Cyber Security Technical Specialist

Are you an experienced Cyber Security specialist who is dedicated to ensuring that our public services are safe and secure? Do you enjoy collaborating and implementing across different functions and divisions? The Cyber Security Technical Specialist is a permanent role at Public Health Wales that will help us deliver our Digital and Data Strategy.

Full time permanent.

Closing date: 25th August 2025

Interview: The interview will take place virtually.

A degree in IT or equivalent experience, along with previous work in cyber security, is essential. You must also be prepared to work from our Cardiff location when required, including on short notice.

If you'd like to discuss the role further, please contact Dennis Jones, Principal Data Security Specialist: dennis.jones2@wales.nhs.uk

This post plays a critical role in protecting and securing Public Health Wales' information and digital assets from cyber threats.

The Cyber Security Technical Specialist operates with a degree of autonomy while receiving guidance from senior cyber security staff, playing a key role in implementing and maintaining security controls across the organisation.

The role involves supporting and leading efforts related to cyber security protocols, conducting risk assessments, and responding to incidents.

The specialist is responsible for developing, maintaining, and supporting cyber security systems in line with Public Health Wales' operational requirements.

They are expected to participate in early/late shift rotations and the on-call rota.

A crucial part of the role includes staying current with emerging security technologies and threats, conducting research, and evaluating how to manage new risks.

The specialist also leads assurance assessments to ensure the effectiveness of security controls and compliance with relevant laws, regulations, and industry best practices.

Additionally, the role encompasses continuous monitoring, threat detection, and incident investigation to protect organisational assets, as well as leading vulnerability management activities such as scanning, assessment, remediation coordination, and tracking of security weaknesses.

We are Public Health Wales - the national public health agency in Wales. Our purpose is 'Working together for a healthier Wales'. We exist to help everyone in Wales live longer, healthier, happier lives. Together with our partners, we work to increase healthy life expectancy, improve health and well-being, and reduce inequalities for everyone in Wales, now and for future generations.

Our teams work to prevent disease, protect health, and provide leadership, specialist services and public health expertise. We are the leading source of public health information, research and innovation in Wales. In a world facing complex health challenges, our work has never been so important.

We are guided by our Values, 'Working together, with trust and respect, to make a difference'. We are committed to building an inclusive workplace that values equality and diversity. We welcome applications which represent the rich diversity of the communities we serve and are supportive of flexible working arrangements, including part time roles and job sharing.

To find out more about working for us and the benefits we offer please visit https://phw.nhs.wales/careers/

For guidance on the application process, please visithttps://phw.nhs.wales/working-for-us/applicant-information-and-guidance/

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click "Apply now" to view on Trac.

The ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.

• oDegree-level qualification in a relevant IT subject or equivalent experience. .
• oEvidence of continuing professional development.
• oUnderstanding of Cyber Security best practices, standards, certifications, and terminology.
• oAwareness of national and international cyber security regulations, standards and frameworks (e.g. NIS Regulations, ISO 27001, NIST)
• oHolds a relevant cyber security certification (e.g. CompTIA Security+, SSCP).
• oRegistered with a relevant informatics professional body.
• oExperience applying Cyber Security in a healthcare environment.
• oUnderstanding of NHS standards and legal requirements related to Information Governance and Security.
• oIn-depth knowledge of network technologies

• oDemonstrated experience in cyber security role(s).
• oGood understanding and experience with application and network security.
• oHands-on experience with SIEM (Security Information and Event Management) systems and vulnerability scanning tools
• oInvolvement in creating training materials, including phishing simulation exercises.
• . oExperience in providing technical/ security support.
• oCloud Security experience (e.g Azure, AWS, GCP)
• oRelevant experience working in a Cyber Security role in a healthcare environment
• oExperience documenting procedures, policies and standards.
• oExperience of taking a lead role in developing and implementing Network/Security related systems and services

• oGood communication skills, including the ability to explain complex ideas to non-technical staff.
• oAble to provide guidance and support to staff.
• oAbility to challenge poor behaviour constructively.
• oEffective team member within a multi-disciplinary environment.
• oAbility to analyse and resolve complex IT issues.
• oAbility to learn new technologies with minimal supervision.
• oPragmatic in balancing security and business needs. oExperience working with third parties and suppliers to establish project assurance.
• oAbility to work on own initiative
• oExperience working with third parties and suppliers to establish project assurance.
• oWelsh Language Skills

• oAbility to travel between sites in a timely manner to meet the needs of the service
• oAbility to travel and work away from base.
• oAble to periodically work out of hours or at weekends when required.
• oAble to participate in on-call rota.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.