Job Advert
NHS Scotland is committed to encouraging equality and diversity among our workforce and eliminating unlawful discrimination. The aim is for our workforce to be truly representative and for each employee to feel respected and able to give their best. To this end, NHS Scotland welcomes applications from all sections of society.
Information Security Analyst (Monitoring & Alerting)
About the Organisation:
National Services Scotland (NSS) is a national NHS Board operating right at the heart of NHSScotland providing invaluable support and advice at a strategic and operational level. NSS supports customers to deliver their services more efficiently and effectively and we offer shared services on a national scale using best-in-class systems and standards. Our priority is always the same – to improve the health and well-being of the people of Scotland. We do this by working in partnership with colleagues across Health and Social Care to deliver fit for purpose solutions and systems, delivering high quality services that help our stakeholders to free up resources so they can be re-invested into essential services. The security services and technology provided by NSS Digital and Security (DaS) are critical operational components, used 24/7 365 days a year.
The Post:
The postholder’s role provide specialist information / cyber security advice and internal audit with guidance services to health boards to enable the creation of policies and procedures for systems compliant with the NIS Regulations, GDPR and the NHSS Information Security Policy Framework.
The post holder will lead on major security consultancy engagements with larger scale customers of NHS Scotland. The post holder will be responsible for developing security policy and undertaking risk assessment of large-scale Health Board National level systems or applications.
The post holder will be required to develop and contribute to business cases and security-related options appraisals for NHSScotland-wide initiatives, analysing the total cost of ownership of each option, negotiating with Health Boards and suppliers to achieve the best rates, comparing the anticipated business benefit, making recommendations accordingly.
The postholder should be able to manage conflicting demands, negotiating, and influencing customers in terms of timescales and deadlines. Customers include (but are not limited to): Scottish Government (SG), NHSS Boards, NHS Organisations, Local Authorities and other stakeholders.
The Candidate:
The candidate should have experience:
· Working and leading staff in a busy national security operations centre, preferably in healthcare providing a service 24/7, 365 days a year
· Delivering and operating IT infrastructure (networks, servers, desktop, etc.)
· Leading security operations functions, including: Cyber Security Incident Response and Management; Vulnerability Management; Threat Intelligence; Security Architecture.
· Working in Data Protection, Freedom of Information, audit, PCI DSS or other relevant compliance disciplines
· Proven experience as significant technical authority within the information and cyber as a specialist area
· Developing, designing, and implementing new security operations, processes, and technology.
· working within a multi-disciplinary team with high-calibre staff.
· Working within NHS Scotland (desirable)
The candidate should have a degree in related subject, and ideally experience gained working in relevant role within an NHS environment and have an in-depth knowledge of digital & information security. Ideally the candidate will have achieved Chartered Professional status of the British Computer Society (MBCS CITP) and should have obtained a post-graduate qualification in the specialist area e.g. ISO27001 Lead Implementer, CISM, CISA, CISSP, GIAC certifications, CCP accreditor or have equivalent additional experience / expertise.
The candidate should excellent interpersonal, communication and organisational skills. They should also be able to work with minimal supervision but should demonstrate good team working and leadership skills. The candidate needs to be flexible and should be able to deal with conflicting demands, whilst under pressure. The candidate needs to understand the importance of effective communication skills and confidentiality.
The successful candidate will be required to undergo a Disclosure Scotland check. Any candidate who have lived/worked overseas for more than 12 months in the preceding 5 years will also be required to provide a criminal record check from the appropriate overseas agency.
Location and Working Pattern:
NHS Scotland Cyber Security Centre of Excellence (CCoE) is physically located within the Cyber Quarter at Abertay University, Dundee, where staff can benefit from hybrid working.
Work Pattern - Monday to Friday, 37 hours per week [preferred].
It is a condition of this employment that you must live and remain a resident within the UK for the post in which you will be employed with NSS.
Benefits:
Our benefits package includes pension scheme, comprehensive range of work life balance policies, occupational health services, learning resource centres and discounted leisure, financial and shopping benefits. HR Benefits Brochure.
Further information:
For an informal discussion on the post, please contact Scott Barnett on scott.barnett@nhs.scot or Jenni Harrison on jenni.harrison@nhs.scot
Closing date for completed applications is 15 July 2024.
Further information on NSS is available from: https://www.nss.nhs.scot/
Please note that the majority of correspondence is sent by e-mail only, so please check your e-mail regularly (including junk folders).
NHS National Services Scotland is an equal opportunities employer and as committed participant in the disability confident scheme, guarantees to interview all disabled applicants who meet the minimum criteria for our vacancies