Job Advert
NHS National Services Scotland (NSS)
Information Security Analyst
An exciting opportunity to:
• Enhance information security practice and reduce cyber risk for NHS in Scotland.
• Work in a team to operate new national cyber security capabilities for a large complex organisation.
About NHS National Services Scotland (NSS)
NSS is a national NHS Board operating right at the heart of NHSScotland. Through our services we provide invaluable support and advice. A role we also extend to the wider public sector. supports customers to deliver their services more efficiently and effectively. We offer shared services on a national scale using best-in-class systems and standards. Our aim is to help our customers save money and free up resources so they can be re-invested into essential services.
What We Offer
NSS is designing and delivering core national technology services to enable and improve patient care in Scotland. This post is an opportunity to help improve the lives of everyone in Scotland whilst also utilising and working with new and innovative security technology, and to take part in ambitious national organisation transformation programs.
From an information security perspective NHS Scotland presents a unique and complex challenge comprising 22 health board organizations and over 150,000 staff. This is an environment and work experience that will both challenge you and prepare you for any other future similar position.
NSS provides a fun, flexible and inspirational workplace built on modern working practices to help all of our staff enjoy a sensible work life balance whilst still delivering challenging service. We have comprehensive internal development and training opportunities to help all of our people achieve their full potential in addition to generous compensation and benefits package including NHS pension.
What You'll Do
You will be a skilled information security practitioner or an IT practitioner or data analyst with enthusiasm and knowledge of information security aspects. You will work as part of a team providing security services for NSS and NHS Scotland utilising multiple tools, technologies and processes including, for example:
• Security Information Event Management (SIEM) systems to identify and track potential threat indicators
• Vulnerability management and scanning tools as part of security assessments
• Incident handling and communication working with key stakeholders both within NHS Scotland and externally such as CareCERT SOC (NHS England), Local Authorities and NCSC
• Microsoft technologies including Office 365, Defender ATP and security dashboards
You will also be involved in large scale (up to £10m) projects to deliver information systems and capabilities for the NHS in Scotland, carrying out risk assessments and making control recommendations to ensure that information security risks to systems and data are managed appropriately.
In addition to your salary and strong benefit package (great pension, good holidays), you will enjoy flexible working, including time to work on ideas that interest you in a friendly, collaborative atmosphere.
What You'll Bring
You’ll bring technical and information security expertise, and the ability to analyse and interpret complex and technical security information to reach meaningful conclusions and make appropriate recommendations to help NHS Scotland mitigate cyber security risk.
You will be adept at operating tools and technology to identify and understand security threats, and drafting action plans and recommendations to assist health boards and project teams to mitigate threats.
You’ll need to bring positive enthusiasm and determination to help the business teams to understand the benefit of good security practices and to see that good security enables innovation by helping the organization to adopt and utilize evolving technologies.
Some of your skills and experience will include:
• Information Technology related batchelors degree
• Experience in a technical or IT role such as system administrator, network engineer or experience in a Security Operations Centre (SOC)
• Experience in a cyber security role (IS officer/manager/consultant/etc.), incident responder or a data analyst role able to manipulate large complex data sets to draw conclusions
• Strong skills in MS Office applications in particular Excel and Word
• Strong inter-personal and communication skills, able to present complex information clearly to be understood by non-Information Security staff, and able to influence decision makers
Advantageous skills and experience would be:
• Information Security Professional qualifications: Certified Ethical Hacker (CEH); EC-Council Certified Incident Handler (ECIH) or similar
• Technology certifications would also be beneficial such as Microsoft (MCSE or related security modules), Cisco certifications, other suppliers such as Checkpoint, Palo Alto, Fortinet, etc.
• Experience of NHS e.g. terminology, systems, processes; and particularly the NHS Scotland operating environment
• Knowledge of Scottish Wide Area Network (SWAN), Public Services Network (PSN), UK Gov/HMG security standards e.g. NCSC, NIS, GDPR, etc.
Any candidate who have lived/worked overseas for more than 12 months in the preceding 5 years will also be required to provide a criminal record check from the appropriate overseas agency.
Our benefits package includes pension scheme, comprehensive range of work life balance policies, occupational health services, learning resource centres and discounted leisure, financial and shopping benefits.
For an informal discussion on the post, please contact Colin Howarth on Tel: 07968 982776.
Further information on NSS is available from: www.nhsnss.org
Closing date for completed applications is Monday 12th August 2019.
Please note that the majority of correspondence is sent by e-mail only, so please check your e-mail regularly (including junk folders).
NHS National Services Scotland is the common name of the Common Services Agency for the Scottish Health Service.
NHS National Services Scotland is an equal opportunities employer.
Candidates with disabilities who meet the minimum selection criteria will be guaranteed an interview.