You will provide Cyber Security advice and support to the Digital support and delivery Teams, and to the Trust’s management and staff and partner organisations.

You will participate in the planning and implementation of relevant policies and procedures to ensure Cyber Security provisioning and maintenance is consistent with the Trusts goals, industry best practice and regulatory requirements. You will also be instrumental in maintaining, updating and developing playbooks for testing the Trust’s response to Digital incident response and disaster recovery, and operate in an agile/DevSecOps fashion.
Maintain in-depth knowledge of the Digital incident response plan and fully support its execution
Investigate and report on data breaches in accordance with instructions / oversight.
Work with Infrastructure and Services teams to ensure proactive monitoring of Digital infrastructure
Perform on going Cyber Security risk assessments and audits. Where required work with the relevant Digital team to implement any remediation or mitigating controls.
Review and advise on Cyber Security patches and software updates according to best practices, and where required raise Exceptions where such patches will cause operational issues, with mitigations clearly articulated. Participation in patching activities is also required.
Support access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed.
Project engagement, to work with internal and external resources in the adoption of new services and technology to ensure the continuing safety of the systems, data and network.
Support development and maintenance of ISMS and any structured frameworks being deployed by the Trust, such as ISO27001.
Support the development of user cyber security awareness programs and delivery to users via presentations, meet and greets, and training forums.
Bedfordshire Hospitals NHS Foundation Trust provides hospital services to a growing population of around 700,000 people living across Bedfordshire and the surrounding areas across two busy hospital sites in Bedford and Luton. Both hospital sites offer key services such as A&E, Obstetrics-led Maternity and Paediatrics.

You will be joining a friendly, high performing Trust committed to ensuring the health and wellbeing of staff. As one of the largest NHS Trusts in our region you will have access to a programme of high quality training and development to help you grow your career.

We have state-of-the art facilities placing us at the heart of cutting edge health care. The Trust continues to be committed to delivering the best patient care using the best clinical knowledge and technology available.

Please note that vacancies may close prior to the advertised closing date when sufficient number of applications have been received. Please ensure that you make your application as soon as possible.

All new staff will be subject to a probationary period covering their first six months in post. Travel between hospital sites may be required.

Please review all documents attached to this advert to ensure you familiarise yourself with all requirements of the job.
Identify threats to the confidentiality, integrity, availability, accountability, and relevant compliance for information systems and provides authoritative advice and guidance on the application and operation of all types of security controls, including legislative or regulatory requirements such as data protection and software copyright law.
Investigate suspected and actual breaches of Cyber Security and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions.
Develop and maintain incident management and response capability, supervise and coordinate incident response tasks to contain exposure from an incident
Maintain in-depth knowledge of the Digital incident response plan and fully support its execution
Maintain chain of custody and observes incident handling procedures for court purposes
Investigate and report on data breaches in accordance with instructions / oversight Work with Infrastructure and Services teams to ensure proactive monitoring of Digital infrastructure
Perform on going Cyber Security risk assessments and audits to ensure that Digital systems are adequately protected. Where required work with the relevant Digital team to implement any remediation or mitigating controls.
Perform proactive and reactive measures to control information risk level.
Anticipate, mitigate, identify, troubleshoot, and resolve hardware and software problems on Cyber Security appliances and servers.
Coordinate with all Digital teams to ensure all solutions utilise Cyber Security best practices to meet corporate objectives
Review and advise on Cyber Security patches and software updates according to best practices, and where required raise Exceptions where such patches will cause operational issues, with mitigations clearly articulated. Participation in patching activities is also required.
Support access control, disaster recovery, business continuity, incident response and risk management needs are appropriately addressed.
Advise on the Implementation of organisational Business Continuity Processes in relation to the security of information to reduce the disruption caused by disasters and security failures to an acceptable level through a combination of preventative and recovery controls.
Advise on Cyber Security, aspects of information governance and Digital risk management.
Propose changes and improvements to Cyber Security policies and procedures, implement changes as appropriate.
Work with vendors, outside consultants and other 3rd parties to improve Cyber Security within the organisation.
Advise project teams on matters relating to Cyber Security and information governance
Advise and act, where necessary, in response to audit findings and recommendations in respect of information security
Maintain currency with security and security enhancing technologies and brief colleagues as needed to enable measures to be implemented where and when necessary or desirable.
Actively identify areas of risk and propose ways to strengthen cyber security
Respond to enquiries from staff and provide security advice in accordance with best practice, mandated policies and procedures as required.
Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives as required.
Project engagement, to work with internal and external resources in the adoption of new services and technology to ensure the continuing safety of the systems, data and network.
Support development and maintenance of ISMS and any structured frameworks being deployed by the Trust, such as ISO27001.
Be involved in cyber security technology evaluations and implementation in support of maintaining and developing a robust and secure environment
Support the development of user cyber security awareness programs and delivery to users via presentations, meet and greets, and training forums.
Undertake day to day research into external and internal Cyber Security threats.
Undertake vulnerability scanning and surveys of network security systems.
Research and propose options to mitigate Cyber Security Vulnerabilities.
Implement methods to capture and report Cyber Security assessment data.
Utilise helpdesk ticketing system to resolve user requests and incidents reported