Job summary
Join NHS England Cyber Operations as a Security Lead to support safe care and build public trust by strengthening NHS England's cyber resilience and enabling the wider health system to be cyber resilient.
This post is within Service Integration and Ownership (SIO), part of Cyber Operational services. SIO is primarily external facing, managing a portfolio of Cyber Services to the NHS to manage cyber risk and provide cyber resilience while underpinning patient services and outcomes. You would provide Security leadership to a subset of the services in our portfolio throughout their lifecycle, ensuring they improve cyber resilience. This includes developing, assessing and reviewing security requirements, providing security consultancy, and advising health and care organisations on how to maximise the value of the services.
Services we provide include Secure Boundary, Vulnerability management, Cyber security ratings service and the Data Security and Protection Toolkit.
Consistent, efficient, proportionate security risk management is best achieved by a blend of centralised advice, control and security services with individual security responsibility and actions. You would be supporting the NHS by keeping services secure and delivering managed security services to the system, filling gaps where secure design and operation or other constraints fail to deliver proportionate security across the system.
Main duties of the job
The role requires excellent knowledge and experience of working in a cyber environment, providing expertise to support strategic decisions and security requirements for the portfolio of cyber services managed centrally. This may include full management and delivery of a subset of the portfolio and subsequent replacement/renewal of services across the lifecycle from requirements gathering to transitioning and ownership.
As a Security Lead you will:
* Have a good understanding of information security/governance frameworks/security operations.
* Have a good understanding of end-to-end management and enhancement of services, including management of third party providers.
* Have a detailed understanding of what constitutes good and poor cyber hygiene.
* Have a good understanding of the health and care system in England.
* Be able to communicate complex concepts to audiences with limited knowledge of cyber security.
* Be able to influence organisations in improving their cyber posture whilst maximising the value from central services.
* Support the portfolio of cyber services delivered by the SIO team to the wider NHS.
The role will also involve managing team members, ensuring they deliver on team objectives and promote their personal development ambitions.
About us
The NHS England board has set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all. This will inform the detailed design work and we will achieve this purpose by:
* Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities.
* Making the NHS a great place to work, where our people can make a difference and achieve their potential.
* Collaborating to ensure the healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care.
* Optimising the use of digital technology, research and innovation.
* Delivering value for money.
If you would like to know more, please visit https://www.england.nhs.uk/.
Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person. Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.
If you are successful at interview, we will run an Inter Authority Transfer (IAT) in the Electronic Staff Record system (ESR). This transfer gathers information from a previous or current NHS employer to support onboarding, including statutory and mandatory competency status, Continuous Service Dates (CSD), and annual leave entitlement. You will have the opportunity to inform us if you do not consent during the recruitment process.
Job description
Job responsibilities
Please see the attached Job Description and Person Specification for more information about the role and responsibilities. Please ensure your supporting statement includes demonstrable evidence and specific examples on how you meet the criteria for each of the key skills specified. This will be used in both the shortlisting and interview processes.
Important: Residency requirements
All NHS England Cyber Security personnel must hold Security Clearance level as a minimum. To meet National Security Vetting requirements, SC clearances require 5 years continuous UK residency. In certain cases this can be reduced to three years continuous UK residency, with additional overseas checks for the previous two years. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role will still be considered. Please ensure you meet these requirements before applying. You do not need to have SC beforehand, but failure to achieve SC requirements after offer will result in the job offer being withdrawn. For further guidance, see: https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels/national-security-vetting-clearance-levels#security-check-sc
Please note you will be hired under the title of Security Lead and this job title is advertised to attract the right skills for the role.
The post of Security Lead has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions, providing an additional monthly payment equal to 30% per annum. RRP is non-contractual and subject to review.
Secondments: Applicants from within the NHS will be offered on a secondment basis only, with agreement from their employer prior to applying. The contract is a fixed-term role for a short-term vacancy. If you like what you have read and think you have the skills and experience, please apply. Roles may close early due to high volumes of applications.
Person Specification
Knowledge
Essential
* Extensive knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, internal and external; ability to apply this knowledge to diverse situations.
* Proven knowledge of processes, tools and techniques for assessing and controlling an organisation's exposure to risks of various kinds.
Desirable
* Detailed knowledge of cybersecurity risk management tools, techniques, approaches and processes; ability to ensure network operation and minimise negative effects from cybersecurity risks.
Skills and Experience
Essential
* Detailed knowledge of information security management processes, tools and techniques; ability to deploy and monitor information security systems and resolve IT security violations.
Desirable
* In-depth knowledge of domestic and international information security laws and their impact on the business.
Qualifications
Essential
* CISSP/CISM
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and requires a Disclosure to be made to the DBS to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require Skilled Worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the government website.
From 6 April 2017, skilled worker applicants for entry clearance into the UK must present a criminal record certificate from each country where they have resided for 12 months or more in the past 10 years; adult dependants (over 18) are also subject to this requirement.
Additional information
Other
This post is subject to the Rehabilitation of Offenders Act and DBS check; Skilled Worker sponsorship is considered. For more information, see the government guidance above.
Employer details
Employer name: NHS England
Address: Wellington Place, Leeds / Hexagon House, Exeter, Leeds / Exeter, LS1 4AP
Employer's website: https://www.england.nhs.uk/
#J-18808-Ljbffr