[ref. f23349602] IT Security & Continuity Manager

Job overview

We are seeking a dynamic IT Security & Continuity Manager to join our Digital Operations team.

The post holder will be responsible for maintaining a practical approach to cyber threat management and lead the planning of future IT security solutions and improvements to the security of existing systems and infrastructure. This includes the practical and systematic assessment of security controls, incorporating auditing and monitoring of security and continuity controls across all areas, providing assurance for user authentication and privileged account use, safe and timely patching of assets, end user and device hardening, vulnerability scanning, penetration testing and remediation of discovered cybersecurity vulnerabilities, as part of the wider set of controls and objectives required to maintain compliance the NHS CAF-DSPT.

The post holder will also develop and maintain IT security related policies and procedures, lead the Trust's operational cyber security meetings, and attend and present as required at local governance meetings and represent the Trust at regional cyber security groups as required.

Applicants must demonstrate strong and up-to-date knowledge and experience, including best practices in areas such as firewalls, monitoring solutions (SIEM and EDR), privileged access management, VPN, Windows and Linux, network equipment, IoT appliances, cloud and SaaS, along with user communications and training, incident response, business continuity and disaster recovery.

Main duties of the job

Responsible for assessing and providing evidence for the Trust’s achievement of DSPT compliance, including the requirements of the NCSC CAF.

Responsible for reviewing and continually improving cyber security and continuity in the Trust, including the maintenance of robust processes for managing cyber security incidents and co-ordinating response and resolution actions within a suspected or proven cyber security incident or where aspects of continuity are otherwise engaged.

Responsible for management and reporting of security alerts and vulnerabilities locally and in line with the NHS national cyber operations service.

Participate as required in an on-call rota for Digital.

Working for our organisation

DBTH is one of Yorkshire’s Leading acute trusts, serving a population of more than 440,000. Our services are based over three main hospital sites and several additional services employing over 7,000 colleagues.

At DBTH we have a comprehensive framework of behaviours that guide us in our daily working lives, these form the DBTH Way. We pride ourselves on our commitment to the values of We Care and now the DBTH Way builds upon these foundations, providing further clarity on what it means to embody these values in our everyday interactions.

As an organisation that supports flexible working, we want to be sure that you can work in a way that is best for us and for our patients, and for you. Speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you.

As an equal opportunities employer, we encourage applicants from all sectors of the community, particularly from under-represented groups including those with disabilities, members of our ethnic minorities and LGBTQ+ communities.

• Extensive range of learning opportunities
• NHS Pension Scheme
• Generous holiday entitlement in line with Terms & Conditions
• Comprehensive health and wellbeing support
• NHS Car Lease schemes and a range of salary sacrifice scheme
• Discounts on restaurants, getaways, shopping and finance through external providers.

Detailed job description and main responsibilities

Please see attached to the advert a job description and person specification for further details. Please ensure you read both documents carefully.

Please note, if your application is successful, you will be required to present original certificates of qualifications that are listed in the person specification under essential.

Person specification

Qualifications/Training

• Master’s degree, CISSP and CISM certifications, or equivalent relevant experience
• Demonstrable evidence of continuing professional development in IT security
• ITIL certification or equivalent experience

• CISA certification
• CCSP certification
• Management Qualification
• PRINCE II trained

Knowledge and Experience

• Experience in a relevant senior IT role in an organisation of 3,000+ users
• Experience of the NHS DSPT and NDG security standards, and the NCSC CAF
• Experience and understanding of the security aspects of Active Directory, Entra ID, Intune, Defender EDR, NHS M365, Imprivata OneSign, PrivacyIDEA, Windows 10/11, Windows Server, SQL Server, Microsoft Identity Manager, Microsoft NPS/RADIUS, SCSM/WSUS, BeyondTrust PAM, VMware vSphere, Omnissa Horizon and Workspace ONE, SolarWinds Orion and SEM, Palo Alto PAN-OS, or other comparable systems and infrastructure
• Experience of designing, implementing, and documenting security policies at technical / system level and at corporate / organisational level
• Experience of vulnerability assessments, penetration testing, and security audits; incident investigations; threat hunting, and able to develop plans and monitor and report on progress to required outcomes

• Previous experience in a relevant senior IT role in an NHS acute hospital and understanding of the NHS environment in relation to IT Security
• Conversant with the relevant legislation within which IT security operates (CMA, NIS, GDPR, etc)
• Familiar with ISMS security control standards such as ISO 27001, SOC2, PCI DSS, or NIST
• Experience of developing and implementation of an organisational wide disaster recovery plan in accordance with the needs of the business
• Applied knowledge of digital forensics

Personal Attributes & Skills

• Proven ability to operate / think laterally & work on own initiative
• Ability to influence at senior levels of both the IM&T Directorate and wider Trust
• Ability to communicate in non-technical language to a wide range of audiences
• Able to prioritise and work within imposed deadlines
• Ability to co-develop board reports and business cases to solve strategic issues
• Ability to think strategically and keep track of process towards achievement of milestones
• Potential to develop and change within the changing NHS
• Ability to work on-call and take the lead on managing response to any given issue or incident within the remit of the post and team

• An appreciation of the skills and staffing mix within the NHS environment
• Have a flexible approach to working and be available to work outside normal hours as and when required

• Please note that all correspondence will be sent you to via email. If you are offered a job, information will be transferred into the national NHS Electronic Staff Records system. In submitting an application form, you authorise our Trust to confirm any previous NHS service details via the ESR IAT process should you be appointed.
• We reserve the right to close down this advert early should there be a high number of applicants.
• The Trust is committed to its obligations in accordance with the Equality Act 2010, and we positively encourage applications from all sections of the community.
• All employment with the Trust is subject to a number of NHS Employment Checks being met to a satisfactory standard including verification of identity, eligibility to work in the United Kingdom, references and qualifications in addition to professional registration, a disclosure and barring records check and occupational health check if these are deemed to be a requirement for the position to be undertaken. The Trust is now passing the charge for undertaking a DBS check on to candidates in the event that they are successfully appointed into the post for which they have applied. Please note that this check will be charged for in two instalments when you commence employment with Doncaster & Bassetlaw Teaching Hospitals NHS Foundation Trust. By applying for this vacancy you are agreeing to this undertaking in the event you are successfully appointed.