About the role

Help NHS Digital shape the future of health outcomes for people in England and equip health and care workers with  all aspects of   security services to reduce impact to patient outcomes. Here at NHS Digital we support NHS staff at work, help people get the best care, and use the nation’s health data to drive research and transform services.

The corporate security function ensures robust leadership, strategy and policy development across the four pillars of protective security (cyber, physical, personnel and technical) to protect NHS Digital staff, systems and data. The team provide incident response and investigation, national security vetting and risk management and audit across our digital and physical asset base as well as access to STRAP material compliance and developing data strategy and capability.

As we continue to grow and expand our services it’s a great time to join NHS Digital   and be part of the journey. The security landscape is constantly evolving, and this is your opportunity to think creatively and positively contribute towards improving the security resilience of health and care organisations across England.


Word-Class Security Frameworks

With a new CEO and strategic vision, we are entering an exciting phase in our development as a trusted delivery partner to the NHS and all those who rely on the unparalleled breadth and depth of the critical services it provides.

An extraordinary health and care service deserves exceptional talent to support its delivery.

As such, this is a new role within our Cyber security function. It’s a position of real purpose, integral to our strategic plans, delivered across a national Health and Social Care system which includes 220 individual NHS Trusts; 13 Arms Length Bodies and over 40,000+ primary care organisations.

The role

The STRAP Security Officer (STRAPSO) manages the day-to-day support of the delivery of STRAP compliance.  The role requires excellent communication and organisational skills experience of working within multi-disciplinary teams, and the ability to build positive working relationships with senior stakeholders, both internally and externally, up to Director level.


The STRAP Security Officer will:

  • Support good information management compliance within the Corporate Security function
  • Supervise management of risks and issues to ensure delivery of operational and organisational objectives
  • Develop and maintain effective working relationships with internal and external stakeholders in order to foster collaborative working

About you

To be successful in this role, the ability to manage your own workload and to present findings to a high standard are a must. This is a crucial and influential role requiring excellent negotiating and analysis skills and the ability to communicate with all key stake holders at all levels of seniority.  Some of the key skills and experience you'll bring:  

  • Understanding of the STRAP Supplement and Cabinet Office Security Policy Framework, with proven knowledge of the processes, tools and techniques required.
  • Knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect organisational data.
  • Basic knowledge of concepts, tools and practices of dealing with computer crime; ability to detect and prevent business crimes that involve computers/networks as instruments.
  • Knowledge of risk management skills, tools, techniques, approaches and processes of security risk management; ability to mitigate the risk of malicious insiders posing a security threat through the deployment of protective monitoring solutions.Supervise management of risks and issues to ensure delivery of operational and organisation objectives.
  • Knowledge of IT security policies, standards, and procedures; ability to utilise a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
  • Knowledge of IT security policies, standards, and procedures; ability to utilise a variety of administrative skill sets and technical knowledge to ensure security compliance.
  • Knowledge of technologies and technology-based solutions dealing with security issues; ability to apply these in protecting information security across the organisation.
  • Knowledge of technologies, methods and tools of forensics investigations for IT security violations or potential threats; ability to identify, uncover and evaluate violations, warning reports, suspected incidents and insidious events.
  • Knowledge of and the ability to utilise tools and techniques for assessing the effectiveness of security measures, identifying potential risk exposures, and protecting the availability, confidentiality and audit trails of information from destruction or manipulation.
  • Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
  • Knowledge and ability to develop and maintain effective working relationships with internal and external stakeholders in order to foster collaborative working.

Important: Please be aware there are residency requirements you need to meet:

  • All NHS Digital Cyber Security personnel must hold security clearance SC level as a minimum.  You don’t need to have SC already, however, failure to achieve the requirements for SC after offer, will result in the job offer being withdrawn.  
  • To meet National Security Vetting requirements, you must have resided in the UK for a minimum of 3 out of the past 5 years for SC clearance. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government rolewill still be considered.


Please make sure you meet these requirements before applying for this role.

What's in it for you
  • a role as part of a dynamic team using data and digital technology to transform health and care
  • a range of opportunities to build your experience in an environment where your
    work has a direct and positive impact
  • a real commitment to your personal and professional development with access
    to a broad range of learning opportunities

About us

NHS Digital is a great place to work. What we do matters.
Our outstanding teams are passionate about technology and public service, making use of everyone’s skills to improve people’s lives.
We collaborate to deliver world class tech and intelligence, so come and join us. We are committed to sustainability, diversity and inclusion; our people are at the heart of what we do.
Find out about the amazing work we do by visiting our website: https://digital.nhs.uk/about-nhs-digital
Find further information on the current work we are undertaking meeting the challenges of the pandemic here: https://digital.nhs.uk/coronavirus

Why you should apply

We value the different experiences our people bring to their work at NHS Digital. We're working to create an environment where everyone can make a full contribution no matter their background, identity, or circumstances.

Which means, we encourage applications from people of all backgrounds and abilities.  Don't worry if you don’t meet all the criteria we’ve suggested – knowledge and experience you've gained in other ways might make us think about the role differently. Go ahead and apply.

Our work matters. You matter.

What we offer you:

  • we're moving to a hybrid working approach which offers you an informal, flexible way of blending home and office working
  • flexible working opportunities - we value and respect the diversity of our employees, and applications from prospective candidates who require flexible working arrangements are welcomed; these include part-time hours, job sharing, flexible hours and part-remote set ups
  • 27 days annual leave increasing to 33 days with service
  • ability to buy and sell annual leave  
  • a generous pension (with our contribution equal to 20.6% of your earnings)
  • NHS Discounts including shops, restaurants, gym, mobile phones, and insurance
  • employee benefit schemes including our Season Ticket Loan, Car Lease and Bike to Work schemes

Next steps

Remote interviews will take place via Microsoft Teams. Applicants who are shortlisted for interview will be contacted by email.

To view further information please see the attached role profile.

This post is not exempt from the Rehabilitation of Offenders Act 1974. We only ask applicants to disclose convictions which are not yet spent / unspent under the Rehabilitation of Offenders Act 1974. Following an offer of employment, we will carry out a Basic Disclosure and Barring Service (DBS) check as part of the pre-employment check process.


Other jobs like this