Crynodeb o'r swydd
- Prif leoliad
- Cyber Security Architect
- Gradd
- NHS AfC: Band 8a
- Contract
- Cyfnod Penodol: 2 flynedd
- Oriau
- Llawnamser - 37.5 awr yr wythnos
- Cyfeirnod y swydd
- 914-BSA4666
- Cyflogwr
- NHS Business Services Authority
- Math o gyflogwr
- NHS
- Gwefan
- Stella House
- Tref
- Newcastle Upon Tyne
- Cyflog
- £50,952 - £57,349 per annum
- Cyfnod cyflog
- Yn flynyddol
- Yn cau
- Today at 23:59
Teitl cyflogwr
Security Architect
NHS AfC: Band 8a
Trosolwg o'r swydd
Are you passionate about Cyber security and looking for a role that allows you to make a significant impact? We have an exciting opportunity for a Security Architect to join our Cyber Security team at NHS Business Services Authority (NHSBSA). This key role involves defining security architecture for our services and systems as we grow and transform to support our business and customers better. You will be responsible for ensuring that our IT solutions fully exploit the opportunities that Digital Service and Data Analytics can provide in a secure way as we transform and develop how we provide services.
What do we offer?
- 27 days leave (increasing with length of service) plus 8 bank holidays
- Flexible working (we are happy to discuss options such as compressed hours)
- Generous NHS Pension Scheme with 23.7% employer contribution
- Hybrid working model (we are currently working largely remotely)
- Career development
- Active wellbeing and inclusion networks
- NHS Car lease scheme
- Access to a wide range of benefits and high street discounts!
Prif ddyletswyddau'r swydd
As a Security Architect, you will work closely with NHSBSA business areas to understand and shape their security requirements, ensuring that customer data and other assets are secured. You will be accountable for the control of the IT Security Blueprints, which define the end state architecture, current state, and the transition roadmaps for the NHSBSA. This includes supporting the creation and execution of technology and service roadmaps that will drive our current IT estate towards cloud technology for strategic systems. You will also manage day to day security architecture queries, provide security advice to our technology teams and work closely with third-party providers to deliver IT services.
Responsibilities includes providing security advice and key constraints to NHSBSA technology teams in ensuring project deliveries remain aligned to the Blueprints and help to realise the roadmap. You will be actively involved in creating and maintaining IT requirements for procuring IT services and the selection of 3rd party providers delivering IT services and working closely with them to provide solutions for the Business, however some of the solutioning will be brought in-house.
The post holder will be required to work across the NHSBSA’s locations and will therefore be required to undertake a degree of travel across the country.
Gweithio i'n sefydliad
Here at the NHS Business Services Authority (NHSBSA), what we do matters.
We manage the NHS Pension scheme, process prescription payments and much more. Our services are used by NHS organisations, contractors and the public: we take pride in being part of something so meaningful, that touches millions of lives.
Just as we design our services around the needs of our customers, we place our people at the heart of our organisation. That’s why when you join us, you’ll be empowered and given the right support to help your career grow.
As one of the UK’s Best Big Companies to work for, we’re all connected to our values: Collaborative, Adventurous, Reliable and Energetic. We care about our people, our purpose, and your progress.
We strive to offer a fantastic colleague experience, where every voice is heard, and every colleague is supported and respected. Wellbeing, diversity and inclusion is at the centre of this, so when you join us, you can connect with our Lived Experience Networks who help us to bring our authentic selves to work.
We welcome applications from people of all backgrounds and circumstances. We are committed and proud to be a flexible employer and will endeavour to offer a working pattern that suits you wherever possible, whether that be hybrid working, flexible hours, job sharing and more.
Apply today and see where the NHSBSA can take you. We are people connected to care.
Swydd ddisgrifiad a phrif gyfrifoldebau manwl
In this role, you will be responsible for:
Security Architecture/Operations
1. Providing security leadership in the development and delivery of the NHSBSA digital services, working with other technical architects and
specialist SMEs, leading the design of the solution.
2. Working across/within different programmes and across different layers of architecture as needed and to translate business security
requirements into IT services, solutions, investment and migration roadmap.
3. Take ownership of a particular area of the business service, project or programme IT security architecture and ensure consistency with
the Enterprise Architecture, HMG Security Strategy, HMG Digital Strategy and DH Digital Strategy and provides input into IT Strategy.
4. Responsible for the security blueprint solutions for complex protective security of both physical and data assets clearly defining the asis and
to-be security architectures and document the transition to the to-be solution and its integration in the overall Enterprise and Security
Architecture blueprints.
5. Present the security design solutions to NHSBSA Senior Management, project and programme teams, and where appropriate, external
senior business stakeholders and be able to communicate and engage with a wide range of stakeholders to help shape and deliver IT
change. Articulate to a professional standard, both complex security threats and the proposed technical solutions in clear, informative and
accessible language, tailored as necessary for the intended audience.
6. Responsible to ensure the security solutions presented to architecture governance board within the programme pass architecture
governance gates.
7. Ensure that the infrastructure security architectural design remains up to date and that obsolete elements are phased out of the architecture
whilst ensuring business continuity and return on investment.
Staff Management
1. Management of staff including all line management responsibilities, performance management, appraisals, disciplinary, and standard HR
processes.
2. Participates in the recruitment, interviewing and selection of staff as and when necessary.
3. Responsible for prioritising and planning own whilst contributing to the team’s work and providing input to the prioritisation of projects and
programmes proposed and/or underway.
Knowledge Management
1. Research of the marketplace and constant awareness of industry trends and innovation using information to inform the ICT security strategy
of the NHSBSA and as input to design activities.
2. To work with NHSBSA staff and Third Parties to ensure that security standards, governance and processes are in place for producing.
3. and maintaining up to date, comprehensive, comprehensible documentation which will include IT service security “blueprints” for all systems and services.
Relationship Management
1. Identify opportunities, engaging and fostering relationships and partnership working within the organisation, and with third parties, to identify
and deliver value to the organisation.
2. Working across/within different programmes and across different layers of architecture as needed and to translate business security
requirements into IT services and solutions.
3. Work with organisations external to the NHSBSA (e.g. the DH and GDS) when necessary to assist in clarifying their needs and requirements
and be capable of devising options for security solutions, along with full assessment and cost estimation.
Information Management
1. Handles sensitive commercial & financial information, ensuring that the security solution architectural designs adhere to relevant legislation
and standards including for example, Information Security, NHS Confidentiality and Data Protection legislation.
2. Implement, monitor and report on a number of areas including agreed service levels, KPI's and standards within security operations.
3. Monitor, report, present or escalate issues as appropriate to the Security Operations Manager.
Delivery Management
1. Operate as an SME and point of authority on security architecture, making credible, pragmatic and practical security decisions and
communicate with sensitivity and diplomacy to ensure the right technical direction is followed and to guide the business to make the best use
of its existing IT where appropriate and to make recommendation about what other IT assets it needs to invest in.
2. To demonstrate creativity and innovation in applying IT solutions and services to develop and improve services and quality for the benefit of
the organization and/or the end user of technology services. This includes devising and managing security initiatives to enable exploitation of
digital services, capacity, performance, and system availability improvements that ensure business targets are met or exceeded and legacy
services decommissioned, whilst ensuring data security and controlled access to data.
3. Responsible for providing expert help and guidance across the lifecycle of a security solution implementation, including technical and nontechnical aspects. This includes the migration of services across suppliers and closely with Technical Architects ensuring the solution and
service design is successfully translated, built delivered and operated to meet security and business requirements.
4. To identify and interpret DH, GDS, local and national security policy changes and directives, and assess the impact on IT Infrastructure and
surrounding processes, including influencing policy information within own security specialism.
5. Produce and deliver in depth reports and/or presentations to NHSBSA, HMG or DH stakeholder’s staff and external parties, on any aspect of
the work delivered.
6. Promotes best practice in health, safety and security and ensures safe use of all IT systems and equipment.
7. Is aware of their own development requirements and actively seeks development opportunities for themselves and their team.
8. Responsible for promoting and supporting people’s equality, diversity and rights.
Manyleb y person
Personal Qualities, Knowledge and Skills
Meini prawf hanfodol
- Proven experience in developing and implementing security solution and enterprise architecture and design strategies in a multi supplier environment.
- Proven ability to undertake detailed security analysis of technical designs and provide the business with security assurance of supplier designs and proposals.
- Broad technical knowledge covering web applications and services, information, infrastructure, cloud and managed service architectures. Knowledge of GDS Principles.
- Industry Recognised Qualifications e.g. CISSP, CISMP, CCP, HMG Information Standards, ISO Standards.
- Knowledge, and ideally experience, of emerging security technologies to mainstream business, including: Cloud technology; Mobile devices and apps; Collaborative working tools.
- Experience of effective stakeholder management.
Meini prawf dymunol
- Enterprise architecture components and frameworks experience such as TOGAF, SABSA.
- Recent and demonstrable Team and Line Management experience.
Experience
Meini prawf hanfodol
- Complex system, information and security solution design.
- Developing and implementing security solution and enterprise architecture and design strategies in a multi supplier environment.
- Comprehensive and recent experience in architecting security solutions in high-volume digital services.
- Demonstrate detailed understanding of the security implications and appropriate security controls of hosting sensitive information in large scale UK Cloud based cloud infrastructure environments.
- Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a strong understanding of key considerations such as confidentiality, availability, integrity, non-repudiation and privacy.
- Working with HMG Information Assurance Standards and Good practice guides including the security policy framework.
Meini prawf dymunol
- HMG Government Security GPG Guides.
- Transition of legacy services into digital cloud-based solutions.
- Team and Line Management, including staff development.
Qualifications
Meini prawf hanfodol
- An IT related degree or equivalent.
- Industry Recognised Qualifications e.g. CISSP, CISMP, CCP, ISO 27001 implementer.
- plus, significant demonstrable experience in two of the of the following: IT Security Architecture, Working in a number of complementary security roles and/or System and Service Architecture Design
- OR Significant demonstrable experience over a number of years in at least three of the following: IT Security Architecture, HMG Information Standards and best practice, Working in a number of complementary security roles, System and Service Architecture Design and/or Management of a significant ICT implementation
Meini prawf dymunol
- TOGAF/SABSA Certification or equivalent, or willing to work towards this certification.
- CESG Certified Professional (CCP) Senior IA Architect Experience of working in an agile environment and experience with agile methodologies such as Scrum, Kanban.
- ITIL Certification.
Bathodynnau ardystio / achredu cyflogwyr
Dogfennau i'w lawrlwytho
Rhagor o fanylion / cyswllt ar gyfer ymweliadau anffurfiol
- Enw
- Gary Simpson
- Teitl y swydd
- Security Operations Manager
- Cyfeiriad ebost
- [email protected]
- Rhif ffôn
- +44191 2034979
Rhestr swyddi gyda NHS Business Services Authority yn Gwasanaethau gweinyddol neu bob sector