Job summary
We are seeking an experienced and visionary Head of Securityto lead the Trust's cyber, information security, resilience, and governance strategy. This senior leadership role sits within the Digital Data & Technology (DDaT) team and plays a critical part in safeguarding patient and organisational data, enabling secure digital transformation, and aligning local strategies with ICS and national initiatives.
The postholder will act as the Deputy Senior Information Risk Owner (SIRO) and provide strategic and operational leadership across architecture, infrastructure, live services, cyber security, and information governance.
Main duties of the job
- Develop and implement a comprehensive cyber and information security strategy across the Trust and ICS.
- Lead risk management, resilience planning, and compliance with national frameworks including ISO27001, DSPT, and Cyber Essentials+.
- Provide expert advice to senior stakeholders and technical teams on emerging threats and mitigation strategies.
- Chair assurance groups and lead internal audit controls for DDaT security.
- Collaborate with Emergency Preparedness teams to ensure cyber threats are integrated into resilience planning.
- Manage budgets, business cases, and funding proposals for cyber initiatives.
- Promote a culture of continuous improvement, training, and professional development across the security function.
- Deputise for the Associate Director of Digital Operations when required.
About us
Diversity makes us interesting... Inclusion is what will make us outstanding.
Inequality exists and the journey to eliminate it is not easy. Every step we take will be a purposeful step forward to deliver a truly inclusive culture where all our people are enabled to deliver outstanding care, where background is no barrier, and where everyone can be their authentic self and we truly represent our patient community.
We are committed to equal opportunities and welcome applications from all sections of the community, regardless of any protected characteristics. Reasonable adjustments will be made for disabled applicants where possible. All applicants who have a disability and meet the minimum criteria for the post can opt for a guaranteed interview.
If you need additional help with your application please get in touch by calling the recruitment team on 0118 322 6997 or 0118 322 5342.
Our primary method of communication will be via email. However, if you would prefer to be contacted through a different method, please inform the recruitment team.
Job description
Job responsibilities
As Head of Security, you will:
- Lead the development of a risk-based cyber and information security strategy, ensuring alignment with ICS and national plans.
- Monitor compliance with professional and regulatory standards and lead internal audits.
- Provide strategic oversight of cyber architecture, live services, and infrastructure delivery.
- Evaluate and articulate business risks related to cyber threats and recommend disaster recovery solutions.
- Engage with stakeholders across the Trust and ICS to raise awareness and improve cyber resilience.
- Develop and manage an information security awareness portfolio and training programmes.
- Ensure governance structures are robust and support effective decision-making and issue resolution.
- Represent the Trust at senior committees and contribute to the Digital Oversight Group and Digital Hospital Committee.
- Drive cost savings and income generation through strategic use of digital services.
- Foster a culture of customer service and continuous improvement within the DDaT team.
- Ensure compliance with legal and ethical responsibilities including GDPR, Health & Safety, and Information Governance policies.
Job description
Job responsibilities
As Head of Security, you will:
- Lead the development of a risk-based cyber and information security strategy, ensuring alignment with ICS and national plans.
- Monitor compliance with professional and regulatory standards and lead internal audits.
- Provide strategic oversight of cyber architecture, live services, and infrastructure delivery.
- Evaluate and articulate business risks related to cyber threats and recommend disaster recovery solutions.
- Engage with stakeholders across the Trust and ICS to raise awareness and improve cyber resilience.
- Develop and manage an information security awareness portfolio and training programmes.
- Ensure governance structures are robust and support effective decision-making and issue resolution.
- Represent the Trust at senior committees and contribute to the Digital Oversight Group and Digital Hospital Committee.
- Drive cost savings and income generation through strategic use of digital services.
- Foster a culture of customer service and continuous improvement within the DDaT team.
- Ensure compliance with legal and ethical responsibilities including GDPR, Health & Safety, and Information Governance policies.
Person Specification
Qualifications
Essential
- Masters level degree or equivalent experience in a related subject
- Formal certification (ISACA: Certified Information Security Manager (CISM). CISSP, or CRISC) and/or formal training in information security standards and best practice (e.g.: ISO 27001/2, COBIT), or equivalent work experience demonstrating understanding of the same.
Desirable
- Professional Enterprise Architecture Qualification e.g. SABSA (Sherwood Applied Business Security Architecture), TOGAF (The Open Group Architecture Framework) or equivalent.
Experience
Essential
- Proven Ability to translate business requirements into delivered solutions in the context of information security.
Desirable
- IT experience gained in both and Acute and Community setting
Person Specification
Qualifications
Essential
- Masters level degree or equivalent experience in a related subject
- Formal certification (ISACA: Certified Information Security Manager (CISM). CISSP, or CRISC) and/or formal training in information security standards and best practice (e.g.: ISO 27001/2, COBIT), or equivalent work experience demonstrating understanding of the same.
Desirable
- Professional Enterprise Architecture Qualification e.g. SABSA (Sherwood Applied Business Security Architecture), TOGAF (The Open Group Architecture Framework) or equivalent.
Experience
Essential
- Proven Ability to translate business requirements into delivered solutions in the context of information security.
Desirable
- IT experience gained in both and Acute and Community setting
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
