Job summary To be a guardian of good IT security practice. Responsible for actioning security alerts from Network Detect and Response, anti-virus, Cloud security systems and CareCERTS. Undertake security configuration work as required by the Audit and Accreditation function. Undertaking security audits as required. To contribute within Informatics Merseyside on specified areas includingincident response. Main duties of the job 1. The post holder will be expected to interpret highly complex information security scenarios receiving information from many sources and at many levels. This information will need to be understood and solutions developed.2. To provide specialist advice on IT Security / IG issues to trusts and the HIS, including security / IG assessment of new systems, communicating by means of undertaking presentations as required.3. The post holder will have a broad understanding of IM&T technologies and a broad knowledge in key technologies such as firewalls, email filters, anti-virus, and intrusion detection technologies.4. The post holder will contribute to the formulation and development of information security plans and strategies to enable the successful completion and implementation of new systems. This might include logistics for equipment and software delivery and installation, scheduling human resources for training and configuration tasks and change control to minimise potential down time.5. The post holder will assist in the development of information security policies and procedures that will be required the secure operation of systems. These policies will have far ranging impact across Informatics Merseyside, and partner organisations. About us Mersey Care is one of the largest trusts providing physical health and mental health services in the North West, serving more than 1.4 million people across our region and are also commissioned for services that cover the North West, North Wales and the Midlands. We offer specialist inpatient and community services that support physical and mental health and specialist inpatient mental health, learning disability, addiction and brain injury services. Mersey Care is one of only three trusts in the UK that offer high secure mental health facilities. At the heart of all we do is our commitment to 'perfect care' - care that is safe, effective, positively experienced, timely, equitable and efficient. We support our staff to do the best job they can and work alongside service users, their families, and carers to design and develop future services together. We're currently delivering a programme of organisational and service transformation to significantly improve the quality of the services we provide and safely reduce cost as we do so. Flexible working requests will be considered for all roles. Date posted 17 February 2025 Pay scheme Agenda for change Band Band 6 Salary £37,338 to £44,962 a year per annum Contract Permanent Working pattern Full-time Reference number 350-TWS6999501 Job locations Informatics Merseyside, Saturn House School Lane Knowsley L34 9GJ Job description Job responsibilities 1. To assist in writing and assist in the implementation of Data Protection and Information Security standards.2. If approached assist any individual in Freedom of Information requests and subject access requests.3. To provide assistance where required in gathering evidence for the Data Security Protection Toolkit or other assurance activity.4. Assist in the investigation of security incidents as required, this may involve audit trails, manually checking individuals accounts, interviews, producing system reports regarding activity etc.5. Assist as required, towards supplying evidence of information security incidents to Trust Information Governance groups.6. Provide assistance to the Deputy IT Security Manager (SS) for actioning, or delegating, responses to complex cyber security alerts and incidents from (but not limited to) Network Detection &Response systems, Cloud-based security alerts, risky-user logins, MFA failures and NHS England Security Operations Centre (SOC) alerts such as CareCERTS.7. Liaising with appropriate IM colleagues on complex Cyber & IT Security issues, incidents, and alerts. Job description Job responsibilities 1. To assist in writing and assist in the implementation of Data Protection and Information Security standards.2. If approached assist any individual in Freedom of Information requests and subject access requests.3. To provide assistance where required in gathering evidence for the Data Security Protection Toolkit or other assurance activity.4. Assist in the investigation of security incidents as required, this may involve audit trails, manually checking individuals accounts, interviews, producing system reports regarding activity etc.5. Assist as required, towards supplying evidence of information security incidents to Trust Information Governance groups.6. Provide assistance to the Deputy IT Security Manager (SS) for actioning, or delegating, responses to complex cyber security alerts and incidents from (but not limited to) Network Detection &Response systems, Cloud-based security alerts, risky-user logins, MFA failures and NHS England Security Operations Centre (SOC) alerts such as CareCERTS.7. Liaising with appropriate IM colleagues on complex Cyber & IT Security issues, incidents, and alerts. Person Specification Qualifications Essential Relevant degree or equivalent IT work experience Evidence of on-going professional development. Certified in Cybersecurity (CC) Desirable Have, or working towards SSCP Have, or working towards cloud security qualifications such as AZ-500 Knowledge/Experience Essential Significant experience of using Microsoft Office applications Specialist knowledge and expertise of IT systems and infrastructure, this should include knowledge and expertise in design, systems implementation, IT security, IT standards and best practice Wide ranging knowledge and experience of software packages related to the entire range of IT systems provision Experience of successful collaborative and partnership working and ability to encourage others likewise Understanding of risk management, business continuity management, procurement, corporate governance, and corporate performance reporting principles Working knowledge of internet security devices such as firewalls, web proxies, email filters and intrusion detection devices Working knowledge of Network Detect and Respond, Cloud Security, M365 Secure Score, EndPoint protection Desirable Knowledge and experience of web, software packages, operating systems, networking, and IT security technologies including MS Windows, all versions Unix and other server operating systems Networking and networking standards including IPv4 Understanding of Cyber frameworks such as, cyber-kill chain, Mitre Att&ck Framework, NIST, ISO, CE, CIS, CAF Cloud technologies and Security benchmarking Values Essential Continuous Improvement Accountability Respectfulness Enthusiasm Support High professional standards Responsive to service users Engaging leadership style Strong customer service belief Transparency and honesty Discreet Change oriented. Skills Essential Excellent communication skills Excellent organisational skills Attention to detail Strong customer service skills Ability to explain technical issues in a non-technical and non-threatening way to users Ability to work unsupervised and prioritise workloads to maximise productivity of self and the team Ability to maintain a professional and courteous manner at all times Person Specification Qualifications Essential Relevant degree or equivalent IT work experience Evidence of on-going professional development. Certified in Cybersecurity (CC) Desirable Have, or working towards SSCP Have, or working towards cloud security qualifications such as AZ-500 Knowledge/Experience Essential Significant experience of using Microsoft Office applications Specialist knowledge and expertise of IT systems and infrastructure, this should include knowledge and expertise in design, systems implementation, IT security, IT standards and best practice Wide ranging knowledge and experience of software packages related to the entire range of IT systems provision Experience of successful collaborative and partnership working and ability to encourage others likewise Understanding of risk management, business continuity management, procurement, corporate governance, and corporate performance reporting principles Working knowledge of internet security devices such as firewalls, web proxies, email filters and intrusion detection devices Working knowledge of Network Detect and Respond, Cloud Security, M365 Secure Score, EndPoint protection Desirable Knowledge and experience of web, software packages, operating systems, networking, and IT security technologies including MS Windows, all versions Unix and other server operating systems Networking and networking standards including IPv4 Understanding of Cyber frameworks such as, cyber-kill chain, Mitre Att&ck Framework, NIST, ISO, CE, CIS, CAF Cloud technologies and Security benchmarking Values Essential Continuous Improvement Accountability Respectfulness Enthusiasm Support High professional standards Responsive to service users Engaging leadership style Strong customer service belief Transparency and honesty Discreet Change oriented. Skills Essential Excellent communication skills Excellent organisational skills Attention to detail Strong customer service skills Ability to explain technical issues in a non-technical and non-threatening way to users Ability to work unsupervised and prioritise workloads to maximise productivity of self and the team Ability to maintain a professional and courteous manner at all times Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. Employer details Employer name Mersey Care NHS Foundation Trust Address Informatics Merseyside, Saturn House School Lane Knowsley L34 9GJ Employer's website https://www.merseycare.nhs.uk/ (Opens in a new tab)