Torbay and South Devon NHS Foundation Trust
Assist the Cybersecurity Manager with technical matters in relation to the Trust's IT Security work programme, with specific focus on supporting the Electronic Patient Record (EPR) implementation.
Act as technical reference point for all matters related to cybersecurity and take responsibility for implementation and administration of Trust IT security systems and services.
Contribute to the evaluation, development and implementation of Trust IT security maintaining compliance with the Data Security and Protection Toolkit (DSPT) to ultimately improve the cybersecurity posture of the systems, services and data security infrastructure supported by the South Devon Health Informatics Service.
Main duties of the job
1. Perform ongoing IT Security risk assessments and audits to ensure that IT Systems are adequately protected.
2. Coordinate with other SDHIS Teams, stakeholders and suppliers to ensure all solutions use IT Security best practices.
3. Collaborate with vendors, outside consultants and other 3rd parties to improve IT security within the organisation.
4. Provide advice and act, where necessary, in response to Audit findings and recommendations in respect of information security.
5. Review and advise on IT Security patches, software updates and vulnerabilities according to best practices.
6. Identify threats to the confidentiality, integrity, availability, accountability and relevant compliance for information systems and provide authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright law.
7. Maintain currency with security and security enhancing technologies and brief colleagues as needed to enable measures to be implemented where and when necessary or desirable.
8. Ensure that access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed.
About us
You will be part of a technical team responsible for managing a full range of IT Security functions to enable the effective provision of a secure environment to support all the digital systems, services and clinical functions of the local health community and wider One Devon area. We are a small but very supportive team who are enthusiastic about delivering a quality service by constantly challenging the way we do things; striving for continuous improvement and finding ways to work smarter. We are an initiative-taking, caring team who are flexible and promote a healthy work/home life balance.
Job responsibilities
1. Work effectively with EPR programme stakeholders to ensure programme delivery and benefits realisation.
2. Build and develop productive working relationships with stakeholders such as clinicians, technical & non-technical teams, other NHS organisations and suppliers.
3. Treat all co-workers with respect and value differences and diversity.
4. Establish effective communication within and between teams, reinforced by timely and professional documentation.
5. Use influence & persuasion skills to secure agreement/co-operation.
6. Communicate highly complex technical information, tailoring approach to suit audience.
7. Identify priorities for system design, development and operation.
8. Able to analyse complex scenarios such as system failures, fault-finding, or non-optimal performance where solutions require detailed analysis and evaluation of multiple options/solutions.
9. Use judgement to identify and recommend preferred options/solutions considering clinical and operational impact.
10. Plan, oversee and manage complex technical implementations having significant impacts on clinical and operational areas.
11. Manage complex workstreams involving multiple parties and/or technical disciplines.
12. Maintain agility of approach in response to changing priorities and developing situations.
13. Ensure effective scheduling and deployment of resources.
14. Plan non-business as usual activities such as project work effectively drawing upon established principles such as PRINCE.
Person Specification
Qualifications and Training
* ITIL4 Foundation Certification.
* ISC2 CISSP/SSCP or other security related certification e.g. CompTIA Security+/MS SC-900.
* ISC2 CCSP or other cloud-based security certification e.g. AZ-500/ CompTIA Cloud+.
* ISACA CISM/CISA Certification.
Knowledge and Experience
* Relevant experience in health service or other major large-scale customer service-oriented organisation.
* Detailed knowledge and experience leading, coordinating or being actively involved in the investigation and remediation of security incidents.
* Detailed knowledge and experience in the investigation and remediation of Virus/Malware infections and outbreaks.
* Good knowledge of Network protocols, including TCP/IP and their use in relation to operating systems and perimeter security.
* Detailed knowledge and experience in cyber-security threat analysis and the use of software utilities to identify potential threats and eliminate false positives.
* Experience of working in the NHS.
* Knowledge of Data Security and Protection Toolkit requirements.
* Understanding of IT Legislation, specifically GDPR, FOI and DPA.
Specific Skills
* Good communication skills, personable and friendly, able to work productively and unsupervised using own initiative.
* Must be a good team worker.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer name
Torbay and South Devon NHS Foundation Trust
#J-18808-Ljbffr