Security Analyst

at  NHS South West London Integrated Care Board

This role is part of the ICT Enterprise Security Team which implements and manages the processes and policies to cover all aspects of technical and physical security across all Infrastructure assets. The team also assists in ensuring all new technologies and technical changes adhere to Security standards and that the ICT service remains compliant with NHS and industry regulations and standards.
An organisation such as the ICB is reliant on its IT systems and information being secure and available at all times. In addition, it is essential that IT Services are delivered in a cost effective manner to industry wide standards such as ITIL, CE+ and ISO27001. The post holder will provide assistance to the Lead Enterprise Security Manager to ensure all aspects
of Security and related tasks are delivered within timeframes set to budget and within defined scopes.
The role is designed to build a combination of subject matter expertise and technical skills to develop a strong service delivery.
Note the postholder may be expected to participate in the out-of-hours on-call rota for the ICB infrastructure and the customers it provides a service to.

The post holder will undertake the following duties and responsibilities:

• Assist the Lead Enterprise Security Manager to ensure all new and changed technologies meet NHS and Industry security standards.
• Play an active role in the ICT Change Authority, Design Authority, and development of new solutions.
• Develop and produce reports to ensure compliance to Security standards including, Accredited Safe Haven (ASH), Data Protection and Security Toolkit (DPST) CE+, ISO270001 to name a few.
• Undertake ICT Security projects as required directed by the Lead Enterprise Security Manager, or appointed manager.
• Act as a Technical resource for IT Security solution implementations
• Develop, publish, review, and amend all ICT Security Policies to meet the

requirements of the defined review cycle.
NHS South West London Integrated Care Board works with partners from across the South West London Integrated Care System (ICS) to develop plans to meet the health needs of the population and secure the provision of health services, and is directly accountable for NHS spend and performance in South West London.
ICBs are statutory NHS bodies responsible for planning and allocating resources to meet the four core purposes of integrated care systems (ICSs):
to improve outcomes in population health and healthcare;
tackle inequalities in outcomes, experience and access;
enhance productivity and value for money and;

help the NHS support broader social and economic development.

• Implement security controls and initiatives to ensure compliance with the organisational Security Policy.
• Lead security evaluation activities utilising security tests such as commissioned IT Health Checks, auditing, vulnerability scanning and penetration testing to name a few [but not exhaustive].
• Report testing results to management and commissioning customers. Documenting and managing completion of required corrective actions, remediation activities and recommendations using well documented and managed improvement and implementation plans.
• Ensure procedures and documentation are followed to manage, safeguard, and support a secure environment.
• Ensure that all IT Security documentation is continually up to date.
• Develop and implement new procedures through the correct channels where necessary, to ensure smooth running of the service.
• Support the collation of information and reporting requirements to ensure NHS and ICT Industry security compliance, to include NHS Digital reporting requirements during cyber incidents. Support the reporting cycle as specified in the ICT Security and Incident Management Policies
• Evaluate new security technology developments, to include the recommendation of new technologies, where appropriate internally for evaluation and PoC as suitable.
• Benchmark the IT Security Service to demonstrate quality and level of service being provided to its clients.
• Perform ICT Security risk assessment, business impact analysis and accreditation for all major information systems within the organisation.
• Use judgment in setting the day to day priorities to include delegation of tasks and provision of ongoing support where required.
• Manage problem resolution internally and escalation to outside suppliers where appropriate.
• Support the following ITIL v3 processes – Risk, Capacity, Availability, IT Service Continuity, Information
• Security, Compliance, Architecture and Supplier Management
• Manage all toolsets, dashboards, alert mechanisms, and systems, including outputs and resulting tasks and remediations as required to deliver Secure Infrastructure and Security Compliance to the SWL ICB and its customers.

Please refer to the Job Description for further details

• Assist the Lead Enterprise Security Manager to ensure all new and changed technologies meet NHS and Industry security standards.
• Play an active role in the ICT Change Authority, Design Authority, and development of new solutions.
• Develop and produce reports to ensure compliance to Security standards including, Accredited Safe Haven (ASH), Data Protection and Security Toolkit (DPST) CE+, ISO270001 to name a few.
• Undertake ICT Security projects as required directed by the Lead Enterprise Security Manager, or appointed manager.
• Act as a Technical resource for IT Security solution implementations
• Develop, publish, review, and amend all ICT Security Policies to meet th