Cyber Security Analyst – Bicester

We have an exciting opportunity to work in an evolving and busy Information Security and Governance team, working closely with our Digital Colleagues. This role plays an important part in supporting front line NHS staff such as Paramedics, 999 and 111 call takers, Patient transport services, as well as to our corporate enablers such as finance, estates and HR. No two days are the same, but you will be part of a vital organisation helping to save lives, covering a wide area with a population of 7 million from Oxfordshire, Buckinghamshire, Berkshire to Hampshire. We also cover Sussex for Patient Transport Services. The role will also work alongside technical specialists and third-party services including NCSC and NHS England's CareCERT service, drawing on their skills and knowledge to provide a cohesive support service and to help deliver the future Digital roadmap to this respected NHS Ambulance Service. If you have a good work ethic, are a great team worker, flexible and innovative, can think outside the box, are prepared to bring solutions to problems and have a background in Cyber Security, then we'd love to hear from you

Main duties of the job

• To support the Head of Information Security and Governance in the delivery of the Information Security and Governance (ISG) activities of the Trust providing assurance that the security, confidentiality and integrity of systems and data is maintained.
• Support the delivery of projects to achieve both CareCERT, Cyber Essentials and the Digital Security and Protection Toolkit (DSPT) accreditation for the Trust and implement processes that assure ongoing maintenance of this accreditation.
• Provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trust's compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time.
• Interpret complex legislation or regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act, implementing and enforcing suitable and relevant information security policies and procedures across the Trust.
• Assist in ensuring all information systems and underlying technical architectures and changes to the technical environment are assessed against Information Security best practice.
• Provide regular reports to the Head of Information Security and Governance on areas such as Project Progress, Security, in relation to upcoming threats, number of security incidents (detected and prevented) and compliance of ICT systems and equipment including patching levels.
• Provide support for Information Asset Owners (IAOs) through effective networking structures, sharing of relevant experience, provision of training and creation of information risk reporting structures.
• Assist in ensuring Digital staff are suitably trained and understand Digital Security including the generation and provision of IG and IS training.
• Ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual information incidents are managed in accordance with NHS ISG requirements.
• Monitor Security systems for alerts and investigations.

About us

South Central Ambulance Service NHS Foundation Trust provides a range of emergency, urgent care and non-emergency healthcare services. The Trust delivers most of these services to the populations of Berkshire, Buckinghamshire, Hampshire and Oxfordshire as well as non-emergency patient transport services in Sussex. We serve a population of over 7 million and answer over 500,000 urgent calls a year. We employ 4,551 staff who, together with over 1,100 volunteers, enable us to operate 24 hours a day, seven days a week.

Benefits we offer:

• Full training and support when you join and ongoing throughout your employment with us.
• Holiday entitlement is 27 days rising to 29 days after 5 years and 33 days after 10 years, plus 8 bank holidays (pro rata for part time).
• Enrolment into the NHS Pension Scheme.
• Access to continual professional development and opportunities within SCAS and the NHS.
• Occupational Health support along with an Employee Assistance Programme.
• NHS Discounts in over 200+ stores including Holidays, Days out, Car insurance, Restaurants and Clothing.
• Staff networking and support groups.

Job responsibilities

• Ensure the delivery of projects to achieve both CareCERT, Cyber Essentials and DSPT accreditation for the Trust and implement processes that assure ongoing maintenance of this status.
• Provide support in the day-to-day management of information security and governance service provision to all users ensuring the Trust's compliance with the Data Protection Act 1998, Access to Health Records Act 1990, Freedom of Information Act and those regulations that supersede or supplement these from time to time.
• To assist in the ISG continuous improvement work stream within the Digital Directorate that seeks to improve the Trust's operational management of Information Security and Information Governance.
• Interpret highly complex legislation and regulations related to information governance and information security such as ISO/IEC 27001, the Data Protection Act 1998, NHS Information Risk Management, Computer Misuse Act and develop, implement, and enforce suitable and relevant information security policies and procedures across the Trust.
• Provide regular reports to the Head of Information Security and Governance on areas such as Project Progress, Security, in relation to upcoming threats, number of security incidents (detected and prevented) and compliance of ICT systems and equipment including patching levels.
• Provide support for Information Asset Owners (IAOs) through effective networking structures, sharing of relevant experience, provision of training and creation of information risk reporting structures.
• Ensure that identified information threats and vulnerabilities are followed up for risk mitigation, and that perceived or actual information incidents are managed in accordance with NHS ISG requirements.
• Ensure the Trust responds to, and is protected against, all new threats identified within Information Security Notices and alerts (including those from CareCERT).

Person Specification

QualificationsEssential

• Masters level degree or equivalent level of experience.
• Hold a security recognised qualification (e.g CISSP, CIPR).

KnowledgeEssential

• Knowledge of relevant information security and privacy related legislation and regulation – such as Data Protection Act 2018, Freedom of Information Act, etc.
• Working knowledge of the Data Security and Protection Toolkit (DSPT).
• Knowledge of IT systems implementation.

SkillsEssential

• Demonstrable experience in ICT/ Information Security Role.
• Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management.
• Excellent working knowledge of all MS Office applications.

Apply For Job