Senior Information Security Analyst

Job DescriptionJob Title: Senior Information Security AnalystDepartment: ITReports to: Information Security ManagerDate: 2025   Overall Purpose of JobThe Mission of Beacon Hospital is to provide quality patient care in an environment that is respectful, compassionate and caring.We are seeking a highly experienced and technically capable Senior Information Security Analyst to support the implementation and continuous improvement of the hospital’s cybersecurity programme. This role is responsible for proactively safeguarding the hospital’s information systems and data assets from internal and external threats, ensuring ongoing compliance with regulatory requirements including GDPR and the NIS2 Directive.The successful candidate will work across infrastructure, application, and clinical system domains to lead risk assessments, investigate incidents, manage security tools, and contribute to the secure delivery of digital services. The role requires strong technical expertise, a practical understanding of information security operations, and the ability to deliver tangible outcomes in a complex, regulated environment.Key Responsibilities and Deliverables·        Assist in the implementation, and continuous improvement of the hospital’s cyber security framework.·        Monitor security alerts and logs to detect, investigate, and respond to threats and vulnerabilities.·        Conduct risk assessments, penetration testing, and vulnerability scans to identify and mitigate security gaps.·        Manage incident response activities including root cause analysis, reporting, and recovery.·        Maintain and update cyber security policies, procedures, and documentation in line with evolving threats and regulatory requirements.·        Provide guidance and support to IT staff and end users on best practices for cyber hygiene.·        Collaborate with clinical and administrative teams to ensure secure deployment of healthcare systems (e.g., EHR/EMR platforms).·        Evaluate, implement, and manage security tools such as SIEM, EDR, firewalls, antivirus, and encryption technologies.·        Ensure compliance with relevant healthcare data protection standards and legal obligations like NIS2.·        Liaise with external auditors, vendors, and regulators as necessary.·        Conduct regular training and awareness campaigns across hospital departments.·        Assess, test, and support the secure development and deployment of web applications, ensuring protection against common vulnerabilities (e.g., OWASP Top 10) through secure coding practices and regular security reviews.·        Keep up to date with cyber threat trends, technology developments, and regulatory updates to inform internal practices and risk mitigation efforts Person Specification Qualifications·       Bachelor's degree in computer science or related field. MSc in Cyber Security is an advantage.·        Security Engineering certifications preferred - Security+, Network+, GCIA, GCFA, GMON, GNFA, SSCP, OSCP, ISA/IEC 62443 etc.·        Experience and strong understanding of frontline security operations (SOC / Incident response activities) working with - SIEM, NetFlow, IDS/IPS, Anti-Virus, Malware etc.·        Understanding of various threat hunting techniques (Structured or un-structured, custom or intel-based hunting etc.), tools (SIEM or EDR), models and frameworks (MITRE pre-attack and attack frameworks)·        Understanding of modern security attack techniques and how best to detect them·        Knowledge and/or experience with modern security automation technologies for threat hunting·        Competent in scripting languages for automation (Ideally with Python or KQL, C, C++, Java, PowerShell, Bash etc.)·        Understanding of the underlying protocols such as HTTP, HTTPS, SMTP, SQL. Experience (Amount and Type) ·        At least five years’ experience in a cyber security support role, preferably in Healthcare or critical infrastructure. ·        Experience and strong understanding of frontline security operations (SOC / Incident response activities) working with - SIEM, NetFlow, IDS/IPS, EDR, XDR, Malware etc.·        Good background in Active Directory, Exchange and Office365 administration and management·        Experience in analysing customer solutions, plan and implement in relation to Security·        Experience with threat intelligence platforms, threat modelling and threat hunting techniques.·        Familiarity with GDPR, NIST CSF 2.0, ISO/IEC 27001 and NIS2 Directive·        Experience working with IAM and managing cloud identity services.·        Familiarity with network and web protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, etc.)·        Proven track record in managing security incidents and implementing mitigation strategies.·        Experience in web application security is highly desirable. This includes knowledge of common vulnerabilities (e.g., OWASP Top 10), secure coding practices, and the ability to assess, test, and remediate web-based threats. Job Specific Competencies and Knowledge  ·       Building and executing project plans working closely with customers and IT to understand and manage project expectations.·        Project experience involving technical consulting, solution design, project envisioning, planning, development and deployment.·        Provide accurate information at an appropriate level of complexity to staff in order to facilitate understanding and effective use by network/systems users.·        Provide a high standard of customer service and follow through staff inquiries and questions from commencement to resolution in a timely and professional manner.·        Plan and manage their own work in a complex, changing environment in order to meet set objectives and deadlines.·        Contribute to the success of the team by developing and utilizing effective lines of communication with other members and providing support to others as needed to ensure cohesion and consistency in approach.·        Provide advice (knowledge transfer) to the customer and partners. These will include support groups in the Automation, Local and Enterprise Applications & Infrastructure space as well as vendors and consultants from an external perspective who support many of the systems·        Prepare documentation and training to support staff and related processes.·        Ability to support a 24x7x365 operation, including participation in monthly maintenance patching and updating activities.·        Additionally, this position provides On-Call IT support on a rotational basis.  Personal Competencies ·        All posts in Beacon Hospital require a high level of flexibility to ensure the delivery of an effective and efficient service. Therefore, the post holder will be required to demonstrate flexibility as and when required by their manager and / or hospital management. This job description is intended to be an outline of the areas of responsibility and deliverables at the time of its writing. As the Hospital and the post holder develop, this job description may be subject to review in light of the changing needs of the Hospital.