Information Security Specialist
NHS Counter Fraud Authority London
Job overview
The NHS Counter Fraud Authority is the national body responsible for all matters relating to the prevention, detection and investigation of economic crime across the NHS. Further information about our work and annual plan for delivering this is available on our website.
Our team are embarking on a piece of work to monitor data to identify and respond to patterns indicative of potential fraud. This will support our current work that reduces the likelihood of fraud occurring. We will bring in data science capabilities to be deployed in counter fraud activity and work closely with partners across health and government to further maximise the preventative impact of proactive counter fraud analysis.We will combine this with our range of counter fraud and domain expertise to maximise our impact using your knowledge experience and passion for your chosen field.
We are excited to offer an opportunity for an enthusiastic skilled experienced Information Security Specialist to join our team. In this pivotal role you will collaborate with existing security specialists to provide an assured and compliant secure technology environment.The role requires that the post holder be eligible for or already hold UK National Security vetting to SC level. Fixed Term contract until 31st March 2026.
Potential applicants can contact Simon Clark at [email protected] for an informal chat if you have any questions regarding the role. Interviews will be held w/c 24.3.25
Main duties of the job- Manage, maintain and improve Information Security governance, risk and compliance within the NHSCFA.
- Manage the NHSCFA ISO27001 programme, maintaining continuous certification to the Standard.
- Manage the NHS DSPT compliance programme.
- Contribute to accreditation to UK Government Public Services Network (PSN) requirements.
- Maintain constant awareness of changes in compliance requirements including updates to ISO standards, PSN and the NHS DSPT.
- Manage Information Security audit programs for ISO27001 and other compliance regimes including remediation of audit findings.
Working for our organisation
We have offices based in Coventry, Newcastle and London and offer flexible, hybrid, office and home-based working. In addition to the advertised salary working in the London area will attract High-Cost Area Supplement where appropriate. The NHSCFA values and respects the diversity of its employees and aims to recruit a workforce which reflects our diverse communities.We welcome applications irrespective of people's age, disability, gender, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances. We have policies and procedures in place to ensure that all applicants are treated fairly and consistently at every stage of the recruitment process, including an invitation to the first stage of the selection process and consideration of reasonable adjustments for people who have a disability.
If you are applying to undertake this role on a secondment basis you should have agreement to being released from your current role in principle, prior to submitting an application form. When you apply for this role, you will be redirected to our recruitment system TRAC.
The NHSCFA does not hold a sponsor licence in respect of skilled worker visas and so is unable to employ candidates requiring sponsorship.
We reserve the right to close this vacancy before the advertised closing date should we receive a significant number of applications.
Detailed job description and main responsibilities- Manage the NHSCFA Cyber Risk Management process, producing comprehensive Risk Documentation in accordance with the National Cyber Security Centre best practice.
- Assess the effectiveness of Security Controls by conducting reviews, internal audits and spot-checks of ICT Security Infrastructure elements including, but not limited to: firewall, IDS/IPS, anti-malware, web and email filtering, MDM, SIEM, patch and vulnerability management.
- Support the ICT Security Incident Management Process, reviewing security incidents, weaknesses and malfunctions relating to the NHSCFA’s systems, taking appropriate remedial action.
- Produce reports for Information security risk and compliance including KPIs and standards where applicable.
Please see full Job Description and Person Specification
Person specification
Knowledge and Experience
Essential criteria- Detailed technical knowledge across a diverse range of areas including web technologies, applications and services, information systems and cloud infrastructure, and managed service architectures.
- Experience of developing, implementing and maintaining ISO27001 certification.
- Experience of designing and recommending appropriate controls to enable the achievement of IT security and wider business goals.
- Experience of evaluating threat intelligence data from multiple sources to inform decision making.
- Has a real interest in Information Security and ensures they keep up to date with the latest security news.
- Management of NHS DSPT compliance
- Line management experience
Specialist Knowledge
Essential criteria- Experience of implementation and management of security technologies including: firewall, WAF, anti-malware, IDS/IPS, web filtering, email filtering, SIEM, patch management, MDM, DLP
- Demonstrate extensive knowledge of Information Security and assurance in the following areas:
- Cloud security (AWS, Azure, SaaS cloud applications)
- Virtualisation
- ISO27001 • Risk Management Process
- Security Monitoring and auditing
- Database security
- Production of IT security reports/MI for relevant parties
- Security due diligence and security assurance reviews of 3rd party suppliers
- Working with a combination of outsourced and in-house IT provision
- Experience and knowledge of some of the following:
- ICT application security architecture and design
- Software security architecture
- Digital Forensics
- Public Services Network (PSN) and NHS HSCN
- Penetration Testing
- Network (LAN/WAN) security
- Experience of designing IT security mitigation measures to meet information security work-based assessments
Qualifications
Essential criteria- Degree or equivalent in an Information Technology or related field, or significant demonstrable experience.
- ISO27001 Lead Auditor
- A professional certification or qualification in Information Security Management (e.g. CRISC, CISA, CSA-CCSK, CSA-CCAK) or other relevant professional Information Security qualification.
- EC-Council Certified Ethical Hacker
- ISO27001 Lead Implementor
- Microsoft Certified: Azure Security Engineer Associate
- ITIL foundation
- Comptia Security+
Vetting
Essential criteria- Eligible for UK National Security vetting to SC level.
- Has UK National Security vetting at SC above
Communication Skills
Essential criteria- Clearly demonstrates impactful communication skills (oral, written and presentation) in both formal and informal settings, articulating complex ideas to broad audiences
London
for shaping and executing the organisation's information security strategy, with a particular focus on securing large-scale transformation efforts and protecting the integrity of our cyber security frameworks. You will be pivotal in safeguarding critical...
Nexus Jobs LimitedLondon
Job Description
Information Security Architect / Manager
Our Client is an International company with offices in Central London.
They are looking to bring on-board an Information Security Architect / Manager with at least 5 to 8 years proven...
NHS Counter Fraud AuthorityLondon
and domain expertise to maximise our impact using your knowledge experience and passion for your chosen field.
We are excited to offer an opportunity for an enthusiastic skilled experienced Information Security Specialist to join our team. In this pivotal...