Senior Cyber & IT Security Officer (Audit and Assurance)
Senior Cyber & IT Security Officer (Audit and Assurance)
Mersey Care NHS Foundation Trust celebrates diversity and promotes equal opportunities; we are committed to challenging and eliminating racism and other forms of discrimination and advancing and promoting equality of opportunity in the provision of services and creating an inclusive environment for all employees. We believe that everyone has the right to be treated with dignity and respect.
We take positive action to support disadvantaged groups and also particularly encourage applications from ethnic minorities, disabled and LGBTQIA+ people that are under-represented in our workforce. Furthermore, we welcome applications from reservists and ex-armed forces personnel as we recognise the benefits of the values, skills, training and experience that they bring to their work with us. We encourage all applicants to share their equality information with us.
Job overview
Responsible for the preparation and evidence gathering for the Data Security Protection Toolkit, and other assurance and IG requirements.
Manage the task list for DSPT and IG tasks and allocate as appropriate.
To contribute within Informatics Merseyside, Trusts and ICB Assurance and Information Security and Governance best practice.
Main duties of the job
- The post holder will have a broad understanding of IM&T technologies and broad knowledge of key technologies such as firewalls, email filters, anti-virus and intrusion detection technologies.
- Contribute to the development of the monthly Cyber Dashboard report.
- To contribute to the development of information security and technical plans that will feed into the wider Partner Organisations, and Informatics Merseyside strategies.
- Assist in the formulation and development of information security plans and strategies to enable the successful completion and implementation of new systems. This might include logistics for equipment and software delivery and installation, scheduling human resources for training and configuration tasks and change control to minimise potential down time.
- Assist with the development of information security policies and procedures that will be required for the secure operation of systems built by the IT Security team. The policies will have far-ranging impact across Informatics Merseyside and Partner Organisations.
Working for our organisation
Mersey Care is one of the largest trusts providing physical health and mental health services in the North West, serving more than 1.4 million people across our region and are also commissioned for services that cover the North West, North Wales and the Midlands.
We offer specialist inpatient and community services that support physical and mental health and specialist inpatient mental health, learning disability, addiction and brain injury services. Mersey Care is one of only three trusts in the UK that offer high secure mental health facilities.
At the heart of all we do is our commitment to 'perfect care' - care that is safe, effective, positively experienced, timely, equitable and efficient. We support our staff to do the best job they can and work alongside service users, their families, and carers to design and develop future services together. We're currently delivering a programme of organisational and service transformation to significantly improve the quality of the services we provide and safely reduce cost as we do so.
Flexible working requests will be considered for all roles.
Detailed job description and main responsibilities
- Assist with the design and implementation of information security solutions that meet the needs either specified by users or by senior team members. Would be expected to be capable of undertaking the analysis of an existing system for further development.
- The post holder will need to be aware of the development of legislation making sure that as the laws and guidelines change, information security strategies and policies keep in step.
- Regularly devote time to the research of newly discovered internet threats, software vulnerabilities and issues arising from poor information security practice. Using this information develop strategies for mitigating the potential risk. Either through procedural change or implementation of new software and hardware tools.
- The post holder will work to agreed guidelines and targets but will have the freedom to work in a way they deem fit. Can give advice and support without referring to line management. May be a lead specialist in specific technologies.
- There may be a requirement to attend meetings for the Deputy Cyber & IT Security Manager.
Person specification
Qualifications
Essential criteria
- Relevant degree or equivalent IT work experience
- Evidence of on-going professional development.
- Certified in Cybersecurity (CC)
- Have, or working towards SSCP
- Have, or working towards cloud security qualifications such as AZ-500
Essential criteria
- Significant experience of using Microsoft Office applications
- Specialist knowledge and expertise of IT systems and infrastructure; this should include knowledge and expertise in design, systems implementation, IT security, IT standards and best practice
- Wide-ranging knowledge and experience of software packages related to the entire range of IT systems provision
- Experience of successful collaborative and partnership working and ability to encourage others likewise
- Understanding of risk management, business continuity management, procurement, corporate governance, and corporate performance reporting principles
- Working knowledge of internet security devices such as firewalls, web proxies, email filters and intrusion detection devices
- Working knowledge of Network Detect and Respond, Cloud Security, M365 Secure Score, EndPoint protection
- Knowledge and experience of web, software packages, operating systems, networking, and IT security technologies including MS Windows, all versions, Unix and other server operating systems and networking and networking standards including IPv4
- Understanding of Cyber frameworks such as, cyber-kill chain, Mitre Att&ck Framework, NIST, ISO, CE, CIS, CAF
- Cloud technologies and Security benchmarking
Essential criteria
- Continuous Improvement
- Accountability
- Respectfulness
- Enthusiasm
- Support
- High professional standards
- Responsive to service users
- Engaging leadership style
- Strong customer service belief
- Transparency and honesty
- Discreet
- Change oriented
Essential criteria
- Excellent communication skills
- Excellent organisational skills
- Advanced Excel skills
- Attention to detail
- Ability to travel
- Strong customer service skills
- Ability to explain technical issues in a non-technical and non-threatening way to users
- Ability to work unsupervised and prioritise workloads to maximise productivity of self and the team
- Ability to maintain a professional and courteous manner at all times
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
