Associate Information Security Practitioner

Go back Moorfields Eye Hospital NHS Foundation Trust

The closing date is 26 October 2025

The Associate Information Security Practitioner role is part of the Moorfields Information Security Team. The team ensures that our systems and data are safe, secure, and resilient - so that we can focus on delivering high-quality, patient-centred care, and are trusted by our patients, service users and staff.

The team has operational responsibility for security tooling, such as anti-virus and intrusion prevention, security assurance platforms, security testing and monitoring platforms, etc) and for our managed services (security operations centre). The team performs assurance and compliance activities most notably contributing to the annual NHS Data Security Protection Toolkit (DSPT) cycle.

We put people at the heart of everything we do, and Moorfields is undergoing digital transformation. With the ever-increasing need and interest in the use of digital technology in healthcare, there is also an increase of cyber threats across the sector. You will be part of a team of Digital, Data and Technology experts that deliver excellence in a busy department.

• Contribute to operational support of information security solutions and services
• Engage with our third party provision of information security service
• Contribute Information Security expertise to projects and operational services
• Support assurance activities and the improvement of security and resilience of our organisational infrastructure.
• Be proactive in identifying problems and translating these into non-technical descriptions that can be widely understood.

In your role you will partner with other technology and data teams in the organisation. It is expected alongside specialist information security and business continuity skills and experience, you will have generalist or specialist experience in at least one of the following areas:

• Cloud operations
• Infrastructure operations
• Network security and operations
• Security architecture

At Moorfields, we provide more than just an excellent career and great colleagues to work with. We also offer:

Salary including High-Cost Area SupplementOpportunity to join the NHS Pension SchemeFree 24/7 independent counselling serviceLearning and development opportunitiesEasy and quick transport linksA range of attractive benefits and discountsAccess to Blue Light Card and other NHS Discount SchemesFree Pilates classesFull support and training to develop your skillsFlexible working friendly organisation

And so much more! To see the full range of benefits we offer please see our Moorfields benefits document.

Information security

Undertake Information Security Assessment activities, including supply chain / 3rd party assessments following National Cyber Security Centre evaluation best practices for cloud and on premise technologies.

Monitoring practices including key performance indicators on security enforcing tools such as anti-virus, patching, and driving security posture improvements.

Technical audit activities included within vulnerability management including internal scans and external security & penetration tests, forensic audits, or related investigations. This includes the ability to ensure remediation of findings are handled and fed into continuous service improvement activities.

Incident management of cyber security events of all severities, throughout the incident lifecycle.

Business Continuity

Develop, maintain, and improve data and technology Business Continuity & Disaster Recovery Plans that enable us to respond to and recover from events.

Data protection

Support information gathering and creating supporting narrative / recommendations to ensure security of data through the annual Data Security Protection Toolkit cycle.

Provide advice and expert knowledge to projects / programmes / operational services to ensure that information systems are designed to meet data protection requirements.

Risk management activities such as maintenance of the risk register, identification and management of risk, escalations, and using risk to drive improvements.

Policies and security awareness

Contribute to the development of the Trust information Security policy framework, considering regional and national policies and practices.

Apply policy to working practices and procedures, and guide colleagues towards information security policy.

• Relevant management / leadership qualification or equivalent experience to masters level
• Relevant information security qualification or equivalent experience (example: CISM, CISSP, or plan to obtain within 12 months)

• Experience in delivering and developing information security and business continuity services
• Experience of developing and implementing organisation-wide information security and business continuity related strategies, policies, and procedures
• Experience of solving complex business problems for users using technology - balancing usability with security
• Experience of supporting the transition of products from Delivery into Live Service
• Experience of working with conflicting, highly complex, and/or highly sensitive information
• Experience in managing critical incidents, and problem investigation + resolution (including managing security incident response, and information security breaches)
• Experience of contributing to, and developing enabling strategies (example: information security)
• Coaching, mentoring and supervision of others
• Management of financial budgets for a service (pay, on-call, consumables, relevant 3rd party provision contracts) and developing investment cases
• Experience in conducting or managing information security audits, penetration testing, table-top / simulation exercises, and incident investigations
• Experience of management products / services in healthcare (NHS)

• Deal with complex business problems and translate into information security and business continuity requirements and solutions
• Strong domain knowledge in at least one of the following areas, and the ability to acquire an adequate understanding of the other areas: oEnterprise Architecture oHMG Secure Policy Framework (SPF) and Information Assurance Maturity Model (IAMM) oISO27001 oRisk assessment and management oData security and protection toolkit (DSPT)
• Broad knowledge of enterprise technology and data solution(s) and how information security and business continuity should be considered
• Identify training needs to build and sustain information security and business continuity capability
• Prioritisation of work - within the team and across the wider Digital, Data and Technology teams
• Meet set targets or metrics for service
• Autonomous working and can delegate appropriately
• Good communication skills - tailoring your message for your audience, providing, and receiving highly complex, sensitive and/or contentious information, able to communicate complex technical information in a simple way to stakeholders
• Present complex, sensitive, and contentious information to large groups
• Strong domain knowledge and ability to keep ahead of information security and business continuity initiatives
• Design and develop our information security and business continuity tools and processes
• Systematic and methodical approach to problem solving
• Relentless focus on user needs and experience
• Problem-solving mindset - focusing on improving outcomes
• Seeing the bigger picture - understand how your work and the work of your team supports wider objectives and meets the diverse needs of stakeholders
• Able to work well within a busy environment

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Moorfields Eye Hospital NHS Foundation Trust

Moorfields Eye Hospital NHS Foundation Trust

£56,276 to £63,176 a year per annum pro rata incl HCAS

Fixed term

5 months

273-DC-7378356

Moorfields Eye Hospital NHS Foundation Trust