Recruitment Team via email at recruitment@wmas.nhs.uk if you wish to have a confidential discussion. We use this information, with your permission, to ensure you are fully supported during the recruitment process.
The Trust is proud to support our Armed Forces community and has signed up to the Step Into Health initiative. We welcome applications from Armed Forces Veterans and Service leavers.
Job description
Job responsibilities
Responsible for a range of Trust IT Security policy implementation and development, shaping the Trust's long-term IT patching cycle, to ensure a seamless and consistent delivery of IT Services.
Assist in the translation of Trust long-term strategic plans, objectives, and policy decisions into operational activity and provide feedback to ensure continuous quality improvements.
Maintain high awareness of developing standards and innovations in the area of IT Security, and under the guidance of the Head of IT Security, ensure the Trust exploits opportunities, both financial and technological, as necessary to deliver optimal and cost-effective patient care.
Ensure services are supported to agreed hours of service to agreed service levels by participation within the on-call rota. This will require attendance on site for remedial or planned activities.
Act as an authority and provide specialist knowledge across the range of IT security procedures and practices, underpinned by theoretical knowledge and relevant practical experience for the Trust, and ensure delivery of associated IT systems and services.
Work with stakeholders to ensure clear definition and agreement of service, in particular, with relation to possible downtime during patch management. Ensure these services are delivered and possible downtime communicated as necessary.
Conduct risk assessments as appropriate and advise the Trust on IT Security concerns. Under the instruction of the Head of IT Security, ensure IT Security risks are clearly identified, recorded, managed, and directly communicated to the IT Senior Management Team accordingly.
When required, liaise with external/third parties to ensure the Trust's IT Security stance is not compromised when completing agreed patching tasks, with relevance to external systems or services being connected to the Trust's network.
Provide specialist knowledge as required or requested by other departments on the procurement of new solutions, systems, or services to ensure they comply with the Trust's IT Security Strategy.
Work with the Heads of IT Services to ensure the IT systems and services are affordable and cost-effective.
Contribute to the overall development of the Trust, identifying present and future opportunities, threats, and risks in the IT environment with relation to IT security.
Promote effective use of IT systems and services, developing IT Security awareness and promoting a culture of IT Security.
Manage and maintain the various highly complex IT Security systems and services, as well as advising on future technologies, research, and development.
Participate in continued professional development, training, and courses as identified, ensuring skills and knowledge are kept current.
Provide specialist knowledge and advice on the effective use of Trust IT Services to staff, including promotion of the use of IT Security Policies & IT Security awareness programs.
Identify staff IT Security knowledge gaps, develop and promote an IT Security awareness program in conjunction with other departments as required.
Assist the Head of IT Security to identify and develop quality measures to ensure the highest levels of service delivery are achieved.
Carry out complex projects pertinent to the work of the Trust under the direction of the Head of IT Security, assisting in the production of management information, reports, and recommendations.
Conduct vulnerability assessments and other associated activities as appropriate, underpinned by theoretical knowledge and relevant practical experience, within the Trust to identify, remediate, and mitigate risks to the Trust.
Liaise with NHS England, NCSC, and other relevant bodies as required, ensuring IT Security advisories, directives, and notifications are actioned and logged. This includes but is not limited to threat & vulnerability alerts, vendor, and other specialist threat intelligence feeds.
Ensure all systems and applications, where applicable, are kept up to date and are encompassed in the patch management routine as detailed in the patch management policy.
Assist the Head of IT Security with developing and maintaining an Incident Response Plan and Computer Emergency Response Team in relation to severe IT security incidents.
Take part in activities that lead to personal and/or team growth, including responsibility for providing briefings on developments in your field of specialist knowledge.
Attend supervision and appraisal sessions with the Line Manager. Take a lead in identifying own development needs.
Lead on investigating IT Security issues using analytical & judgmental skills to fault find in addition to liaising with other staff and departments &/or external third parties as appropriate.
The post holder is expected to work with the minimum of supervision and may be expected to deal with other duties appropriate to their level and post.
Travel to other Trust sites may be required on an ad-hoc basis; therefore, your own vehicle and a full clean UK driver's license is required. Mileage expense is available where appropriate for Trust business.
Assume wider responsibilities as assigned by the Head of IT Security.
Person Specification
Experience
Essential
* At least 3 years of experience in an IT role, which should include IT Security responsibility & dealing with vulnerabilities, risks & threats.
* Familiarity with an assortment of security technologies from different vendors (e.g., Tenable Nessus, Microsoft XDR, Forcepoint Web).
Qualifications
Essential
* Achieved, or evidence of working towards & ability to obtain recognized IT Security qualifications such as CISMP, CISSP, CASP etc.
* Evidence of continuing professional development.
Skills and Knowledge
Essential
* Knowledge of NHS IT systems and services (desirable).
* Current knowledge on latest cyber threats & mitigation.
* Knowledge of hardening infrastructure systems both on premise & in the cloud.
* Familiarity with patch management methodologies.
* Familiarity with Microsoft cloud technologies (e.g., Microsoft Exchange, Azure, Intune, SharePoint, Teams).
* Confident and self-motivated.
* Ability to work with others or as part of a team.
* Ability to prioritize workload and act under pressure.
Employer details
Employer name
West Midlands Ambulance Service University NHS Foundation Trust
Address
Ambulance Headquarters
Waterfront Business Park
Brierley Hill
West Midlands
DY5 1LX
Any attachments will be accessible after you click to apply.
C9217-220-24-25 #J-18808-Ljbffr