Cyber Security Lead

Company: NHS
Apply for the Cyber Security Lead
Location: Exeter
Job Description:

Cyber Operations purpose is to support safe care and build public trust by building NHS England’s cyber resilience and enabling the wider health system to be cyber resilient, supporting Transformation Directorate’s purpose of delivering the best care and outcomes for the NHS.

The Cyber Operations sub-directorate consists of 4 operational areas: Cyber Operations Services (COS), Cyber Delivery, Cyber Improvement and Chief Information Security Officer (CISO). This role sits within the COS team of which SIO is a function within that team.

Service Integration and Ownership (SIO) is primarily external facing, managing the portfolio of Cyber Services to the NHS System to support them in managing cyber risk and resilience which underpin the delivery of patient services and outcomes.

Services we provide include Secure Boundary, Vulnerability management, Cyber security ratings service and the Data Security and Protection Toolkit.

Consistent, efficient, proportionate security risk management is best achieved by a blend of centralised advice, control and security services blended with individual security responsibility and actions. We support the NHS system and owners of security risk keep their services secure, deliver managed security services to the system, filling the gaps where secure design & operation or other constraints fail to deliver proportionate security across the system.

Main duties of the job

The Security Lead is focussed on system / service wide assurance to organisations to assess and ensure that they are managing their risks, practising good data security and that prescribed standards and compliance regimes are adhered to appropriately.

As a Security Lead you will:

  • Have a good understanding of information security / governance frameworks / Security operations.
  • Have a good understanding of the end-to-end management and enhancement of services, including management of 3rd party providers
  • Manage and support a subset of the portfolio of cyber services delivered by the SIO team to the wider NHS and their interfaces with dependent parties and operational processes
  • Detailed understanding of what constitutes good and poor cyber hygiene.
  • A good understanding of the health and care system in England
  • The ability to communicate complex concepts to audience that have limited knowledge of cyber security.
  • Be able to influence organisations in improving their cyber posture whilst maximising the value from central services

The role will also be required to manage members of the team, ensuring they deliver on team objectives and promote their personal development ambitions.

Job responsibilities

Please see the attached Job Description and Person Specification for more information about the role and responsibilities.

The ideal candidate will also hold a CISM certification, and ITIL v4 or hold equivalent service management experience.

Please ensure your supporting statement includes demonstratable evidence and specific examples on how you meet the criteria for each of the key skills specified. This will be used in both the shortlisting and interview processes

Important: Please be aware there are residency requirements you need to meet:

All NHS England Cyber Security personnel must hold Security Clearance level as a minimum. To meet National Security Vetting requirements, SC clearances require 5 years continuous UK residency. In certain cases, this can be reduced to three years continuous UK residency, with additional overseas checks for the previous two years. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role – will still be considered.

Please make sure you meet these requirements before applying for this role. You dont need to have SC already, however, failure to achieve the requirements for SC after offer will result in the job offer being withdrawn. For further advice please check https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels/national-security-vetting-clearance-levels#security-check-sc

Please be aware that should you be successful in this position, you will be hired to the job title of Security Lead and this job title is advertised to attract the right skills needed for the role.

The post of Security Lead has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 30% per annum. Please be aware that RRP is non-contractual and subject to review.

Person Specification

Knowledge

  • Extensive knowledge of the strategies, accountability framework, organisational structure and processes used to encourage proper behaviour in IT activities and operations, and ability to implement IT systems and controls to meet business needs and requirements.
  • Proven knowledge of processes, tools and techniques for assessing and controlling an organisation’s exposure to risks of various kinds; ability to apply this knowledge appropriately to diverse situations.

Skills & Experience

  • Detailed knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organisational network operation and minimise negative effect by cybersecurity risks.
  • Specialist knowledge of and the ability to utilise tools and techniques for assessing the effectiveness of information security measures, identifying potential risk exposures, and protecting the availability, confidentiality and audit trails of information from destruction or manipulation.

Qualifications

  • Masters level degree in Cyber Security, or a relevant subject, or equivalent level of experience.
  • CISM certification

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer name

NHS England

Address

Wellington Place, Leeds / Hexagon House, Exeter / other NHSE office locations may be considered

Leeds / Exeter / other locations may be considered

£88,556.60 to £100,578.40 a yearPer Annum (this includes a RRP payment of 30%)

Contract

Permanent

Working pattern

Full-time

Reference number

990-TDD-CY-EC2738-E

Job locations

Wellington Place, Leeds / Hexagon House, Exeter / other NHSE office locations may be considered

Leeds / Exeter / other locations may be considered

#J-18808-Ljbffr…

Posted: June 27th, 2026