Security Analyst

This role is part of the ICT Enterprise Security Team which implements and manages the processes and policies to cover all aspects of technical

and physical security across all Infrastructure assets. The team also assists in ensuring all new technologies and technical changes adhere to

Security standards and that the ICT service remains compliant with NHS and industry regulations and standards.

An organisation such as the ICB is reliant on its IT systems and information being secure and available at all times. In addition, it is essential that

IT Services are delivered in a cost effective manner to industry wide standards such as ITIL, CE+ and ISO27001. The post holder will provide

assistance to the Lead Enterprise Security Manager to ensure all aspects

of Security and related tasks are delivered within timeframes set to budget and within defined scopes.

"NO VISA SPONSORSHIP AVAILABLE FOR THIS POST", The role is designed to build a combination of subject matter expertise and technical skills to develop a strong service delivery.

Note the postholder may be expected to participate in the out-of-hours on-call rota for the ICB infrastructure and the customers it

provides a service to.

Working for our organisation

NHS South West London Integrated Care Board (ICB), as part of South West London Integrated Care System (ICS), is a partnership of organisations that come together to plan and deliver joined up health and care services to improve the lives of people in our six boroughs: Croydon, Merton, Kingston, Richmond, Sutton and Wandsworth.

Each ICS consists of two statutory elements:

• an Integrated Care Board, bringing the NHS together with its partners locally to improve health and care services

• an Integrated Care Partnership (ICP): the broad alliance of organisations and representatives concerned with improving the care, health and wellbeing of the population, jointly convened by the ICB and local authorities in the area.

ICBs are statutory NHS bodies responsible for planning and allocating resources to meet the four core purposes of integrated care systems (ICSs):

• to improve outcomes in population health and healthcare;

• tackle inequalities in outcomes, experience and access;

• enhance productivity and value for money and;

• help the NHS support broader social and economic development.

NHS South West London Integrated Care Board decides how the South West London NHS budget is spent and develops plans to improve people’s health, deliver higher quality care, and better value for money., * Implement security controls and initiatives to ensure compliance with the organisational Security Policy.

• Lead security evaluation activities utilising security tests such as commissioned IT Health Checks, auditing, vulnerability scanning and penetration testing to name a few [but not exhaustive].

• Report testing results to management and commissioning customers. Documenting and managing completion of required corrective actions, remediation activities and recommendations using well documented and managed improvement and implementation plans.

• Ensure procedures and documentation are followed to manage, safeguard, and support a secure environment.

• Ensure that all IT Security documentation is continually up to date.

• Develop and implement new procedures through the correct channels where necessary, to ensure smooth running of the service.

• Support the collation of information and reporting requirements to ensure NHS and ICT Industry security compliance, to include NHS Digital reporting requirements during cyber incidents. Support the reporting cycle as specified in the ICT Security and Incident Management Policies

• Evaluate new security technology developments, to include the recommendation of new technologies, where appropriate internally for evaluation and PoC as suitable.

• Benchmark the IT Security Service to demonstrate quality and level of service being provided to its clients.

• Perform ICT Security risk assessment, business impact analysis and accreditation for all major information systems within the organisation.

• Use judgment in setting the day to day priorities to include delegation of tasks and provision of ongoing support where required.

• Manage problem resolution internally and escalation to outside suppliers where appropriate.

• Support the following ITIL v3 processes – Risk, Capacity, Availability, IT Service Continuity, Information

• Security, Compliance, Architecture and Supplier Management

• Manage all toolsets, dashboards, alert mechanisms, and systems, including outputs and resulting tasks and remediations as required to deliver Secure Infrastructure and Security Compliance to the SWL ICB and its customers.