Operate and maintain the hospital's vulnerability management programme, including scanning, prioritisation, remediation tracking and reporting
Monitor security tooling and alerts, supporting early detection and response to security incidents
Undertake technical investigation, root cause analysis and post‑incident reviews
Technical Security Controls : Implement, configure and maintain security controls across networks, servers, endpoints, cloud services and clinical systems
Support endpoint protection, email security, MFA, identity security controls and log management
Work with Infrastructure and Applications teams to ensure secure configuration and hardening of systems.
Governance, Risk and Compliance: Ensure systems and services align with GDPR, Data Protection Act, NHS DSPT principles (where applicable), and Bupa security standards
Maintain security documentation, SOPs, technical standards, and audit artefacts
Design, Projects and Change : Ensure security considerations are embedded into new systems, infrastructure changes, and clinical technology deployments
Review designs and changes for security impact and provide risk‑based recommendations.
Stakeholder and Vendor Engagement: Act as a technical security point of contact for suppliers, partners, and managed security services
Participate in group‑wide security forums and working groups as required
Communicate security risks, issues and remediation plans clearly to technical and non‑technical stakeholders
Key Skills / Qualifications:
Demonstrable experience in an information security or security engineering role.
Strong technical understanding of security concepts and controls
Experience operating vulnerability management and remediation processes
Experience with endpoint, network, and cloud security controls. Understanding of identity, access management and MFA
Experience working in regulated environments.
Ability to translate security risks into clear, pragmatic recommendations
Flexible with ability to support out‑of‑hours activity when required
Benefits
At King Edward VII's Hospital, we want to reward our staff for the amazing job that they do.As part of the team, you will have access to a range of benefits for your work and home life.We offer a variety of benefits that take into consideration how you commute to work, your health and well-being and recognising your service and any staff referrals you make to the Hospital.Take a look at the full range of benefits on offer when working here:Annual leave entitlement of 25 days + bank holidays increasing with length of serviceIn-house training for all staffCompany pension schemeInterest free travel loanPrivate healthcare (Eligible after 12m)Bicycle Loan SchemeRetailer discountsEmployee Assistance ProgrammePart of a Globally Trusted Healthcare GroupWe're committed to ensuring you're treated fairly during the recruitment process and offer reasonable adjustments to anyone who may benefit from accommodations to the recruitment process.If you require inHealth insuranceFlexible schedule
Additional Information
Job Description:
Information Security Engineer
King Edward VII's Hospital, 5-10 Beaumont Street, Marylebone, London W1G 6AA
Permanent (37.5hrs) Hybrid: up to 2 days WFH
Salary from: £55k + Fantastic Benefits
Advert Expires: 23 June 2026
How you'll help us make health happen.
This role provides specialist information security capability across King Edward VII's Hospital, supporting the protection of clinical, patient, and corporate information assets. The Information Security Engineer is responsible for implementing, operating, and continually improving technical security controls, vulnerability management, and security monitoring in line with organisational, regulatory, and group (Bupa/DASCL) requirements.
Working closely with IT Infrastructure, Applications, suppliers, and group security teams, the post‑holder ensures that security is embedded into day‑to‑day operations, projects, and system design, while maintaining high availability and safety within a clinical healthcare environment.
Bupa · King Edwards Vii Hospital