Find More Than 10K+
United Kingdom Jobs

Job description

Guy’s & St. Thomas’ NHS Foundation Trust operates within the complex Health and Care ecosystem, which brings many challenges in managing the complex and diverse demands and interests of patients, users, partners, suppliers, industry and regulatory bodies.

This role will be primarily responsible for supporting the Trust in improving the Trust’s cyber security posture and reducing the risk of impact from a cyber security incident. Ultimately, this role’s aim is to help the Trust to protect the data and services that our patients depend on.

The specific responsibilities of the role will include ensuring that appropriate cyber security risk controls are embedded within Trust services and systems, and that patient services and systems can be safely and securely operated in alignment with Trust policy and standards.

The Information Security Analyst will need to form a large number of relationships across the Trust, including with DT&I colleagues, clinical Strategic Business Units, key IT suppliers and Internal Audit, and will contribute to explaining the security-preparedness and cyber risk
environment to Trust management and to key stakeholders.

The Information Security Analyst is accountable for helping to ensure that Guy’s and St. Thomas’ NHS Foundation Trust can protect patient data and services from cyber risk, and can meet national NHS standards for cyber security, specifically in relation to the management of cyber security risks to Trust data and Trust systems.

Reporting to the Cyber Security Risk Manager, the Information Security Analyst will be responsible for helping to ensure that cyber risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards.
This will include responsibility for advising, assessing and reporting on Trust information security risks and assurance actions required to improve the Trust’s cyber risk posture and to empower the Trust to deliver excellent standards of patient care.

The post holder will work closely with internal business units, DT&I colleagues, key IT systems suppliers, Internal Audit, and the NHS Digital Data Security Centre.

The work will be mainly based in the Trust’s locations in central London with some travel to partner Trusts and supplier sites as necessary.

Guy’s & St Thomas' (GSTT) is one of the largest hospital trusts in the country. Our hospitals have a long and proud history, dating back almost 900 years, and have been at the forefront of medical progress and innovation since they were founded. We continue to build on these traditions and have a reputation for clinical, teaching and research excellence. Royal Brompton and Harefield hospitals became part of Guy’s and St Thomas’ in February 2021, bringing together world-leading expertise and research in heart and lung disease.

DT&I has a mandate to deliver a very broad and complex set of new patient-centric digital services and capabilities over the coming years to support the transformation of health and care. Whilst building and delivering new services and products, it is imperative that these, and our existing services and products, are maintained at the highest level of stability, performance and security.

• Assist with ensuring the protection and assurance of patient data and services against cyber security risk, while enabling secure delivery of new patient services and

systems.

• Assist with ensuring that cyber risk and assurance controls are effectively embedded within Trust services and systems, and that appropriate security risk control documentation is produced to evidence compliance with Trust policy and risk standards.
• Assist with qualification of cyber risk to Trust systems and data, and assist with determination of suitable risk controls to mitigate identified risks.
• Monitor, assess and qualify key elements of cyber threat warnings and alerts (including those received from NHS Digital CareCERT) and assist with prioritisation and determination of remediation, working in collaboration with the Trust’s cyber operational team and with wider Trust colleagues.
• Contribute to the delivery of a schedule of security vulnerability and compliance tests for Trust systems and the remediation of identified vulnerabilities.
• Assist with management of major cyber incidents and investigations.
• Assist with production of Cyber Risk reports and Cyber KPI reports, to help qualify and drive action to improve the Trust’s cyber risk posture.
• Provide guidance and advice to the Trust on cyber security risk management.
• Assist with ensuring compliance with Trust information security policy at key assurance boards, including Software Review Board and Change Approvals Board.
• Assist with the delivery of key elements of the Trust strategic cyber improvement programme, including engagement with NHS Digital and other key partners to drive improvements to cyber capability and maturity.
• Assist with gathering evidence in support of the Trust’s formal compliance statement against the NHS Digital Data Security & Protection Toolkit.
• Assist with developing and driving adoption of the Trust cyber security risk and assurance framework.
• Assist with the Trust response to major cyber incidents, and on preparatory work for major incidents, including cyber resilience planning and rehearsals.
• Assess and report on key elements of cyber security risk posture and compliancethrough collection and analysis of relevant cyber security metrics and KPIs.
• Contribute to ensuring that the Trust can meet the requirements of national cyber security standards and legislation, including the Data Security & Protection Toolkit,

Cyber Essentials Plus, the Data Protection Act (2018) / GDPR and the Directive on the security of Network and Information Systems.

• Assist with audit of Trust systems and processes to identify gaps or weaknesses in current policy and practice.
• Support Trust cyber initiatives through contributing to briefings and reports on cyber risk posture, action planning, and compliance with required standards.
• Assist with provision of colleague education and awareness on cyber threat and how to safely respond to cyber incidents.
• Contribute to development of security risk management skills and understanding within the Information Security Team and within the wider Trust.