Senior Information Security Practitioner

This role is part of our Information Security & Business Continuity team, responsible for:

• Ensuring the protection of the information in our organisation throughout the information lifecycle - that ensures the confidentiality, integrity, purpose, and availability of information, so that the organisation's information is safeguarded from unauthorized access and misuse.
• Ensuring the availability of minimum services at a sufficient level for the business to sustain in the event of disasters.
• Horizon scanning across industry, identifying emerging trends and their potential impact and opportunity for the organisation.
The team has operational responsibility for security tooling and data (examples, but not limited to - anti-virus and intrusion prevention, security assurance platforms, security testing and monitoring platforms, etc) and for our managed services (security operations centre). You will put people at the heart of everything you do - with a relentless focus on user experience and ensuring all our user needs are met across sites at Moorfields Eye Hospital NHS Foundation Trust. With the ever-increasing need and interest in the use of digital technology in healthcare, you will be part of a team of Digital, Data and Technology experts that delivers service improvements and keeps at the forefront of new technology., At this role level, you will:
• Responsible practitioner for multiple information security and business continuity services that are highly complex and high risk, ensuring performance and quality measures are aligned with business outcomes, and met.
• Define strategies and be central to assuring multiple services - improving the security and resilience of our organisational infrastructure.
• Regularly collaborate and find agreement with senior stakeholders, providing direction and challenge
• Be proactive in identifying problems and translating these into non-technical descriptions that can be widely understood.
In your role you will partner with other technology and data teams in the organisation. It is expected alongside specialist information security and business continuity skills and experience, you will have generalist or specialist experience in multiple domains:
• Cloud operations
• Data management
• Domain directory services
• Data storage and management
• Datacentre operations
• Device management
• Network security and operations
• Server architecture, Provide leadership and direction to the information security and business continuity service, including wider directorate and business teams
• Mentor and coach others, helping to develop our long-term capability including identify capability gaps and solutions
• Contribute to the development of long-term strategic plans for information security and business continuity, identifying risks and issues and developing mitigation strategies - with clear outcome measures.
Communicating between the technical and non-technical
• Identify the needs of business and technical stakeholders.
• Effectively manage stakeholder expectations.
• Demonstrate excellent communication skills and can manage difficult conversations or negotiations, including highly complex, sensitive and/or contentious information.
• Represent information security and business continuity on various internal and external groups.
Data protection and freedom of information
• Support information gathering and creating supporting narrative / recommendations for complex data protection and freedom of information requests.
• Conduct information system searches and investigations that are highly complex / sensitive in nature, to meet data protection or freedom of information needs.
• Provide advice and expert knowledge to projects / programmes / operational services to ensure that information systems are designed to meet data protection requirements.
Financial management
• Understand how to balance cost versus value.
• Consider the impact of user needs.
• Contribute and develop economic investment cases for information security - including financial models for implementation, and running of services
Governance and assurance
• Evolve and define governance.
• Take responsibility for working with and supporting other staff in wider governance.
• Assure services across sets of services.
• Use tools such as standards, guardrails, and principles to effectively govern delivery.
Information Security and Business Continuity
• Demonstrate in-depth knowledge of information security and business continuity, including analysing + testing Trust-wide capabilities and identifying improvement areas.
• Ensure that our security posture is maintained, monitored/measured and be responsible for leading interventions where standards are not met (example: security patching).
• Develop, maintain, and improve our data and technology Business Continuity & Disaster Recovery Plans, enabling us to respond to and recover from business continuity events - ensuring we can provide a safe level of service to the public during the event, and ensuring we can manage the recovery process and incorporating learning.
• Lead vulnerability audits, security & penetration tests, forensic audits, or related investigations - ensuring all findings are evaluated, and where appropriate, fed into continuous service improvement activities to continuously improve our security posture and resilience.
• Responsible for ensuring standards around information security and business continuity are embedded into service design.
• Provide subject matter expertise in major incidents, cyber security incident and/or events caused by or affecting information security.
• Act as the Problem Owner for highly complex, or sensitive information security matters (from identification through to resolution).
• Undertake Data Protection Impact Assessment (DPIA) and Information Security Assessment (ISA) activities, including supply chain / 3rd party assessments, aligned with projects / operational services.
• Maintain and improve the Information Security Assessment lifecycle, and Information Risk Management documentation for IT systems and data.
• Ensure that access to Trust systems is appropriately managed, regularly audited, and lead investigations as required.
• Provide expert advice on information transfer agreements with partner organisations in support of the Information Governance function.
• Partner with the Organisational Development and Information Governance teams and support the delivery of information security awareness and training.
Making and informing risk-based decisions
• Make decisions characterised by managed levels of risk and complexity and recommend decisions as risk and complexity increase.
• Resolve disputes between wider peers and indirect stakeholders, considering all views and opinions.
Policies, procedures, and processes
• Develop, maintain, and improve all directorate information security and business continuity policies & procedures, considering regional and national policies and practices, ensuring that both manual and electronic information across the Trust is included in-scope. Including, but not limited to - DSPT, NIS, ISO / IEC series standards, cyber essentials, etc.
Risk management
• Conduct information security risk assessments and control selection activities.
• Responsible for the management of information security and business continuity risks (for technology and data), including identifying new risks and ensure we are actively managing risk controls (for your portfolio that you are leading on).
Service focus, monitoring, and reporting
• See the bigger picture and investigate how to get the best out of the underlying services to support the organisations' strategic objectives and business priorities.
• Take complex reporting data from multiple sources, compare, and interpret against service baseline and industry standards and provide a supporting narrative.
• Responsible for service reporting for information security and business continuity, in-line with Trust-agreed reporting measures (example: security dashboard, security operations centre performance, etc).
• Ensure we comply with external reporting for information security and business continuity (example: NHS Cyber Alerts).
Strategy
• Apply strategy, using and challenging patterns, standards, policies, roadmaps, and vision statements. You can provide guidance.
• Evaluate current information security and business continuity strategies to ensure business requirements are being met and exceeded where possible
• Responsible for managing and updating underpinning / enabling information security strategies that support the business objectives
• Ensure alignment of operating procedures and policies in-line with national, sector (ICS) and industry best practice - where it makes sense to do so.
Understanding the whole context
• Understand trends and practices outside your team and how these will impact your work.
• See how your work fits into the broader strategy and historical context.
• Consider the patterns and interactions on a larger scale.
User focus
• Explain the difference between user needs and the desires of the user.
• Champion user research to focus on all users.
• Prioritise and define approaches to understand the user story, guiding others in doing so.
• Offer recommendations on the best tools and methods to use.
Community of practice
• Develop and maintain a network of professionals to enable continuous learning and a community which can share, learn, and keep up to date on the information security and business continuity landscape, within the wider Digital, Data and Technology teams.
Other Duties:
• Deputise for the Head of Information Security & Business Continuity as required.
• Occasional work may be required outside of core business hours to support major projects / programmes.
• All other reasonable requests
Due to the nature of this position, employment is subject to proof of eligibility to work in the UK, completion of a satisfactory DBS disclosure and two references. We do not offer visa sponsorship for roles unless clearly stated in our adverts, so please consider this before applying. Our commitment to equality, diversity and inclusion is at the heart of our organisational culture. As part of our pledge to take positive action in recruitment we encourage applications from under-represented candidates including BAME (Black, Asian, and Minority Ethnic) and Disabled candidates as we work towards a representative workforce that is able to provide the quality, the dignity and respect and to deliver above and beyond. Moorfields is a flexible working friendly organisation, and we are committed to helping our employees achieve a work-life balance that is beneficial for health and wellbeing, motivation levels and job satisfaction. Every employee of the Trust has the right to request to work flexibly. Please speak to us about how we might be able to accommodate a flexible working arrangement. If it works for the service, we will do our best to make it work for you. If we receive sufficient applications, we will close this ad prior to the closing date. You are advised not to delay submitting your completed application. If you would like to discuss any reasonable adjustments before applying or would like an accessible version of any recruitment documents, please contact the recruitment team at [email protected].

We are Moorfields Eye Hospital NHS Foundation Trust. Founded in 1804, Moorfields Eye Hospital is a world-class centre of excellence for eye health services, ophthalmic research, and education. With more than 2,300 staff we are proud to be supported by one of the most diverse workforces in the NHS. Every year we treat more than 700,000 patients at City Road in central London and at our 22 satellites sites, and, in partnership with the UCL Institute of Ophthalmology and Moorfields Biomedical Research Centre we lead one of the most impactful ophthalmic research programmes in the world. We train many of the leading eye care clinicians in the UK and internationally and have a global reputation for quality and professionalism in ophthalmic care. In addition, we also operate commercial divisions that provide care to private patients in both London and the Middle East. This is an exciting time to join Moorfields. The pandemic fast-tracked a huge amount of innovation which is changing the way we work and deliver care. Construction is under way on Oriel, our new eye care, research, and education centre being built in Camden. The new centre will be flexible and modern, enabling us to bring together healthcare, eye research and education under one roof for the first time. If you want to be part delivering world class eye health services and you share our values: excellence, equity, and kindness, then we would love to hear from you!

At Moorfields, we provide more than just an excellent career and great colleagues to work with. We also offer:
• Salary including High-Cost Area Supplement
• Opportunity to join the NHS Pension Scheme
• Free 24/7 independent counselling service
• Learning and development opportunities
• Easy and quick transport links
• A range of attractive benefits and discounts
• Access to Blue Light Card and other NHS Discount Schemes
• Free Pilates classes
• Full support and training to develop your skills
• Flexible working friendly organisation
And so much more! To see the full range of benefits we offer please see our Moorfields benefits document.