Cyber Security Specialist

Are you passionate about cyber security and looking for an opportunity to make a real difference with your work? The NHS Business Services Authority (NHSBSA) is seeking a Cyber Security Specialist to join our Digital, Data and Technology (DDAT) team. This is a unique opportunity to ensure the security of NHSBSA network infrastructure and information systems, while enabling open and modern secure digital services.
As a Cyber Security Specialist, you will work closely with NHSBSA business areas to understand and shape their security requirements. You will be an active member of the DDAT department based in Newcastle, with occasional travel to other locations. This is an exciting opportunity for someone who can rationalise highly complex technical information and transform it into understandable content for others to work with., As a Cyber Security Specialist, your main responsibilities will include:
- The management of day-to-day activities and general management of the security operations team.
- Supporting the delivery of the Cyber Security Improvement Programme
- Ensuring appropriate access control and monitoring on NHS BSA IT systems.
- Actively monitoring and undertaking activities that mitigate threats to the integrity of the NHS BSA's Information Assets.
- Conducting forensically sound acquisitions of computer systems and associated media.
- Supporting the management of the ICT security incident process.
- Carrying out reviews, internal audits and spot-checks to ensure the effective operation of security systems.
- Providing expert help and guidance across the lifecycle of a security solution implementation., We welcome applications from people of all backgrounds and circumstances. We are committed and proud to be a flexible employer and will endeavour to offer a working pattern that suits you wherever possible, whether that be hybrid working, flexible hours, job sharing and more.
Ready to join us on our journey to be a catalyst for better health? Apply today and see where the NHSBSA can take you.
We are people connected to care.

Detailed job description and main responsibilities
In this role, you are accountable for
Security Operations
1. To ensure appropriate access control and monitoring on NHS BSA IT systems is maintained.
2. Actively monitor and undertake activities that mitigate threats to the integrity of the NHS BSA's Information Assets. Assesses the effectiveness of firewalls, Gateways, IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to improve network/system resilience
3. Ensure that all controls are in place to ensure continued certification to the Information Security Management Standard ISO27001 and continued adherence to the National Cyber Security Centre cloud security principles.
4. When required conduct forensically sound acquisitions of computer systems and associated media to accumulate evidence in the area of forensic computer science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law.
5. Support the management of the ICT security incident process, reviewing security incidents, weaknesses and malfunctions relating to the NHS BSA's systems, taking appropriate remedial action, including addressing any performance related targets not met by internal and external suppliers.
6. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS, vulnerability and patch management, Email and Web Filtering, anti-malware, and hardening of operating systems and applications
7. Recognises decisions that have implications beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly.
8. Fully engage and contribute to delivery of projects, change and continuous improvements by providing specialist information security advice.
9. Provides constructive and timely expert advice to system developers on whether proposed solutions are likely to gain assurance.
10. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and non-technical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and service design is successfully translated, built delivered and operated to meet security and business requirements
11. Supports the strategic direction of the Cyber security operation function by assisting with the development, maintenance, promotion and stewardship of Security Procedures and Standards, in accordance with the NHS BSA's requirements, IG policies and procedures, legislation and EU Directives.
Knowledge Management
12. Maintain detailed technical knowledge of IT Security products, systems, policies and procedures used within the NHS BSA
13. Keeping abreast of technological and maintain an excellent understanding of the use of technology in delivering business objectives.
14. Identify and support opportunities to further develop skills to meet the changing needs of the business Taking ownership for decision making within own area, seeking support and feedback to develop well thought out solutions, processes and work as required, and in conjunction with agreed procedures.
Relationship Management
15. Working across/within different programmes as needed and to translate business security requirements into IT services and solutions.
16. To work with NHSBSA staff and Third Parties to ensure that security standards, governance and processes are in place for producing and maintaining up to date, comprehensive, comprehensible documentation which will include IT service security "blueprints" for all systems and services.
17. Identify opportunities, engaging and fostering relationships and partnership working within the organisation, and with third parties, to identify and deliver value to the organisation.
18. Working collaboratively with Professional Leads to identify, implement, and support team and individual development.
Information Management
19. Research of the marketplace and constant awareness of industry trends and innovation using information to inform the Cyber security strategy of the NHSBSA and as input to design activities.
20. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within security operations.
21. Monitor, report, present or escalate issues as appropriate to the Cyber Security Operations Team Lead
Delivery Management
22. Carry out Information Risk Assessments and produce comprehensive Risk Assessment Documentation in accordance with the National Cyber Security Centre best practice.
23. Acts as an SME and recognised point of contact for advising on queries covering their area of responsibility from internal and external sources. Establishing the Cyber Security operations team as the "go to" team for advice on such matters. Advises on standards and tools in their own specialism.
24. Managing staff workload and completing own assigned tasks, to a high quality and within agreed timelines. Delivering continuous improvements to enhance own and business areas; co-ordinating and delivery of work across multiple strands such as continuous improvement, project related work, and operational tasks, and escalating issues at appropriate times.
25. Providing feedback on functional and non-functional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.
26. Participating in procurement processes for hardware and software. Reviewing functional requirements and providing nonfunctional requirements to ensure the overall needs of the business are met from a Cyber Security perspective.
People Management
1. The management of day-to-day activities and general management of colleagues.
2. Enabling the performance of others, including objectives setting fully aligned to departmental and organisational objectives and goals, and the development and motivation of staff to achieve them.
3. Conducting meaningful appraisals and 1-1s, identifying and meeting development needs, implementing, monitoring, evaluating, and reporting on the impact and success of implemented training plans.
4. Undertake recruitment and selection in line with organisational processes and participate in the implementation and delivery of initiatives to secure suitable resources, increase skills levels and develop talent pools to meet the changing needs of the business landscape.
In addition to the above accountabilities, as post holder you are expected to
1. Undertake additional duties and responsibilities in line with the purpose of your role and as agreed by your line manager.
2. Demonstrate NHSBSA values and core capabilities in all aspects of your work.
3. Encourage an environment where your own and colleagues' safety and well-being is promoted.
4. Contribute to a culture which values diversity and inclusion.
5. Follow NHSBSA policies, procedures, and protocols as they apply to your role.
The NHSBSA is passionate about creating a diverse and inclusive organisation, which is a great place to work and truly reflects the diversity of our customers. We welcome applications from talented people of diverse characteristics including age, disability, gender identity and expression, race or ethnicity, religion or belief, sexual orientation, or any marginalised group. We also welcome applications from all those in the Armed Forces Community.
At the NHSBSA we pride ourselves on being a Disability Confident Leader, Stonewall Top 100 employer and we've recently been awarded the Employers Network for Equality and Inclusion Gold Standard benchmark.
We offer an invitation to the first stage of the selection process for people with disabilities that wish to be considered under the Disability Confident scheme, and for members of the Armed Forces Community, where all of the essential criteria in the person specification are met.

The successful candidate will have extensive experience of managing security technologies and a real interest in information security.
You will also have a broad understanding of risk management and the ability to effectively set and undertake Accreditation work.
Please review the attached job description and person specification for a full list of responsibilities for the role.

Here at the NHS Business Services Authority (NHSBSA), what we do matters.
We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we take pride in being part of something so meaningful, that touches millions of lives.
Just as we design our services around the needs of our customers, we place our people at the heart of our organisation. That's why when you join us, you'll be empowered and given the right support to help your career grow.
As one of the UK's Best Big Companies to work for, we're all connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.
We strive to offer a fantastic colleague experience, where every voice is heard, and every colleague is supported and respected. Wellbeing, diversity and inclusion is at the centre of this, so when you join us, you can connect with our Lived Experience Networks who help us to bring our authentic selves to work.

27 days leave (increasing with length of service) plus 8 bank holidays
- Flexible working (we are happy to discuss options such as compressed hours)
- Flexi time
- Hybrid working model (we are currently working largely remotely)
- Career development
- Active wellbeing and inclusion networks
- Excellent pension (23.7% employer contribution)
- NHS Car lease scheme
- Access to a wide range of benefits and high street discounts!