Job summary An exciting opportunity has become available for a IT Security Engineer to join our well established IT team. The successful applicant will be responsible for a range Trust IT Security policy implementation and development shaping the trusts long term IT patching cycle, to ensure a seamless and consistent delivery of IT Services. Applicants must have achieved, or evidence of working towards & ability to obtain recognized IT Security qualifications such as CISMP, CISSP, CASP along with at least 3 years experience in an IT role which should include IT security as a responsibility & dealing withvulnerabilities, risks & threats. If this position involves a regulated activity it will require an Enhanced Disclosure & Barring Service check. The disclosure will, where appropriate to the role, include information against the Independent Safeguarding Authority barred lists for working with children, adults or both Where a Disclosure & Barring Service (DBS) check is required for the post, all applicants are required to cover the cost of the check. Main duties of the job West Midlands Ambulance Service University NHS Foundation Trust is committed to creating an inclusive, supportive, and accessible workplace for everyone where our colleagues feel empowered to succeed. Each person plays a vital part to ensuring our organisation meets the differing needs of our communities ultimately enabling us to save lives. We acknowledge that a workforce that reflects the communities that it serves provide better patient care and we are therefore looking for self-motivated, enthusiastic people from all backgrounds that care about making a difference to our patients. We are committed to diversity and inclusivity at all levels. We are proud to have maintained Disability Confident Leader status and as part of our commitments to this we guarantee to invite all applicants who meet the essential criteria for a role to attend assessment or interview. If you have a disability or learning difficulty, and prefer to disclose it, please feel free to do so in your application. You can also contact the Recruitment Team via email at recruitmentwmas.nhs.uk if you wish to have a confidential discussion. We use this information, with your permission, to ensure you are fully supported during the recruitment process. The Trust is proud to support our Armed Forces community and have signed up to the Step Into Health initiative. We welcome applications from Armed Forces Veterans and Service leavers. About us We do endeavour to respond to all candidates on an individual basis. Therefore we do ask for your co-operation and patience whilst the short listing process takes place. After the closing date please ensure you check your emails (including junk mail) regularly as contact is usually made via this method. We are proud to offer flexible working options to support our colleagues to have a greater choice in when, where and how they work. During your interview we will explore this with you and discuss your individual needs and how this could be facilitated for this role to benefit patient experience, service delivery and the work-life balance of colleagues. Date posted 09 January 2025 Pay scheme Agenda for change Band Band 6 Salary £37,338 to £44,962 a year plus the relevant unsocial hours & 9.5% on call Contract Permanent Working pattern Full-time Reference number C9217-220-24-25 Job locations Ambulance Headquarters Waterfront Business Park Brierley Hill West Midlands DY5 1LX Job description Job responsibilities Responsible for a range Trust IT Security policy implementation and development shaping the trusts long term IT patching cycle, to ensure a seamless and consistent delivery of IT Services. Assist in the translation of Trust Long term strategic plans, objectives and policy decisions into operational activity and provide feedback to ensure continuous quality improvements. Maintain high awareness of developing standards and innovations in the area of IT Security, and under the guidance of the Head of IT Security ensure the trust exploit opportunities. Both financial and technological as necessary to deliver optimal and cost-effective patient care. Ensure services are supported to agreed hours of service to agreed service levels by participation within the on-call rota. This will require attendance on site for remedial or planned activities. Act as an authority and provide specialist knowledge across the range of IT security procedures and practices, underpinned by theoretical knowledge and relevant practical experience. For the Trust and ensure delivery of associated IT systems and services. Work with stakeholders to ensure clear definition and agreement of service. In particular, with relation to possible downtime during patch management. Ensure these services are delivered and possible downtime communicated as necessary. Conduct risk assessments as appropriate and advise the Trust on IT Security concerns. Under the instruction of the Head of IT Security ensure IT Security risks are clearly identified, recorded, managed and directly communicated to IT Senior Management Team accordingly. When required, liaise with external/third parties to ensure the Trusts IT Security stance is not compromised. When completing agreed patching tasks. With relevance to external systems or services being connected to the Trusts network. Provide specialist knowledge as required or requested by other departments on the procurement of new solutions, systems or services to ensure they comply with the Trusts IT Security Strategy. Work with the Heads of IT Services to ensure the IT systems and services are affordable and cost effective. To contribute to the overall development of the Trust, to identify present and future opportunities, threats and risks in the IT environment with relation to IT security. Promote effective use of IT systems and services, developing IT Security awareness and promoting a culture of IT Security. Be responsible for managing and maintaining the various highly complex IT Security systems and services, as well as advising on future technologies, research and development. Participate in continued professional development, training and courses as identified ensuring skills and knowledge are kept current. Provide specialist knowledge and advice on the effective use of Trust IT Services to staff, including promotion of the use of IT Security Policies & IT Security awareness programs. Identify staff IT Security knowledge gaps, develop and promote an IT Security awareness program in conjunction with other departments as required. Assist the Head of IT Security to identify and develop quality measures to ensure the highest levels of service delivery are achieved. Carry out complex projects pertinent to the work of the Trust under the direction of the Head of IT Security, assisting the production of management information, reports and recommendations. Conduct vulnerability assessments and other associated activities as appropriate underpinned by theoretical knowledge and relevant practical experience. within the Trust to Identify, remediate and mitigate risks to the Trust. Liaise with NHS England, NCSC and other relevant bodies as required ensuring IT Security advisories, directives and notifications are actioned and logged. This includes but is not limited to threat & vulnerability alerts, vendor and other specialist threat intelligence feeds. Ensure all systems and applications where applicable are kept up to date and are encompassed in the patch management routine as detailed in the patch management policy. Assist the Head of IT Security with developing and maintaining an Incident Response Plan and Computer Emergency Response Team in relation to severe IT security incidents. Take part in activities that lead to personal and/or team growth. Including responsibility for providing briefings on developments in your field of specialist knowledge. Attend supervision and appraisal sessions with the Line Manager. Take a lead in identifying own development needs. Lead on investigating IT Security issues using analytical & judgmental skills to fault find in addition to liaising with other staff and departments &/or external third parties as appropriate. The post holder is expected to work with the minimum of supervision and may be expected to deal with other duties appropriate to their level and post. Travel to other Trust sites maybe required on an ad-hoc basis, therefore your own vehicle and a full clean UK drivers license is required. Mileage expense is available where appropriate for Trust business. Assume wider responsibilities as assigned by the Head of IT Security Job description Job responsibilities Responsible for a range Trust IT Security policy implementation and development shaping the trusts long term IT patching cycle, to ensure a seamless and consistent delivery of IT Services. Assist in the translation of Trust Long term strategic plans, objectives and policy decisions into operational activity and provide feedback to ensure continuous quality improvements. Maintain high awareness of developing standards and innovations in the area of IT Security, and under the guidance of the Head of IT Security ensure the trust exploit opportunities. Both financial and technological as necessary to deliver optimal and cost-effective patient care. Ensure services are supported to agreed hours of service to agreed service levels by participation within the on-call rota. This will require attendance on site for remedial or planned activities. Act as an authority and provide specialist knowledge across the range of IT security procedures and practices, underpinned by theoretical knowledge and relevant practical experience. For the Trust and ensure delivery of associated IT systems and services. Work with stakeholders to ensure clear definition and agreement of service. In particular, with relation to possible downtime during patch management. Ensure these services are delivered and possible downtime communicated as necessary. Conduct risk assessments as appropriate and advise the Trust on IT Security concerns. Under the instruction of the Head of IT Security ensure IT Security risks are clearly identified, recorded, managed and directly communicated to IT Senior Management Team accordingly. When required, liaise with external/third parties to ensure the Trusts IT Security stance is not compromised. When completing agreed patching tasks. With relevance to external systems or services being connected to the Trusts network. Provide specialist knowledge as required or requested by other departments on the procurement of new solutions, systems or services to ensure they comply with the Trusts IT Security Strategy. Work with the Heads of IT Services to ensure the IT systems and services are affordable and cost effective. To contribute to the overall development of the Trust, to identify present and future opportunities, threats and risks in the IT environment with relation to IT security. Promote effective use of IT systems and services, developing IT Security awareness and promoting a culture of IT Security. Be responsible for managing and maintaining the various highly complex IT Security systems and services, as well as advising on future technologies, research and development. Participate in continued professional development, training and courses as identified ensuring skills and knowledge are kept current. Provide specialist knowledge and advice on the effective use of Trust IT Services to staff, including promotion of the use of IT Security Policies & IT Security awareness programs. Identify staff IT Security knowledge gaps, develop and promote an IT Security awareness program in conjunction with other departments as required. Assist the Head of IT Security to identify and develop quality measures to ensure the highest levels of service delivery are achieved. Carry out complex projects pertinent to the work of the Trust under the direction of the Head of IT Security, assisting the production of management information, reports and recommendations. Conduct vulnerability assessments and other associated activities as appropriate underpinned by theoretical knowledge and relevant practical experience. within the Trust to Identify, remediate and mitigate risks to the Trust. Liaise with NHS England, NCSC and other relevant bodies as required ensuring IT Security advisories, directives and notifications are actioned and logged. This includes but is not limited to threat & vulnerability alerts, vendor and other specialist threat intelligence feeds. Ensure all systems and applications where applicable are kept up to date and are encompassed in the patch management routine as detailed in the patch management policy. Assist the Head of IT Security with developing and maintaining an Incident Response Plan and Computer Emergency Response Team in relation to severe IT security incidents. Take part in activities that lead to personal and/or team growth. Including responsibility for providing briefings on developments in your field of specialist knowledge. Attend supervision and appraisal sessions with the Line Manager. Take a lead in identifying own development needs. Lead on investigating IT Security issues using analytical & judgmental skills to fault find in addition to liaising with other staff and departments &/or external third parties as appropriate. The post holder is expected to work with the minimum of supervision and may be expected to deal with other duties appropriate to their level and post. Travel to other Trust sites maybe required on an ad-hoc basis, therefore your own vehicle and a full clean UK drivers license is required. Mileage expense is available where appropriate for Trust business. Assume wider responsibilities as assigned by the Head of IT Security Person Specification Experience Essential At least 3 years experience in an IT role, which should include IT Security responsibility & dealing with vulnerabilities, risks & threats. Familiarity with an assortment of security technologies from different vendors (e.g., Tenable Nessus, Microsoft XDR, Forcepoint Web) Qualifications Essential Achieved, or evidence of working towards & ability to obtain recognized IT Security qualifications such as CISMP, CISSP, CASP etc. Evidence of continuing professional development. Skills and Knowledge Essential Knowledge of NHS IT systems and services (desirable) Current knowledge on latest cyber threats & mitigation of. Knowledge of hardening infrastructure systems both on premise & in the cloud. Familiarity with patch management methodologies. Familiarity with Microsoft cloud technologies (e.g., Microsoft Exchange, Azure, Intune, SharePoint, Teams). Confident and self-motivated Ability to work with others or part of a team Ability to prioritise workload and act under pressure Person Specification Experience Essential At least 3 years experience in an IT role, which should include IT Security responsibility & dealing with vulnerabilities, risks & threats. Familiarity with an assortment of security technologies from different vendors (e.g., Tenable Nessus, Microsoft XDR, Forcepoint Web) Qualifications Essential Achieved, or evidence of working towards & ability to obtain recognized IT Security qualifications such as CISMP, CISSP, CASP etc. Evidence of continuing professional development. Skills and Knowledge Essential Knowledge of NHS IT systems and services (desirable) Current knowledge on latest cyber threats & mitigation of. Knowledge of hardening infrastructure systems both on premise & in the cloud. Familiarity with patch management methodologies. Familiarity with Microsoft cloud technologies (e.g., Microsoft Exchange, Azure, Intune, SharePoint, Teams). Confident and self-motivated Ability to work with others or part of a team Ability to prioritise workload and act under pressure Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Employer details Employer name West Midlands Ambulance Service University NHS Foundation Trust Address Ambulance Headquarters Waterfront Business Park Brierley Hill West Midlands DY5 1LX Employer's website https://wmas.nhs.uk/careers-staff-room/ (Opens in a new tab)