Main area IT Grade 7 Contract Fixed term: 5 months (contract ends March 31st 2026) Hours
* Full time
* Flexible working
37.5 hours per week Job ref 273-DC-7378356
Employer Moorfields Eye Hospital NHS Foundation Trust Employer type NHS Site Moorfields Eye Hospital NHS Foundation Trust Town London Salary £56,276 - £63,176 per annum pro rata incl HCAS Salary period Yearly Closing 26/10/2025 23:59
Associate Information Security Practitioner
7
YOU MAKE US MORE
Join Moorfields Eye Hospital NHS Foundation Trust
At Moorfields, people’s sight matters—and so do the people who make it possible.
For over 200 years, Moorfields has been at the forefront of ophthalmic care, research, and education. With more than 2,300 dedicated team members and over 700,000 patients seen annually across our City Road site and 22 networked sites, we are proud to be a global centre of excellence.
We're also a vibrant community where kindness, equity and excellence shape every aspect of our work. Whether it’s pioneering research through our partnership with UCL Institute of Ophthalmology and Moorfields Biomedical Research Centre or training the next generation of global eye care leaders, we’re united by one mission—delivering world-class eye health, sustainably and at scale.
Construction is well underway on our groundbreaking new centre in Camden, a joint initiative between Moorfields Eye Hospital, UCL Institute of Ophthalmology and Moorfields Eye Charity This modern, flexible facility will bring together eye care, research, and education under one roof—enabling transformative innovation and collaboration like never before.
Could you be part of this future? Make us more.
Job overview
The Associate Information Security Practitioner role is part of the Moorfields Information Security Team. The team ensures that our systems and data are safe, secure, and resilient – so that we can focus on delivering high-quality, patient-centred care, and are trusted by our patients, service users and staff.
The team has operational responsibility for security tooling, such as anti-virus and intrusion prevention, security assurance platforms, security testing and monitoring platforms, etc) and for our managed services (security operations centre). The team performs assurance and compliance activities most notably contributing to the annual NHS Data Security Protection Toolkit (DSPT) cycle.
We put people at the heart of everything we do, and Moorfields is undergoing digital transformation. With the ever-increasing need and interest in the use of digital technology in healthcare, there is also an increase of cyber threats across the sector. You will be part of a team of Digital, Data and Technology experts that deliver excellence in a busy department.
Main duties of the job
* Contribute to operational support of information security solutions and services
* Engage with our third party provision of information security service
* Contribute Information Security expertise to projects and operational services
* Support assurance activities and the improvement of security and resilience of our organisational infrastructure.
* Be proactive in identifying problems and translating these into non-technical descriptions that can be widely understood.
In your role you will partner with other technology and data teams in the organisation. It is expected alongside specialist information security and business continuity skills and experience, you will have generalist or specialist experience in at least one of the following areas:
* Cloud operations
* Domain directory services/IAM
* Network security and operations
* Security architecture
Working for our organisation
At Moorfields, we provide more than just an excellent career and great colleagues to work with. We also offer:
Salary including High-Cost Area Supplement
Opportunity to join the NHS Pension Scheme
Free 24/7 independent counselling service
Learning and development opportunities
Easy and quick transport links
A range of attractive benefits and discounts
Access to Blue Light Card and other NHS Discount Schemes
Free Pilates classes
Full support and training to develop your skills
Flexible working friendly organisation
And so much more! To see the full range of benefits we offer please see our Moorfields benefits document.
Detailed job description and main responsibilities
Information security
* Undertake Information Security Assessment activities, including supply chain / 3rd party assessments following National Cyber Security Centre evaluation best practices for cloud and on premise technologies.
* Monitoring practices including key performance indicators on security enforcing tools such as anti-virus, patching, and driving security posture improvements.
* Technical audit activities included within vulnerability management including internal scans and external security & penetration tests, forensic audits, or related investigations. This includes the ability to ensure remediation of findings are handled and fed into continuous service improvement activities.
* Incident management of cyber security events of all severities, throughout the incident lifecycle.
Business Continuity
* Develop, maintain, and improve data and technology Business Continuity & Disaster Recovery Plans that enable us to respond to and recover from events.
Data protection
* Support information gathering and creating supporting narrative / recommendations to ensure security of data through the annual Data Security Protection Toolkit cycle.
* Provide advice and expert knowledge to projects / programmes / operational services to ensure that information systems are designed to meet data protection requirements.
* Risk management activities such as maintenance of the risk register, identification and management of risk, escalations, and using risk to drive improvements.
Policies and security awareness
* Contribute to the development of the Trust information Security policy framework, considering regional and national policies and practices.
* Apply policy to working practices and procedures, and guide colleagues towards information security policy.
Person specification
Skills and Experience
* Relevant management / leadership qualification or equivalent experience to masters level
* Relevant information security qualification or equivalent experience (example: CISM, CISSP, or plan to obtain within 12 months)
Experience
* Experience in delivering and developing information security and business continuity services
* Experience of developing and implementing organisation-wide information security and business continuity related strategies, policies, and procedures
* Experience of solving complex business problems for users using technology – balancing usability with security
* Experience of supporting the transition of products from Delivery into Live Service
* Experience of working with conflicting, highly complex, and/or highly sensitive information
* Experience in managing critical incidents, and problem investigation + resolution (including managing security incident response, and information security breaches)
* Experience of contributing to, and developing enabling strategies (example: information security)
* Coaching, mentoring and supervision of others
* Management of financial budgets for a service (pay, on-call, consumables, relevant 3rd party provision contracts) and developing investment cases
* Experience in conducting or managing information security audits, penetration testing, table-top / simulation exercises, and incident investigations
* Experience of management products / services in healthcare (NHS)
Skills and Knowledge
* Deal with complex business problems and translate into information security and business continuity requirements and solutions
* Strong domain knowledge in at least one of the following areas, and the ability to acquire an adequate understanding of the other areas: • Enterprise Architecture • HMG Secure Policy Framework (SPF) and Information Assurance Maturity Model (IAMM) • ISO27001 • Risk assessment and management • Data security and protection toolkit (DSPT)
* Broad knowledge of enterprise technology and data solution(s) and how information security and business continuity should be considered
* Identify training needs to build and sustain information security and business continuity capability
* Prioritisation of work – within the team and across the wider Digital, Data and Technology teams
* Meet set targets or metrics for service
* Autonomous working and can delegate appropriately
* Good communication skills – tailoring your message for your audience, providing, and receiving highly complex, sensitive and/or contentious information, able to communicate complex technical information in a simple way to stakeholders
* Present complex, sensitive, and contentious information to large groups
* Strong domain knowledge and ability to keep ahead of information security and business continuity initiatives
* Design and develop our information security and business continuity tools and processes
* Systematic and methodical approach to problem solving
* Relentless focus on user needs and experience
* Problem-solving mindset – focusing on improving outcomes
* Seeing the bigger picture - understand how your work and the work of your team supports wider objectives and meets the diverse needs of stakeholders
* Able to work well within a busy environment
Due to the nature of this position, employment is subject to proof of eligibility to work in the UK, completion of a satisfactory DBS disclosure and two references. We do not offer visa sponsorship for roles unless clearly stated in our adverts, so please consider this before applying.
Our commitment to equality, diversity and inclusion is at the heart of our organisational culture. As part of our pledge to take positive action in recruitment we encourage applications from under-represented candidates including BAME (Black, Asian, and Minority Ethnic) and Disabled candidates as we work towards a representative workforce that is able to provide the quality, the dignity and respect and to deliver above and beyond.
Moorfields is a flexible working friendly organisation, and we are committed to helping our employees achieve a work-life balance that is beneficial for health and wellbeing, motivation levels and job satisfaction. Every employee of the Trust has the right to request to work flexibly. Please speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.
If we receive sufficient applications, we will close this ad prior to the closing date. You are advised not to delay submitting your completed application.
If you would like to discuss any reasonable adjustments before applying or would like an accessible version of any recruitment documents, please contact the recruitment team at moorfields.recruitment@nhs.net.
https://www.moorfields.nhs.uk/work-for-us
Employer certification / accreditation badges
The postholder will have access to vulnerable people in the course of their normal duties and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.
Name Jennifer Denitto Job title Head of Information Security & Business Continuity Email address jennifer.denitto@nhs.net Telephone number 07742 659182
#J-18808-Ljbffr