IT Systems Engineer

IT Systems Engineer

Application Deadline: 30 April 2026

Department: Information Technology

Employment Type: Permanent

Location: Harborne, Birmingham, UK

Reporting To: Associate Director of IT & Resources

Compensation: £41,885 – £51,717 / year

Description

We are looking for a proactive a values driven IT Systems Engineer to design, secure, and maintain business-critical systems. To work closely with QACE and QAC to support the following environments; QAC – Enterprises – All Formats, which is a transcription service with a separate IT infrastructure to maintain industry standards (e.g. PCI DSS, ISO27001, Cyber Essentials). Queen Alexandra Charity– the wider organisation, which includes QAC College (education environment). While the primary focus is expected to be on QACE, there may be periods where the emphasis shifts toward QAC, working with the QAC IT team to provide technical expertise, guidance and support depending on business needs.

Hours37 hours per week/52 weeks per yearThese hours would be actioned any time between 7.00am to 19.00pmParticipation in out of hours emergency work to support critical systems (out of hours work may include, evenings and/or weekends).

Key Responsibilities

• Systems Build, Administer, harden, upgrade, troubleshoot and maintain key critical systems for QACE All Formats, including:
• Firewall inc firewall policies
• Backup infrastructure
• Network Infrastructure (inc network segmentation)
• Servers (Hyper v, Windows, Linux)
• Cloud Services (e.g. Entra)
• On prem Services (Active Directory, SIEM, Print, Access Control, CCTV)
• Perform hardware lifecycle tasks, including OS installation and upgrades, development, security hardening and testing compatibility (Windows 11, Windows server, NAS, Network Infrastructure)
• Support cryptographic controls, key management, and secure certificate lifecycle
• Manage software licenses
• Operate controls aligned to PCI DSS/ISO27001 including:
• Access control, least privilege, role-based access
• Logging and monitoring of security events
• System hardening and vulnerability management
• Secure software lifecycle support
• Data protection and encryption in transit/at rest
• Secure configuration Baseline
• Manage MFT (Multiple File Transfer) infrastructure.
• Implement and enforce security policies (Group Policy, EDR policies, firewall Policies, Access Control).
• Manage patching, vulnerability remediation, and system upgrades in accordance with risk and change control policies.
• Maintain evidence for audits: including documentation and Standard Operating Procedures, configuration baselines, change records, access reviews, vulnerability scan results, penetration test reports, network diagrams, dataflow maps, asset inventories.
• Work with vendor/third party services to meet business requirements.
• Perform software lifecycle tasks, including software installation and upgrades, development, security hardening and testing compatibility.
• Designing and maintaining Business Continuity and Disaster Recovery arrangements including 6 monthly test of the DR solution in Droitwich.

Operations & Service Excellence

• Own incident/problem/change management
• Lead QACE troubleshooting, root cause analysis and corrective actions.
• Undertake remediation work in line with assessment outcomes
• Develop runbooks, SOPs, and automation for repeatable, auditable operations.
• Monitor capacity, performance, and reliability; implement proactive improvements.
• Participate in out of hours work for critical systems.

Collaboration & Documentation

• Work with Security Compliance Manager on policies, control design, risk assessments, control effectiveness testing, audits, log review/analysis and annual assessment planning.
• Produce high-quality documentation: network diagrams, data flow diagrams, asset inventories, control mappings, Standard Operating Processes, and build standards.
• Share knowledge and expertise within the team, by providing technical guidance and/or coaching/mentoring (relevant to skills/experience).
• Assist Security Compliance manager with DR/BC planning and documentation.

Compliance & Governance

• Adhere to Change Management, Incident Management, and Access Review processes.
• Maintain accurate asset inventories, data flow maps, and network diagrams for scope validation.
• Support annual PCI DSS assessment (ROC/SAQ), quarterly ASV scans, and periodic internal/external pen tests.
• Ensure evidentiary trails are complete, reproducible, and time bound (e.g., logs retained ≥1 year, online ≥3 months per policy).

Other Duties

• Adhere to the Charity’s Health and Safety Policy at all times, recognising responsibility for own safety and that of others.
• Act at all times in accordance with the Staff Code of Conduct and QAC Values of Respect, Excellence, Enabling, Collaboration and Inclusion.
• Comply with all QAC policies and procedures.
• QAC employees may be expected to undertake designated emergency response duties as part of their role. This includes receiving appropriate training, instruction and information to carry out emergency procedures safely and effectively.
• Responding to emergency situations in line with organisational policies and procedures.
• Supporting the organisation’s compliance with relevant Health and Safety legislation.

Safeguarding Statement

Queen Alexandra Charity is committed to safeguarding and promoting the welfare of young people and vulnerable adults and expects all staff and volunteers to share this commitment. Successful applicants will be subject to an enhanced Disclosure and Barring Service (DBS) check and two employment references.

Skills, Knowledge and Expertise

Essential Criteria

• Relevant industry qualifications (e.g., MSP, Security+, CCNA, Palo Alto)
• 5+ years’ experience building, administrating, hardening, upgrades, troubleshooting;
• Backup infrastructure, Network Infrastructure (inc network segmentation), Servers (Hyper v, Windows, Linux), Cloud Services (e.g. Entra, MS365), On prem Services (Active Directory, SIEM, Print, Access Control, CCTV)
• Practical experience of cyber security best practices, SIEM, Identify Access Management, TLS, certificates, HSM/key management basics, and secure cipher suites, Endpoint Protection, vulnerability assessment and Patch Management.
• Demonstrable knowledge of PCI DSS and ISO 27001 concepts
• Security-first mindset, with strong problem-solving skills and attention to detail
• Ability to interpret standards and translate them into practical, automated controls
• Strong written and verbal communication skills
• Able to produce high quality, clear documentation and guidance
• Ability to manage key stakeholder relationships across a range of functions (Operations, Security, Audit)
• Action-orientated, with the ability to take ownership. Comfortable operating in high-availability environments
• Strong commitment to equality, diversity and inclusion. Identifies with and demonstrates QAC Vision and Values and FREDIE (Fairness, Respect, Equality, Diversity, Inclusion and Engagement)
• Ability to work flexibly, including as part of out of hours cover
• Car driver, clean current driving licence and access to own vehicle

For a full account please refer to the Job Description and Person Specification attached

Why work at Queen Alexandra Charity Birmingham

Join our team at Queen Alexandra Charity!

#J-18808-Ljbffr…