Cyber Security Analyst | North Middlesex University Hospital NHS Trust
| Dyddiad hysbysebu: | 22 May 2024 |
|---|---|
| Cyflog: | Heb ei nodi |
| Gwybodaeth ychwanegol am y cyflog: | £49,178 - £55,492 per annum inclusive of HCAS |
| Oriau: | Full time |
| Dyddiad cau: | 21 June 2024 |
| Lleoliad: | London, N18 1QX |
| Cwmni: | North Middlesex University Hospital NHS Trust |
| Math o swydd: | Permanent |
| Cyfeirnod swydd: | 6320274/393-NMUH-2002 |
Crynodeb
The North Middlesex Digital team are looking to recruit a Cyber Security Analyst to protect North Mid’s computer systems, networks, and sensitive data from security breaches, cyber attacks, and other digital threats.
You will be responsible for analysing the security measures in place, identify vulnerabilities, implement security solutions, and respond to incidents to ensure the integrity, confidentiality, and availability of information.
The core purpose of this role is to provide specialist advice to the Trust on cyber security risk and recommend actions to address the risks and bring expertise to provide assurance that existing controls are maintained and monitored in line with the required regulations. The role will also be required to develop the required training so that all staff are able to protect themselves and others from fraud and cyber crime.
The Cyber Security Analyst will monitor and triage vulnerabilities from various sources and based on relevance and criticality, identify mitigations for the vulnerabilities, and provide guidance on the implementation plan.
The Cyber Security Analyst will be responsible for developing and maintaining policies and procedures for technical and non-technical staff in line with the Trust IT policies.
The Cyber Security Analyst will also be required to analyse complex data to identify potential threat actors, collate threat analysis and create cyber security management reports to communicate the threat and severity to the Digital Management team and support the continued development of policies and procedures for both technical and non-technical personnel.
North Mid is part of North Central London integrated care system – consisting of the NHS and Local authority organisations in Camden, Islington, Barnet, Enfield and Haringey. As with other ICS’s, we are working increasingly closely with partners and indeed many of our financial and performance objectives are measured at this system level. Whilst all organisations remain as standalone, statutory bodies we have an ICS infrastructure for making shared decisions and agreeing shared approaches.
We are proud of our staff and want to ensure their training allows them to provide excellent clinical care. We are also a training unit for medical students from UCL and St George’s University Grenada, and for nursing and midwifery students from Middlesex and City Universities.
Take a tour of our hospitalhere
· Act as a key stakeholder in planning, creating and reviewing policy, strategy, standards and procedures ensuring they align with the goals of the organisation and the compliance requirements placed upon the trust (GDPR/DSPT).· Maintain a register of external system suppliers used within the trust, reviewing system security policies and supporting system owners in their compliance with trust standards and the IT Security Policy.· Be an active member in providing subject matter expertise to the Head of IT when planning Strategy & Policy.· Work Closely with members of IT in the rollout of IT systems to ensure their secure configuration and best practice.· Provide expert IT Security advice regarding IT policies, procedures, relevant legislation and good practices to all staff.· Develop, document and implement IT standard Operating Procedures where they pertain to Cyber Security.· Lead on compliance with the technical elements of the Data Security Protection Toolkit (DSPT).· Provide training and advice on all cyber security matters to any level of staff.· Track and monitor CareCerts and ensure the appropriate system owners are informed. Advise and assist system owners in remediating and ensure the completion of remediations.· Produce reports on key performance indicators of the trust’s cyber security posture and report on cyber security activity to the monthly Cyber Security meeting.· Arrange & be a key presenter in the Monthly Cyber Security Meeting, produce and distribute the agenda, key reporting documents, transcribe and circulate minutes from the meeting.· Lead on working with external auditors in relation to cyber security to allow access, provide key evidence and provide any expertise knowledge of the trust’s processes/systems/network required.· Produce and distribute cyber security related communications and training materials.· Provide IT Security Leadership and promote a good cyber security culture within the department and larger trust.· Responsible for the operational management and maintenance of the systems that fall under cyber security.· Responsible for overseeing that all trust assets are registered and managed within the security systems including SIEM/ATP/MECM/SNOW .· Develop highly complex analysis of the network and the trust systems to ensure their security and identify anomalous behaviour.· Work to continuously improve the maturity of the monitoring and alerting regime and ensure that alerting remains relevant as the nature of the network changes.· Monitor trends in events and security information and alerts/inform processes as appropriate.· Analyse and interpret highly complex data to inform future decision making and improve the trust cyber security posture.· Responding to alerts raised by the central NHS England CSOC and play a pivotal role in the response to High severity Alerts.· Responding to cyber security alerts within the ITSM tool and play a pivotal role in the response and resolution.· Triage alerts, conducting initial investigations and escalating incidents in accordance with the Incident Response plan, DR plan and BCP plan.· Review and respond to calls on the service desk and communicate with staff politely to resolve IT & Cyber Security related issues.· Provide expertise and lead on cyber related investigations to provide accurate analysis of alerts and logs from the Trust SIEM and security systems.· Led on the development of internal vulnerability management capabilities working with third parties to develop the required toolset.· Conduct regular vulnerability scans using the trust’s vulnerability tools and produce a prioritised action point list for remediation.· Work with third parties to run automated penetration testing or our external and internal assets and produce recommendations and plan remediation.· Run regular password strength tests and develop/maintain processes to request users to improve their passwords.· Use external monitoring tools to produce remediation reports and plan mitigations.· Develop and maintain process to regularly scan the network and ensure documentation regarding network attached devices up to date and only secure and known devices can connect.· Create and implement systems to report on key metrics required for DSPT compliance and audits.· Stay up to date of new and emerging technologies. Recommend appropriate new solutions to the trust.· Identify gaps in current Cyber Security measures. Research, develop and plan the deployment of technologies to close these gaps and liaise with suppliers to arrange Proof of concept trials.· Provide risk based analysis of security mitigations/process/policies & technologies and align business needs with the risk appetite of the organisation.· Produce documentation for the secure configuration of endpoints and network technology.· Implement security hardening of endpoints.· Implement processes to monitor and maintain the compliance of devices with required baselines (Patching/AV updates/Usage)· Maintain and develop new automation processes utilising scripting technologies.· Work closely with colleagues in the Network Team/Desktop Team to further improve automation of IT operations.· Be responsible for monitoring, documenting and reporting of your own work streams and projects.· Arrange regular quarterly tests of the backups.· Actively monitor the Cyber Associates Network and participate in discussions with other cyber security staff from partner organisations and other NHS trusts.· Monitor news sources and threat feeds to provide early warnings regarding emerging threats and zero day vulnerabilities· Stay up to date on current NHS England, NCSC & general Cyber Security best practices.
This advert closes on Tuesday 28 May 2024
Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd
Hyderus o ran Anabledd
Gwybodaeth am Hyderus o ran Anabledd
Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.