IT Security

We are seeking a dynamic IT Security & Continuity Manager to join our Digital Operations team.The post holder will be responsible for maintaining a practical approach to cyber threat management and lead the planning of future IT security solutions and improvements to the security of existing systems and infrastructure. This includes the practical and systematic assessment of security controls, incorporating auditing and monitoring of security and continuity controls across all areas, providing assurance for user authentication and privileged account use, safe and timely patching of assets, end user and device hardening, vulnerability scanning, penetration testing and remediation of discovered cybersecurity vulnerabilities, as part of the wider set of controls and objectives required to maintain compliance the NHS CAF-DSPT.The post holder will also develop and maintain IT security related policies and procedures, lead the Trust’s operational cyber security meetings, and attend and present as required at local governance meetings and represent the Trust at regional cyber security groups as required.Applicants must demonstrate strong and up-to-date knowledge and experience, including best practices in areas such as firewalls, monitoring solutions (SIEM and EDR), privileged access management, VPN, Windows and Linux, network equipment, IoT appliances, cloud and SaaS, along with user communications and training, incident response, business continuity and disaster recovery.Main duties of the jobResponsible for assessing and providing evidence for the Trust’s achievement of DSPT compliance, including the requirements of the NCSC CAF.Responsible for reviewing and continually improving cyber security and continuity in the Trust, including the maintenance of robust processes for managing cyber security incidents and co-ordinating response and resolution actions within a suspected or proven cyber security incident or where aspects of continuity are otherwise engaged.Responsible for management and reporting of security alerts and vulnerabilities locally and in line with the NHS national cyber operations service.Ensure that all risks and issues relating to cyber security are fully documented with risk assessments undertaken and recorded on the Trust’s risk management system, which supports the risk register.Participate as required in an on-call rota for Digital.About usDBTH is one of Yorkshire’s Leading acute trusts, serving a population of more than 440,000. Our services are based over three main hospital sites and several additional services employing over 7,000 colleagues.At DBTH we have a comprehensive framework of behaviours that guide us in our daily working lives, these form the DBTH Way. We pride ourselves on our commitment to the values of We Care and now the DBTH Way builds upon these foundations, providing further clarity on what it means to embody these values in our everyday interactions.As an organisation that supports flexible working, we want to be sure that you can work in a way that is best for us and for our patients, and for you. Speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.As an equal opportunities employer, we encourage applicants from all sectors of the community, particularly from under-represented groups including those with disabilities, members of our ethnic minorities and LGBTQ+ communities.We offer a range of benefits to support our people including:o Extensive range of learning opportunitieso NHS Pension Schemeo Generous holiday entitlement in line with Terms & Conditionso Comprehensive health and wellbeing supporto NHS Car Lease schemes and a range of salary sacrifice schemeo Discounts on restaurants, getaways, shopping and finance through external providers.Date posted07 March 2025Pay schemeAgenda for changeBandBand 8aSalary£53,755 to £60,504 a year Pro Rata Per AnnumContractPermanentWorking patternFull-timeReference number272-7012418Job locationsDoncaster Royal InfirmaryArmthorpe RoadDoncasterDN2 5LTJob descriptionJob responsibilitiesPlease see attached to the advert a job description and person specification for further details. Please ensure you read both documents carefully.Please note, if your application is successful, you will be required to present original certificates of qualifications that are listed in the person specification under essential. Job descriptionJob responsibilitiesPlease see attached to the advert a job description and person specification for further details. Please ensure you read both documents carefully.Please note, if your application is successful, you will be required to present original certificates of qualifications that are listed in the person specification under essential.Person SpecificationQualifications/TrainingEssentialMaster’s degree, CISSP and CISM certifications, or equivalent relevant experienceDemonstrable evidence of continuing professional development in IT securityITIL certification or equivalent experienceDesirableCISA certificationCCSP certificationManagement QualificationPRINCE II trainedKnowledge and ExperienceEssentialExperience in a relevant senior IT role in an organisation of 3,000+ usersExperience of the NHS DSPT and NDG security standards, and the NCSC CAFExperience and understanding of the security aspects of Active Directory, Entra ID, Intune, Defender EDR, NHS M365, Imprivata OneSign, PrivacyIDEA, Windows 10/11, Windows Server, SQL Server, Microsoft Identity Manager, Microsoft NPS/RADIUS, SCSM/WSUS, BeyondTrust PAM, VMware vSphere, Omnissa Horizon and Workspace ONE, SolarWinds Orion and SEM, Palo Alto PAN-OS, or other comparable systems and infrastructureExperience of designing, implementing, and documenting security policies at technical / system level and at corporate / organisational levelExperience of vulnerability assessments, penetration testing, and security audits; incident investigations; threat hunting, and able to develop plans and monitor and report on progress to required outcomesDesirablePrevious experience in a relevant senior IT role in an NHS acute hospital and understanding of the NHS environment in relation to IT SecurityConversant with the relevant legislation within which IT security operates (CMA, NIS, GDPR, etc)Familiar with ISMS security control standards such as ISO 27001, SOC2, PCI DSS, or NISTExperience of developing and implementation of an organisational wide disaster recovery plan in accordance with the needs of the businessApplied knowledge of digital forensicsPersonal Attributes & SkillsEssentialProven ability to operate / think laterally & work on own initiativeAbility to influence at senior levels of both the IM&T Directorate and wider TrustAbility to communicate in non-technical language to a wide range of audiencesAble to prioritise and work within imposed deadlinesAbility to co-develop board reports and business cases to solve strategic issuesAbility to think strategically and keep track of process towards achievement of milestonesPotential to develop and change within the changing NHSAbility to work on-call and take the lead on managing response to any given issue or incident within the remit of the post and teamDesirableAn appreciation of the skills and staffing mix within the NHS environmentHave a flexible approach to working and be available to work outside normal hours as and when requiredPerson SpecificationQualifications/TrainingEssentialMaster’s degree, CISSP and CISM certifications, or equivalent relevant experienceDemonstrable evidence of continuing professional development in IT securityITIL certification or equivalent experienceDesirableCISA certificationCCSP certificationManagement QualificationPRINCE II trainedKnowledge and ExperienceEssentialExperience in a relevant senior IT role in an organisation of 3,000+ usersExperience of the NHS DSPT and NDG security standards, and the NCSC CAFExperience and understanding of the security aspects of Active Directory, Entra ID, Intune, Defender EDR, NHS M365, Imprivata OneSign, PrivacyIDEA, Windows 10/11, Windows Server, SQL Server, Microsoft Identity Manager, Microsoft NPS/RADIUS, SCSM/WSUS, BeyondTrust PAM, VMware vSphere, Omnissa Horizon and Workspace ONE, SolarWinds Orion and SEM, Palo Alto PAN-OS, or other comparable systems and infrastructureExperience of designing, implementing, and documenting security policies at technical / system level and at corporate / organisational levelExperience of vulnerability assessments, penetration testing, and security audits; incident investigations; threat hunting, and able to develop plans and monitor and report on progress to required outcomesDesirablePrevious experience in a relevant senior IT role in an NHS acute hospital and understanding of the NHS environment in relation to IT SecurityConversant with the relevant legislation within which IT security operates (CMA, NIS, GDPR, etc)Familiar with ISMS security control standards such as ISO 27001, SOC2, PCI DSS, or NISTExperience of developing and implementation of an organisational wide disaster recovery plan in accordance with the needs of the businessApplied knowledge of digital forensicsPersonal Attributes & SkillsEssentialProven ability to operate / think laterally & work on own initiativeAbility to influence at senior levels of both the IM&T Directorate and wider TrustAbility to communicate in non-technical language to a wide range of audiencesAble to prioritise and work within imposed deadlinesAbility to co-develop board reports and business cases to solve strategic issuesAbility to think strategically and keep track of process towards achievement of milestonesPotential to develop and change within the changing NHSAbility to work on-call and take the lead on managing response to any given issue or incident within the remit of the post and teamDesirableAn appreciation of the skills and staffing mix within the NHS environmentHave a flexible approach to working and be available to work outside normal hours as and when requiredApply For Job #J-18808-Ljbffr