Head of Cyber, Band 8b

Company: Gloucestershire Hospitals NHS Foundation Trust
Apply for the Head of Cyber, Band 8b
Location: Gloucester
Job Description:

Head of Cyber, Band 8b

The closing date is 02 August 2026.

The Head of Cyber Security is the expert responsible for protecting the confidentiality, integrity and availability of digital services and patient information across acute, community, mental health and primary care partners within the Gloucestershire Integrated Care System (ICS). Protecting staff, systems and safeguarding patient data from harm by ensuring technology and information that underpins patient care remains safe, available and trustworthy is of utmost importance and enables delivery of safe patient care by our 15,000+ staff with confidence, transparency and compliance.

The post holder will provide strategic and operational leadership of the Cyber Security Team and act as the expert adviser to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committees on all cyber-security matters, working closely with the Information Governance lead and DPO.

They will ensure compliance with the Data Security and Protection Toolkit (DSPT) aligned with the Cyber Assessment Framework (CAF) and the delivery of the NHS Cyber Security Strategy to 2030 and full participation in the regional “Defend as One” model.

The role combines governance, assurance and hands‑on leadership of proactive and preventative tactics, threat intelligence, incident response, vulnerability management, strategy and cultural change to build cyber resilience across the Integrated Care System (ICS).

Main duties of the job

The post holder will be an experienced cyber security leader with a proven track record of managing and improving cyber resilience within large, complex or multi‑organisation environments. They will possess deep technical and governance expertise across areas such as threat detection, vulnerability management and incident response, with the ability to translate complex technical risk into clear, articulate, actionable information for senior executives and boards with assurance and confidence.

They will demonstrate a thorough understanding of national and international cyber standards, including the Cyber Assessment Framework (CAF), Data Security and Protection Toolkit (DSPT), ISO 27001, and the NHS Cyber Security Strategy to 2030. Experience of successfully leading cyber compliance programmes, external audits and penetration‑testing remediation is essential.

The successful candidate will bring experience in leading multidisciplinary cyber teams, developing capability through mentoring and training and fostering an open culture of shared responsibility for cyber security. They will have strong stakeholder‑management and influencing skills, with the ability to build transparent and trusted relationships across digital, information governance and clinical teams, while working collaboratively with regional and national partners under the Defend as One approach.

About us

We take pride in placing people at the centre of everything we do, working together as a united team. Driven by a shared ambition to continually grow, develop, and learn, we recognise and value every contribution. By combining our experience and skills, we not only support our vibrant, diverse communities, but also support one another.

With a team of over 9,000 employees, we are proud to be the largest employer in Gloucestershire and rank among the top 10 largest Trusts in the South West region. By joining our Trust, you will benefit from an excellent package that includes exclusive benefits, flexible working opportunities and the chance to gain valuable experience in one or both of our innovative hospitals.

As well as generous annual leave allowance, you will have access to the excellent NHS pension scheme, competitive bank rates, discounts at local shops and restaurants, access to two on‑site nurseries, discounted public transport, reward and recognition and a range of health and wellbeing initiatives to support you.

Job responsibilities

Strategic Leadership

Act as the senior specialist for cyber security across the ICS, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan.

Act as the primary countywide interface with NHS England’s CSOC, regional cyber leads, and law enforcement, facilitating threat intelligence sharing and collective defence initiatives across the ICS.

Track and report key cyber resilience indicators, including MDE and BitSight scores, vulnerability closure rates, CAF maturity levels, and CareCERT compliance metrics. Use data trends to inform Board‑level assurance and investment priorities.

Provide expert assurance to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committee on cyber risks, controls and maturity.

Lead local adoption of NHS England’s Defend as One principles, ensuring collaboration on shared tooling, intelligence and incident coordination.

Represent the Trust and ICS on regional and national cyber forums, ensuring alignment with NCSC, NHS England Cyber Operations Centre (CSOC) and DHSC guidance.

Operational Management

Lead and develop the Cyber Security Team to deliver proactive monitoring, detection, response and continuous improvement.

Act as the senior technical authority for cyber incident response, providing Tier 3 escalation and decision‑making oversight during major incidents and overseeing coordination between local and national CSOC functions, ensuring event data are triaged, correlated and acted upon efficiently.

Oversee the countywide security tooling stack ensuring optimal configuration and utilisation.

Manage day‑to‑day cyber operations, including vulnerability management, penetration‑testing remediation, phishing simulations and user awareness campaigns.

Maintain robust incident‑response plans compliant with the Data Security Protection Toolkit and NCSC guidance, ensuring all major incidents are logged, triaged and reported within mandated timescales.

Coordinate technical response during cyber events, acting as joint Incident Manager and providing senior briefings, root cause analysis and lessons‑learned reports.

Risk and Compliance

Own and maintain the Cyber Risk Register, consolidating Trust‑ and ICS‑level risks and ensuring appropriate mitigations and assurance evidence.

Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses and internal audits to DSPT objectives.

Maintain oversight of all open cyber audit actions, ensuring timely closure and evidence of improvement.

Deliver the DSPT to Standards Met or higher, embedding continual improvement reviews throughout the year.

Monitor CareCERT/NHS Cyber Alerts and ensure all critical vulnerabilities are triaged within 48 hours and resolved within 14 days.

Oversee removal or mitigation of End‑of‑Life systems to maintain 95 % supported infrastructure.

Promote sustainable cyber operations by adopting energy‑efficient hardware lifecycle management and secure and responsible asset disposal to reduce carbon footprint.

Ensure all new digital procurements and cloud deployments include security‑by‑design and supplier‑assurance controls.

Policy and Governance

Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third‑party assurance.

Provide governance reporting to the Digital Board Committee, Audit Committee and ICS Cyber Operations Group.

Liaise with Information Governance and Data Protection Officer to ensure alignment between IG and Cyber requirements.

Work closely with Information Asset Owners and Administrators to ensure security controls, DPIAs and mitigations are documented and reviewed.

Ensure all system changes or procurements undergo proportionate cyber risk assessment and IG consultation.

People and Culture

Inspire, mentor and develop team members, supporting attainment of professional certifications (CISSP, CISM, NHS Cyber Academy).

Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns.

Act as Subject Matter Expert to advise managers, IAOs and project teams on secure‑by‑design principles.

Manage the cyber‑security budget, ensuring effective investment and demonstrable value for money.

Oversee contracts for penetration testing, secure disposal and software licensing within standing financial instructions.

Prepare business cases for cyber‑tooling, ensuring sustainability and cost‑effectiveness.

Professional Development, Education and Training

Maintain expert awareness of national policy and technical trends, ensuring skills remain current.

Undertake continuing professional development and contribute to the learning of others.

Planning and Organisation

Develop annual cyber workplans with measurable objectives, milestones and KPIs. Coordinate multi‑organisation programmes, including CAF reviews, Windows 11 migration and SOC development.

Contribute to digital business‑continuity and disaster‑recovery planning and exercises.

Research and Development

Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security and IoMT protection.

Evaluate new technologies through proof‑of‑concept pilots and cost‑benefit analysis.

Benchmark performance against national metrics (e.g. MDE, BitSight, Cyber Maturity Model).

Communications and Working Relationships

Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and ICS partners.

Liaise with NHS England Cyber Operations Centre, Regional Cyber Leads, Police Cyber Unit and NCSC.

Communicate complex, sensitive and sometimes contentious security information to senior leaders and technical staff clearly and confidently.

Person Specification

Qualifications

  • Degree in Information Security, Computer Science or related discipline, or equivalent experience.
  • Professional security certification (CISSP, CISM, CIS MP, CCSP).
  • Practitioner‑level qualification in Risk Management (MoR) or equivalent experience.
  • Evidence of continuing professional development relevant to cyber leadership.
  • ITIL v4 Foundation or higher.
  • FEDIP Practitioner or equivalent professional registration.
  • Change, Deployment and Release Management training or experience.

Experience

  • Significant experience leading a cyber or information security function in a large, complex or regulated organisation.
  • Demonstrable experience delivering Cyber Assurance Framework and Data Security Protection Toolkit assurance, including evidence gathering and remediation planning.
  • Experience leading incident response, including major cyber events and multi‑agency or cross‑organisational coordination.
  • Experience managing SIEM platforms, security monitoring or SOC environments.
  • Experience developing and delivering cyber strategies, programmes and roadmaps.
  • Strong track record of supplier assurance, contract cyber compliance and third‑party risk management.
  • Experience producing training, SOPs and cyber playbooks.
  • Experience within the NHS, Integrated Care Systems or wider public sector.
  • Experience implementing Zero Trust approaches, identity modernisation or endpoint/server security uplift programmes.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer name

Gloucestershire Hospitals NHS Foundation Trust

£66,582 to £77,368 a year (pa pro rata if part‑time)

#J-18808-Ljbffr…

Posted: July 2nd, 2026