Job Description

The Associate Information Security Practitioner role is part of the Moorfields Information Security Team. The team ensures that our systems and data are safe, secure, and resilient - so that we can focus on delivering high-quality, patient-centred care, and are trusted by our patients, service users and staff.



The team has operational responsibility for security tooling, such as anti-virus and intrusion prevention, security assurance platforms, security testing and monitoring platforms, etc) and for our managed services (security operations centre). The team performs assurance and compliance activities most notably contributing to the annual NHS Data Security Protection Toolkit (DSPT) cycle.



We put people at the heart of everything we do, and Moorfields is undergoing digital transformation. With the ever-increasing need and interest in the use of digital technology in healthcare, there is also an increase of cyber threats across the sector. You will be part of a team of Digital, Data and Technology experts that deliver excellence in a busy department.

At this role level, you will:

Contribute to operational support of information security solutions and services Engage with our third party provision of information security service Contribute Information Security expertise to projects and operational services Support assurance activities and the improvement of security and resilience of our organisational infrastructure. Be proactive in identifying problems and translating these into non-technical descriptions that can be widely understood.

In your role you will partner with other technology and data teams in the organisation. It is expected alongside specialist information security and business continuity skills and experience, you will have generalist or specialist experience in at least one of the following areas:



Cloud operations Domain directory services/IAM Infrastructure operations End user device management Network security and operations Security architecture

At Moorfields, we provide more than just an excellent career and great colleagues to work with. We also offer:



Salary including High-Cost Area Supplement

Opportunity to join the NHS Pension Scheme

Free 24/7 independent counselling service

Learning and development opportunities

Easy and quick transport links

A range of attractive benefits and discounts

Access to Blue Light Card and other NHS Discount Schemes

Free Pilates classes

Full support and training to develop your skills

Flexible working friendly organisation



And so much more! To see the full range of benefits we offer please see our Moorfields benefits document.



Information security



Undertake Information Security Assessment activities, including supply chain / 3rd party assessments following National Cyber Security Centre evaluation best practices for cloud and on premise technologies. Monitoring practices including key performance indicators on security enforcing tools such as anti-virus, patching, and driving security posture improvements. Technical audit activities included within vulnerability management including internal scans and external security & penetration tests, forensic audits, or related investigations. This includes the ability to ensure remediation of findings are handled and fed into continuous service improvement activities. Incident management of cyber security events of all severities, throughout the incident lifecycle.

Business Continuity



Develop, maintain, and improve data and technology Business Continuity & Disaster Recovery Plans that enable us to respond to and recover from events.

Data protection



Support information gathering and creating supporting narrative / recommendations to ensure security of data through the annual Data Security Protection Toolkit cycle. Provide advice and expert knowledge to projects / programmes / operational services to ensure that information systems are designed to meet data protection requirements.

Risk management



Risk management activities such as maintenance of the risk register, identification and management of risk, escalations, and using risk to drive improvements.

Policies and security awareness



Contribute to the development of the Trust information Security policy framework, considering regional and national policies and practices. * Apply policy to working practices and procedures, and guide colleagues towards information security policy.