Go back
Gloucestershire Hospitals NHS Foundation Trust

Head of Cyber, Band 8b

The closing date is 11 January 2026

Apply for this job

Job summary

The Head of Cyber Security is the expert responsible for protecting the confidentiality, integrity and availability of digital services and patient information across acute, community, mental health and primary care partners; our Gloucestershire Integrated Care System (ICS). Protecting our staff, systems and safeguarding our patient data from harm by ensuring technology and information that underpins patient care remains safe, available and trustworthy is of utmost importance and key in in enabling delivery of safe patient care by our 15,000+ staff with confidence, transparency and compliance.

The post holder will provide strategic and operational leadership of the Cyber Security Team and acts as the expert adviser to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committees on all cyber-security matters, working closely with the Information Governance lead and DPO.

They ensure compliance with the Data Security and Protection Toolkit (DSPT) aligned with the Cyber Assessment Framework (CAF) and delivery of the NHS Cyber Security Strategy to 2030 and full participation in the regional "Defend as One" model.

The proposed interview date is: 20th January

Main duties of the job

The role combines governance, assurance and hands-on leadership of proactive and preventative tactics, threat intelligence, incident response, vulnerability management, strategy and cultural change to build cyber resilience across the Integrated Care System (ICS

They will have a proven track record of managing and improving cyber resilience within large, complex or multi-organisation environments; ideally within the NHS or wider public sector. They will possess deep technical and governance expertise across areas such as threat detection, vulnerability management and incident response, with the ability to translate complex technical risk into clear, articulate, actionable information for senior executives and boards with assurance and confidence.

They will demonstrate a thorough understanding of national and international cyber standards, including the Cyber Assessment Framework (CAF), Data Security and Protection Toolkit (DSPT), ISO 27001, and the NHS Cyber Security Strategy to 2030. Experience of successfully leading cyber compliance programmes, external audits and penetration-testing remediation is essential, alongside a strong grasp of modern tooling such as MS Defender for Endpoint, Sentinel, SIEM and vulnerability-scanning and asset management platforms.

The successful candidate will bring experience in leading multidisciplinary cyber teams, developing capability through mentoring and training and fostering an open culture of shared responsibility for cyber security.

About us

We take pride in placing people at the centre of everything we do, working together as a united team. Driven by a shared ambition to continually grow, develop, and learn, we recognise and value every contribution. By combining our experience and skills, we not only support our vibrant, diverse communities, but also support one another.

With a team of over 9,000 employees, we are proud to be the largest employer in Gloucestershire and rank among the top 10 largest Trusts in the South West region. By joining our Trust, you will benefit from an excellent package that includes exclusive benefits, flexible working opportunities and the chance to gain valuable experience in one or both of our innovative hospitals.

As well as generous annual leave allowance, you will have access to the excellent NHS pension scheme, competitive bank rates, discounts at local shops and restaurants, access to two on-site nurseries, discounted public transport, reward and recognition and a range of health and wellbeing initiatives to support you.

Details

Date posted

17 December 2025

Pay scheme

Agenda for change

Band

Band 8b

Salary

£64,455 to £74,896 a year (pa pro rata if part-time)

Contract

Permanent

Working pattern

Full-time

Reference number

318-25-T0763

Job locations

Victoria Warehouse

Gloucester

GL1 2EL


Job description

Job responsibilities

Strategic Leadership

- Act as the senior specialist for cyber security across the ICS, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan.

- Act as the primary countywide interface with NHS Englands CSOC, regional cyber leads, and law enforcement. Facilitate threat intelligence sharing and collective defense initiatives across the ICS.

- Track and report key cyber resilience indicators, including MDE and BitSight scores, vulnerability closure rates, CAF maturity levels, and CareCERT compliance metrics. Use data trends to inform Board-level assurance and investment priorities.

- Provide expert assurance to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committee on cyber risks, controls and maturity.

- Lead local adoption of NHS Englands Defend as One principles, ensuring collaboration on shared tooling, intelligence and incident coordination.

- Represent the Trust and ICS on regional and national cyber forums, ensuring alignment with NCSC, NHS England Cyber Operations Centre (CSOC) and DHSC guidance.

- Lead and develop the Cyber Security Team to deliver proactive monitoring, detection, response and continuous improvement.

- Act as the senior technical authority for cyber incident response, providing Tier 3 escalation and decision-making oversight during major incidents.Oversee coordination between local and national CSOC functions, ensuring event data are triaged, correlated, and acted upon efficiently.

- Oversee the countywide security tooling stack ensuring optimal configuration and utilisation.

- Manage day-to-day cyber operations, including vulnerability management, penetration-testing remediation, phishing simulations and user awareness campaigns.

- Maintain robust incident-response plans compliant with Data Security Protection Toolkit and NCSC guidance, ensuring all major incidents are logged, triaged and reported within mandated timescales.

- Coordinate technical response during cyber events, acting as joint Incident Manager and providing senior briefings, root cause analysis and lessons-learned reports.

Risk and Compliance

- Own and maintain the Cyber Risk Register, consolidating Trust- and ICS-level risks and ensuring appropriate mitigations and assurance evidence.

- Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses, and internal audits to DSPT objectives.

- Maintain oversight of all open cyber audit actions, ensuring timely closure and evidence of improvement.

- Deliver the DSPT to Standards Met or higher, embedding continual improvement reviews throughout the year.

- Monitor CareCERT/NHS Cyber Alerts and ensure all critical vulnerabilities are triaged within 48 hours and resolved within 14 days.

- Oversee removal or mitigation of End-of-Life systems to maintain 95 % supported infrastructure.

- Promote sustainable cyber operations by adopting energy-efficient hardware lifecycle management and secure and responsible asset disposal to reduce carbon footprint.

- Ensure all new digital procurements and cloud deployments include security-by-design and supplier-assurance controls.

Policy and Governance

- Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third-party assurance.

- Provide governance reporting to the Digital Board Committee, Audit Committee and ICS Cyber Operations Group.

- Liaise with Information Governance and Data Protection Officer to ensure alignment between IG and Cyber requirements.

- Work closely with Information Asset Owners and Administrators to ensure security controls, DPIAs, and mitigations are documented and reviewed.

- Ensure all system changes or procurements undergo proportionate cyber risk assessment and IG consultation.

People and Culture

- Inspire, mentor and develop team members, supporting attainment of professional certifications (CISSP, CISM, NHS Cyber Academy).

- Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns.

- Act as Subject Matter Expert to advise managers, IAOs and project teams on secure-by-design principles.

- Manage the cyber-security budget, ensuring effective investment and demonstrable value for money.

- Oversee contracts for penetration testing, secure disposal and software licensing within standing financial instructions.

- Prepare business cases for cyber-tooling, ensuring sustainability and cost-effectiveness.

- Professional Development, Education and Training

- Maintain expert awareness of national policy and technical trends, ensuring skills remain current.

- Undertake continuing professional development and contribute to the learning of others.

Planning and Organisation

- Develop annual cyber workplans with measurable objectives, milestones and KPIs.Coordinate multi-organisation programmes, including CAF reviews, Windows 11 migration, and SOC development.

- Contribute to digital business-continuity and disaster-recovery planning and exercises.

Research and Development

- Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security, and IoMT protection.

- Evaluate new technologies through proof-of-concept pilots and cost-benefit analysis.

- Benchmark performance against national metrics (e.g. MDE, BitSight, Cyber Maturity Model).

Communications and Working Relationships

- Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and ICS partners.

- Liaise with NHS England Cyber Operations Centre, Regional Cyber Leads, Police Cyber Unit, and NCSC.

- Communicate complex, sensitive and sometimes contentious security information to senior leaders and technical staff clearly and confidently.

Job description

Job responsibilities

Strategic Leadership

- Act as the senior specialist for cyber security across the ICS, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan.

- Act as the primary countywide interface with NHS Englands CSOC, regional cyber leads, and law enforcement. Facilitate threat intelligence sharing and collective defense initiatives across the ICS.

- Track and report key cyber resilience indicators, including MDE and BitSight scores, vulnerability closure rates, CAF maturity levels, and CareCERT compliance metrics. Use data trends to inform Board-level assurance and investment priorities.

- Provide expert assurance to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committee on cyber risks, controls and maturity.

- Lead local adoption of NHS Englands Defend as One principles, ensuring collaboration on shared tooling, intelligence and incident coordination.

- Represent the Trust and ICS on regional and national cyber forums, ensuring alignment with NCSC, NHS England Cyber Operations Centre (CSOC) and DHSC guidance.

- Lead and develop the Cyber Security Team to deliver proactive monitoring, detection, response and continuous improvement.

- Act as the senior technical authority for cyber incident response, providing Tier 3 escalation and decision-making oversight during major incidents.Oversee coordination between local and national CSOC functions, ensuring event data are triaged, correlated, and acted upon efficiently.

- Oversee the countywide security tooling stack ensuring optimal configuration and utilisation.

- Manage day-to-day cyber operations, including vulnerability management, penetration-testing remediation, phishing simulations and user awareness campaigns.

- Maintain robust incident-response plans compliant with Data Security Protection Toolkit and NCSC guidance, ensuring all major incidents are logged, triaged and reported within mandated timescales.

- Coordinate technical response during cyber events, acting as joint Incident Manager and providing senior briefings, root cause analysis and lessons-learned reports.

Risk and Compliance

- Own and maintain the Cyber Risk Register, consolidating Trust- and ICS-level risks and ensuring appropriate mitigations and assurance evidence.

- Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses, and internal audits to DSPT objectives.

- Maintain oversight of all open cyber audit actions, ensuring timely closure and evidence of improvement.

- Deliver the DSPT to Standards Met or higher, embedding continual improvement reviews throughout the year.

- Monitor CareCERT/NHS Cyber Alerts and ensure all critical vulnerabilities are triaged within 48 hours and resolved within 14 days.

- Oversee removal or mitigation of End-of-Life systems to maintain 95 % supported infrastructure.

- Promote sustainable cyber operations by adopting energy-efficient hardware lifecycle management and secure and responsible asset disposal to reduce carbon footprint.

- Ensure all new digital procurements and cloud deployments include security-by-design and supplier-assurance controls.

Policy and Governance

- Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third-party assurance.

- Provide governance reporting to the Digital Board Committee, Audit Committee and ICS Cyber Operations Group.

- Liaise with Information Governance and Data Protection Officer to ensure alignment between IG and Cyber requirements.

- Work closely with Information Asset Owners and Administrators to ensure security controls, DPIAs, and mitigations are documented and reviewed.

- Ensure all system changes or procurements undergo proportionate cyber risk assessment and IG consultation.

People and Culture

- Inspire, mentor and develop team members, supporting attainment of professional certifications (CISSP, CISM, NHS Cyber Academy).

- Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns.

- Act as Subject Matter Expert to advise managers, IAOs and project teams on secure-by-design principles.

- Manage the cyber-security budget, ensuring effective investment and demonstrable value for money.

- Oversee contracts for penetration testing, secure disposal and software licensing within standing financial instructions.

- Prepare business cases for cyber-tooling, ensuring sustainability and cost-effectiveness.

- Professional Development, Education and Training

- Maintain expert awareness of national policy and technical trends, ensuring skills remain current.

- Undertake continuing professional development and contribute to the learning of others.

Planning and Organisation

- Develop annual cyber workplans with measurable objectives, milestones and KPIs.Coordinate multi-organisation programmes, including CAF reviews, Windows 11 migration, and SOC development.

- Contribute to digital business-continuity and disaster-recovery planning and exercises.

Research and Development

- Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security, and IoMT protection.

- Evaluate new technologies through proof-of-concept pilots and cost-benefit analysis.

- Benchmark performance against national metrics (e.g. MDE, BitSight, Cyber Maturity Model).

Communications and Working Relationships

- Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and ICS partners.

- Liaise with NHS England Cyber Operations Centre, Regional Cyber Leads, Police Cyber Unit, and NCSC.

- Communicate complex, sensitive and sometimes contentious security information to senior leaders and technical staff clearly and confidently.

Person Specification

Qualifications & Training

Essential

  • Degree in Information Security, Computer Science or related discipline, or equivalent experience.
  • Professional security certification (CISSP, CISM, CIS MP, CCSP).
  • Practitioner-level qualification in Risk Management (MoR) or equivalent experience.
  • Evidence of continuing professional development relevant to cyber leadership.

Desirable

  • ITIL v4 Foundation or higher
  • Project/Programme qualification (PRINCE2, APM).
  • FEDIP Practitioner or equivalent professional registration
  • Change, Deployment and Release Management training or experience

Experience

Essential

  • Significant experience leading a cyber or information security function in a large, complex or regulated organisation.
  • Demonstrable experience delivering Cyber Assurance Framework and Data Security Protection Toolkit assurance, including evidence gathering and remediation planning.
  • Experience leading incident response, including major cyber events and multi-agency or cross-organisational coordination.
  • Experience managing SIEM platforms, security monitoring or SOC environments.
  • Experience developing and delivering cyber strategies, programmes and roadmaps.
  • Strong track record of supplier assurance, contract cyber compliance and third-party risk management
  • Experience producing training, SOPs and cyber playbooks.

Desirable

  • Experience within the NHS, Integrated Care Systems or wider public sector.
  • Experience implementing Zero Trust approaches, identity modernisation or endpoint/server security uplift programmes
Person Specification

Qualifications & Training

Essential

  • Degree in Information Security, Computer Science or related discipline, or equivalent experience.
  • Professional security certification (CISSP, CISM, CIS MP, CCSP).
  • Practitioner-level qualification in Risk Management (MoR) or equivalent experience.
  • Evidence of continuing professional development relevant to cyber leadership.

Desirable

  • ITIL v4 Foundation or higher
  • Project/Programme qualification (PRINCE2, APM).
  • FEDIP Practitioner or equivalent professional registration
  • Change, Deployment and Release Management training or experience

Experience

Essential

  • Significant experience leading a cyber or information security function in a large, complex or regulated organisation.
  • Demonstrable experience delivering Cyber Assurance Framework and Data Security Protection Toolkit assurance, including evidence gathering and remediation planning.
  • Experience leading incident response, including major cyber events and multi-agency or cross-organisational coordination.
  • Experience managing SIEM platforms, security monitoring or SOC environments.
  • Experience developing and delivering cyber strategies, programmes and roadmaps.
  • Strong track record of supplier assurance, contract cyber compliance and third-party risk management
  • Experience producing training, SOPs and cyber playbooks.

Desirable

  • Experience within the NHS, Integrated Care Systems or wider public sector.
  • Experience implementing Zero Trust approaches, identity modernisation or endpoint/server security uplift programmes

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Gloucestershire Hospitals NHS Foundation Trust

Address

Victoria Warehouse

Gloucester

GL1 2EL


Employer's website

https://www.gloshospitals.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Gloucestershire Hospitals NHS Foundation Trust

Address

Victoria Warehouse

Gloucester

GL1 2EL


Employer's website

https://www.gloshospitals.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Associate CDIO (Programmes, Governance & Cyber)

Martyn Hebbron

martyn.hebbron@nhs.net

07752020261

Details

Date posted

17 December 2025

Pay scheme

Agenda for change

Band

Band 8b

Salary

£64,455 to £74,896 a year (pa pro rata if part-time)

Contract

Permanent

Working pattern

Full-time

Reference number

318-25-T0763

Job locations

Victoria Warehouse

Gloucester

GL1 2EL


Supporting documents

Privacy notice

Gloucestershire Hospitals NHS Foundation Trust's privacy notice (opens in a new tab)