Cyber Security Analyst

Job overview

Join SHPU as a Cyber Security Analyst and play a key role in protecting critical NHS systems and data.

This is an exciting opportunity to work with modern security tools, tackle real-world cyber challenges, and contribute to a proactive security team. If you’re passionate about cyber security and want to make a meaningful impact, we’d love to hear from you.

Why Join SHPU?

• Make a Difference – Protect systems and data that directly support patient care and frontline services.
• Meaningful Work – Play a vital role defending against real and evolving cyber threats.
• Professional Growth – Develop your skills in a supportive environment with opportunities to learn new technologies and approaches.
• Forward-Thinking Team – Be part of a team committed to innovation, continuous improvement, and strong cyber resilience.

Main duties of the job

The Cyber Security Analyst is responsible for protecting the Trust’s systems and data by identifying, analysing, and mitigating cyber security risks. The role involves monitoring security threats, responding to incidents, and ensuring compliance with NHS standards.

Key responsibilities include providing expert cyber security advice, conducting risk assessments, maintaining security tools and procedures, and staying up to date with emerging threats. The post holder will work closely with internal teams and external bodies (e.g. NHS England, NCSC) to manage security alerts and improve the organisation’s security posture.

The role also requires contributing to policy development, delivering security awareness activities, supporting vulnerability management and patching, and providing hands-on technical support to Digital Services.

Effective prioritisation, stakeholder engagement, and the ability to manage complex information are essential.

Detailed job description and main responsibilities

The Cyber Security Analyst role is part of the Digital Technical Services team and reports directly to the Infrastructure and Cyber Security Manager. This position is responsible for supporting the Trust’s cyber security capability by maintaining and continuously improving security tools, technologies, and processes.

The post holder will monitor, analyse, and investigate potential security threats, ensuring the confidentiality, integrity, and availability of NHS systems and data. Working proactively, the Cyber Security Analyst will identify vulnerabilities, respond to incidents, and contribute to strengthening the organisation’s overall security posture.

This role plays a critical part in protecting the Trust from evolving cyber threats while ensuring compliance with relevant industry standards, NHS guidelines, and regulatory requirements. The successful candidate will collaborate closely with internal teams and stakeholders to promote best practice, support risk management activities, and help drive ongoing security improvements across the organisation.

Main Duties

• Provide professional advice on cyber security including phishing, computer security and cybercrime.Be responsible for advising and guiding stakeholders with the interpretation of relevant cyber policy to enable compliance with organisational standards.
• Identify potential security risks and develop strategies to mitigate these. This involves receiving complex and sensitive information, to enable conducting risk assessments, analysing security threats, and developing risk treatment plans.
• Conduct risk assessments as appropriate and advise the Trust on IT Security concerns. Under the instruction of the Infrastructure and Cyber Security manager ensure IT Security risks are clearly identified, recorded, managed and directly communicated to Digital Senior Management Team accordingly.
• Maintain high level knowledge of new threat vectors, tactics, techniques and procedures (TTPs) and vulnerabilities.
• Maintain compliance with various standards in place e.g., Data Security and Protection Toolkit, NHS Cyber Alerts, Cyber Essentials, Network, and Information Systems Regulations etc.
• Liaise with NHS England, National Cyber Security Centre (NCSC) and other relevant bodies as required ensuring IT Security advisories, directives and notifications are actioned and logged. This includes but is not limited to threat & vulnerability alerts, vendor and other specialist threat intelligence feeds.
• Provide specialist technical contribution into drafting and/or maintaining of the Trust’s formal Digital Security related policies. Respond to high-priority, complex, sensitive and critical events and incidents, in a timely manner. Provide actionable recommendations and mitigation measures to prevent or reduce the impact of potential breaches.
• Assist with the interpretation and communication of developments in national cyber security legislation, policy and best practice. (this will involve analysing complex digital information which is multifaceted where there may be a number of potential outcomes)
• Work with the Trust’s Communications Team to formulate communication across the Trust to raise awareness and alertness to any cyber threats and best practices
• Analyse computer, server and network logs including vulnerabilities and known attacks and cross reference on the MITRE framework and known TTPs. this will involve analysing complex digital information which is multifaceted where there may be a number of potential outcomes.
• Ensure the ongoing management, maintenance and use of cyber security standard operating Procedures (SOPs). Prioritisation of work based on severity, knowing when and how to escalate as necessary and offering advice to technical team members around prioritisation.
• Ensure that all security and vulnerability releases are being deployed to all on premise and hosted servers and end point devices safely and effectively, using your judgement to mitigate any service impacting issues
• Regularly carry out research on products and services as part of your role, exploring findings and making use of effective new technologies.
• Support in the selection of controls and engage in risk assessments and controls gap analysis.
• Lead on specialised workstreams and projects such as undertaking cyber risk assessments, that are complex in their nature.
• Plan, prioritise and manage conflicting agendas and priorities in order to meet challenging deadlines.
• Provide specialist assistance to Digital Services on technical security issues including hands on technical configuration and day-to-day operation of devices and software.