Skip to content

Security & Compliance

Reviews/Testing

Automated Compliance Monitoring

  • Can use preconfigured compliance dashboards to monitor system status
  • Can implement automated compliance checks and develop metrics
  • Can design comprehensive compliance automation frameworks integrating multiple standards

Cyber essentials compliance

  • Familiar with security controls and measures required for Cyber Essentials
  • Can implement and monitor security controls to ensure compliance
  • Can design and evaluate security controls for Cyber Essentials compliance

DevOPs - Azure, GitOps

-

-

-

Security compliance reviews for ISO27001

  • Has an awareness of ISO27001 standards and basic compliance requirements
  • Understands the importance of maintaining compliance documentation
  • Familiar with basic security controls and measures
  • Has experience conducting compliance reviews and identifying non-conformities
  • Can develop and maintain compliance documentation and reports; compliance testing
  • Can implement and monitor security controls to ensure compliance
  • Has extensive experience leading compliance audits and implementing corrective actions
  • Can oversee the development and maintenance of comprehensive compliance documentation
  • Can design and evaluate security controls for compliance

System Security

Cloud Security Posture Management

  • Familiar with cloud security tools (e.g.
  • AWS Security Hub
  • Azure Security Center) and can interpret basic findings

Container Security

  • Familiar with container concepts and basic security considerations
  • Can implement container security controls and scanning
  • Can develop comprehensive container security strategies and governance frameworks

Cybersecurity

  • Familiarity with fundamental cybersecurity concepts, including types of cyber threats (e.g., malware, phishing, ransomware) and basic security principles.
  • Basic knowledge of common cybersecurity tools and technologies (e.g., antivirus software, firewalls, intrusion detection systems).
  • Ability to assist in monitoring security systems and generating reports on security incidents.
  • Ability to independently analyze and respond to cybersecurity threats, including conducting vulnerability assessments and penetration testing.
  • Proficiency in developing and implementing incident response plans, including identifying, containing, and mitigating security incidents.
  • Ability to develop and enforce security policies and procedures to protect organizational assets.
  • Leading the development and implementation of comprehensive cybersecurity strategies and policies.
  • Expertise in advanced threat intelligence, including analyzing complex security data and providing actionable insights for threat prevention
  • Ensuring the organization meets all cybersecurity standards and regulatory requirements, and establishing long-term frameworks for maintaining a secure environment.

Federated Identity Management

  • Understands principles of federated identity systems
  • Can configure and manage federation with specific identity providers
  • Can architect complex federated identity solutions across organizational boundaries

Firewalls Management

  • Familiarity with firewall concepts, including types of firewalls (e.g., packet-filtering, stateful inspection, proxy,
  • Ability to assist in the basic configuration and management of firewall rules under supervision.
  • Basic skills in monitoring firewall logs and generating reports on firewall activity
  • Ability to independently configure and manage firewall rules, including creating and modifying access control lists (ACLs)
  • Proficiency in troubleshooting firewall-related issues and ensuring optimal performance.
  • Leading the development and implementation of firewall management strategies and policies.
  • Expertise in analyzing complex firewall logs and providing actionable insights for security improvements.

IT Security reviews (software and code)

  • amiliarity with fundamental IT security concepts, including software vulnerabilities and code review principles.
  • Basic knowledge of tools used for IT security reviews (e.g., static code analysis tools, vulnerability scanners).
  • Ability to assist in preparing documentation related to IT security reviews.
  • Ability to independently conduct code reviews to identify security vulnerabilities and ensure compliance with security standards.
  • Proficiency in assessing risks related to software and code security, including identifying potential threats and weaknesses.
  • Ability to develop and implement security policies and procedures for software development and code management.
  • Leading the development and implementation of comprehensive IT security review strategies and policies.
  • Leading IT security review teams and managing large-scale security projects, including coordinating with other departments and stakeholders.
  • Ensuring the organization meets all IT security standards and regulatory requirements, and establishing long-term frameworks for maintaining secure software and code.

Identity management

-

  • Pro-actively analyses security logs to identify patterns/potential threats using CVEs for reference
  • Is able to create policies and workflows for security accreditation (e.g., ISO audits)

Incident Response

  • Understands incident classification and can follow established response procedures
  • Can lead incident investigations and implement mitigations
  • Can develop and test incident response plans and coordinate cross-organizational responses

Security accreditation

  • Familiarity with security accreditation processes and standards.
  • Ability to independently conduct security accreditation audits, including planning, execution, and reporting.
  • Leading the development and implementation of security accreditation strategies and policies.

Testing of the system and software

  • Assists in implemeting access controls and user permissions for data access
  • Writes access control policies for SDEs; writing tests. tesitng driven development
  • Architects firewall and monitoring system policies for SDE data

Work closely with the external team on penetration

  • With the awareness of IT security practices (e.g., monitoring logs and reviewing code) is able to review security logs for activity and reports findings to senior team members
  • With a in-depth understanding of secure data environment architecture (e.g., access control, firewalls) can design advanced access control policies to manage data securely and configure firewalls.
  • Leads the design and implementation of SDEs, addressing technical and human/organisational requirements

access controls

  • Is familiar with penetration testing concepts, tools and vulnerabilities and is able to work with external teams to discover vulnerabilities [link to a row 80]
  • Is able to use (and potentially lead) pen testing methodologies and exploiting vulnerablities for assessment purposes working with external teams. [link to 80]
  • Leads on the development of advanced pen testing strategies and can collaborate with external teams to ensure they are ready

Regulatory Compliance & Standards

DSPT (data Security Protection Toolkit) and NHS DTAC

  • Awareness of the DSPT and NHSDTAC
  • Can ensure that systems meet criteria through regular checks

-

Ethics and IRAS, implications of sensitive data and access and research

  • Awareness of ethical principles in research and data access
  • Is familiar with IRAS (Integrated Research Application System)
  • Can apply ethical principles and has experience of the IRAS to research projects

IG (Information Governance) Awareness

  • Awareness of IG principles and their role in managing data securely
  • Ensures IG policies are being followed by team s and users
  • Leads (in conjunction with others ) IG policies are being followed by team s and users

ISO audits

  • Familiarity with ISO standards and the purpose of audits.
  • Ability to assist in preparing documentation required for ISO audits.
  • Basic knowledge of compliance requirements and regulations
  • Ability to independently conduct ISO audits, including planning, execution, and reporting.
  • Proficiency in identifying and assessing risks related to compliance.
  • Ability to recommend improvements based on audit findings.
  • Leading the development and implementation of audit strategies and policies
  • Expertise in analyzing complex audit data and providing actionable insights.
  • Leading audit teams and managing audit projects from start to finish.

Making secure and GDPR-compliant backups of user data

  • Awareness of basic backup methods and tools to create backups
  • Monitors backup processes for compliance and security
  • Ensures that regulations are implemented for the SDE

Pen Testing

  • Applies knowledge of penetration testing concepts, common tools (e.g., Metasploit, Nessus, Burp Suite) and awareness of security vulnerabilities to run basic scans under supervision and identify/report vulnerabilities
  • Conducts testing using more advanced tools (e.g., Astra Pentest, AWS Inspector, Scout Suite) for cloud environments. Is able to identify and exploit vulnerabilities during controlled testing scenarios
  • Has extensive experience leading penetration testing projects, utilizing a wide range of tools and techniques to identify and mitigate vulnerabilities across complex systems

Regulatory Change Management

  • Aware of processes to monitor regulatory changes
  • Can assess impact of regulatory changes on systems
  • Can lead implementation of changes required by new regulations across the organization