Information Security Specialist | NHS Counter Fraud Authority
The NHS Counter Fraud Authority is the national body responsible for all matters relating to the prevention, detection and investigation of economic crime across the NHS. Further information about our work and annual plan for delivering this is available on our website.
Our team are embarking on a piece of work to monitor data to identify and respond to patterns indicative of potential fraud. This will support our current work that reduces the likelihood of fraud occurring. We will bring in data science capabilities to be deployed in counter fraud activity and work closely with partners across health and government to further maximise the preventative impact of proactive counter fraud analysis.We will combine this with our range of counter fraud and domain expertise to maximise our impact using your knowledge experience and passion for your chosen field.
We are excited to offer an opportunity for an enthusiastic skilled experienced Information Security Specialist to join our team. In this pivotal role you will collaborate with existing security specialists to provide an assured and compliant secure technology environment.The role requires that the post holder be eligible for or already hold UK National Security vetting to SC level.Fixed Term contract until 31st March 2026.
Potential applicants can contact Simon Clark at simon.clark@nhscfa.gov.uk for an informal chat if you have any questions regarding the role.Interviews will be held w/c 24.3.25- Manage, maintain and improve Information Security governance, risk and compliance within the NHSCFA.
- Manage the NHSCFA ISO27001 programme, maintaining continuous certification to the Standard.
- Manage the NHS DSPT compliance programme.
- Contribute to accreditation to UK Government Public Services Network (PSN) requirements.
- Maintain constant awareness of changes in compliance requirements including updates to ISO standards, PSN and the NHS DSPT.
- Manage Information Security audit programs for ISO27001 and other compliance regimes including remediation of audit findings.
We welcome applications irrespective of people's age, disability, gender, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances. We have policies and procedures in place to ensure that all applicants are treated fairly and consistently at every stage of the recruitment process, including an invitation to the first stage of the selection process and consideration of reasonable adjustments for people who have a disability.
If you are applying to undertake this role on a secondment basis you should have agreement to being released from your current role in principle, prior to submitting an application form. When you apply for this role, you will be redirected to our recruitment system TRAC.The NHSCFA does not hold a sponsor licence in respect of skilled worker visas and so is unable to employ candidates requiring sponsorship.
We reserve the right to close this vacancy before the advertised closing date should we receive a significant number of applications.- Manage the NHSCFA Cyber Risk Management process, producing comprehensive Risk Documentation in accordance with the National Cyber Security Centre best practice.
- Assess the effectiveness of Security Controls by conducting reviews, internal audits and spot-checks of ICT Security Infrastructure elements including, but not limited to: firewall, IDS/IPS, anti-malware, web and email filtering, MDM, SIEM, patch and vulnerability management.
- Support the ICT Security Incident Management Process, reviewing security incidents, weaknesses and malfunctions relating to the NHSCFA’s systems, taking appropriate remedial action.
- Produce reports for Information security risk and compliance including KPIs and standards where applicable.
Please see full Job Description and Person Specification
This advert closes on Sunday 9 Mar 2025