This role provides specialist information security capability across King Edward VII's Hospital, supporting the protection of clinical, patient, and corporate information assets. The Information Security Engineer is responsible for implementing, operating, and continually improving technical security controls, vulnerability management, and security monitoring in line with organisational, regulatory, and group (Bupa/DASCL) requirements. Working closely with IT Infrastructure, Applications, suppliers, and group security teams, the post-holder ensures that security is embedded into day-to-day operations, projects, and system design, while maintaining high availability and safety within a clinical healthcare environment.
Responsibilities
* Operate and maintain the hospital's vulnerability management programme, including scanning, prioritisation, remediation tracking and reporting
* Monitor security tooling and alerts, supporting early detection and response to security incidents
* Undertake technical investigation, root cause analysis and post-incident reviews
* Implement, configure and maintain security controls across networks, servers, endpoints, cloud services and clinical systems
* Support endpoint protection, email security, MFA, identity security controls and log management
* Work with Infrastructure and Applications teams to ensure secure configuration and hardening of systems
* Ensure systems and services align with GDPR, Data Protection Act, NHS DSPT principles (where applicable), and Bupa security standards
* Maintain security documentation, SOPs, technical standards and audit artefacts
* Ensure security considerations are embedded into new systems, infrastructure changes, and clinical technology deployments
* Review designs and changes for security impact and provide risk-based recommendations
* Act as a technical security point of contact for suppliers, partners and managed security services
* Participate in group-wide security forums and working groups as required
* Communicate security risks, issues and remediation plans clearly to technical and non-technical stakeholders
Qualifications
* Demonstrable experience in an information security or security engineering role
* Strong technical understanding of security concepts and controls
* Security certifications (e.g., AZ-500, SC-200, Security+, CISSP, CISM, CEH) are desirable
* Experience operating vulnerability management and remediation processes
* Experience with endpoint, network, and cloud security controls; understanding of identity, access management and MFA
* Experience working in regulated environments
* Ability to translate security risks into clear, pragmatic recommendations
* Flexible with the ability to support out-of-hours activity when required
Benefits
At King Edward VII's Hospital we want to reward our staff for the amazing job that they do. As part of the team you will have access to a range of benefits for your work and home life.
* Annual leave entitlement of 25 days + bank holidays, increasing with length of service
* In-house training for all staff
* Company pension scheme
* Interest free travel loan
* Private healthcare (eligible after 12 months)
* Bicycle loan scheme
* Retailer discounts
* Employee Assistance Programme
We champion diversity and want our people to reflect the communities we serve. Everyone is encouraged to 'Be you at Bupa', and we actively welcome colleagues from all backgrounds and experiences. Bupa takes pride in being a Level 2 Disability Confident Employer and will aim to offer an interview/assessment to disabled applicants who best meet the minimum criteria for the role. We're committed to ensuring you're treated fairly during the recruitment process and offer reasonable adjustments to anyone who may benefit from accommodations to the recruitment process.
#J-18808-Ljbffr