Go back
Calderdale and Huddersfield NHS Foundation Trust

Cyber Security Manager

The closing date is 15 October 2025

Apply for this job

Job summary

The Health Informatics Service (THIS), hosted by Calderdale and Huddersfield NHS Foundation Trust (CHFT), provides a broad range of IM&T services across many diverse customer organisations. A significant part of this provision reports to the Chief Technology Officer (which accompany Operational Support and Business Intelligence services). These services are based around those functions that provide people, who have highly developed specialist knowledge, skills and experience, allowing them to facilitate, train, manage and advise across a whole range of IM&T related areas. The Cyber & IT Security Service (CITS) is one of these principal service areas.

The post holder will be a key member of the Chief Technology Officers staff and have responsibility for leading the design, delivery and continuous improvement of the CITS service, ensuring that the strategic vision for the service is developed and delivered in line with mandated national policy and our internal Governance, Risk and Compliance (GRC) Framework.

Specifically, the post holder will direct and support the Operational Technical Managers with the implementation of the strategic vision for Cyber & IT Security, across THIS, CHFT and the wider customer base, ensuring professionalisation and commercialisation are embedded as central values throughout all levels of the service.

Main duties of the job

  1. To lead the development and to direct the implementation of the overall strategic vision of the CITS Service, including service/personnel development/improvement, professionalisation and commercialisation.

  1. Lead on the development and implementation of the GRC Programme from a CITS perspective, ensuring all current and emerging national and locally mandated compliancy areas are encompassed (ISO27001:2013, Cyber Essentials Plus, NIS Regulation, GDPR, DATA Protection Act 2018, ENISA, DSPToolkit, OWASP top 10).

  1. Lead on the strategic development of the THIS Cyber Security Service.

  1. Be responsible for remaining up to date on current security threats (threat actors/attack vectors) and ensure risk assessments are applied to promote mitigation.

  1. Be responsible for the research and evaluation of the latest Cyber Security, Information Security and IT Governance products and protocols.

  1. Lead on the development and delivery of a range of Cyber & IT Security awareness sessions/workshops/presentations that will focus on improving cyber safety throughout the business, customer base and wider regional footprint.

  1. Be responsible for the management, development, support and delivery of all CITS services delivered to both internal and external customers.

  1. To create and continually develop a structure that will consistently deliver excellent service and meet all customers' requirements.

About us

We employ more than 6,500 staffwho deliver compassionate care from our two main hospitals,Calderdale Royal Hospital and Huddersfield Royal Infirmary as well as in community sites, healthcentres and in patients' homes. We also are incredibly proud to have almost 150 volunteers here at CHFT.

We provide a range of services including urgent and emergency care; medical; surgical; maternity; gynaecology; critical care; children's and young people's services; end of life care and outpatient and diagnostic imaging services.

We provide community health services, including sexual health services in Calderdale from Calderdale Royal and local health centres. These include Todmorden Health Centre and Broad Street Plaza.

We continue to modernise and invest in our health services to build on our strong reputation.Foundation trusts are public leaders in improving quality in health services. They are part of the NHS- yet decisions about what they do and how they do it are driven by independent boards. Boardslisten to their Council of Governors and respond to the needs of their members - patients, staff andthe local community.

Foundation trusts provide what the health service wants, yet are also free to invest quickly in thechanges to the local community needs, in striving to be the best, and in putting their patients first.

Details

Date posted

08 October 2025

Pay scheme

Agenda for change

Band

Band 8b

Salary

Depending on experience per annum

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

372-THIS1377

Job locations

The Health Informatics Service

Unit 13, Ainley Industrial Estate, Ainley Bottom

Elland

HX5 9JP


Job description

Job responsibilities

Please note: This role requires Security Check (SC) clearance. Candidates must already hold this clearance or be eligible to obtain it.

Applicants must either currently hold SC clearance or be eligible and willing to undergo the Security Check vetting process.

Due to the security-sensitive nature of this role, SC clearance is required.

Strategic

  • Formulate and implement the long term Cyber & IT Security Strategy and dependant Policies and Procedures, in line with THIS, CHFT, customer and national requirements

  • Formulate the Health Informatics Cyber & IT Security business plan

  • Scope, design and implement GRC Methodologies in conjunction with the DPO across all Trust departments

  • Design CITS policies in line with existing and upcoming nationally and locally mandated compliancy requirements

  • Support the senior leadership team to plan the long term development of The Health Informatics Service

  • Maintain all business level certifications/accreditations e.g. Cyber Essentials, IASME, IASME Gold, Relevant accreditations in line with DSP Toolkit.

Advisory

  • Provide advice, guidance and auditing regarding:

  • Audit and guide Business Asset Risk Assessments across the Trusts technical estate

  • ISO27001:2013

  • GDPR/NIS Regulation Technical requirements

  • Cyber Essentials Plus

  • Data Security and Protection Toolkit

  • Cyber Incident Response, including ability to host regional calls during outages/attacks/significant vulnerabilities

  • Designing and directing the internal CareCert implementation and response process across all technical teams

  • CareCert/NHS England alerts and evidential reports

  • Product and Service analysis pre-procurement

  • Lead on security analysis of products and services pre-implementation across a wide range of service users, including Financial, Clinical, and Operational systems

  • Compliance and Compensating control scoping and design

  • Advise the ISMS Group on technical aspects of Trust Risk

  • Tracking and reporting security performance in terms of finance, quality and key milestones to the Trust Board, ISMS Group, and GRC Governance Groups.

  • Internal Management process and change management security requirement

  • Advise all technical teams around mandatory actions (patching etc) as well as best practice

  • Provide technical and security guidance to Project Management Boards

  • Provide Technical Guidance to the Information Governance Team and DPO

  • Advise on Disciplinary cases of computer misuse

  • Investigate and report serious or highly sensitive security breaches.

  • Facilitate and deliver appropriate security reporting across all levels of the organisation and customer base.

Educational

  • Responsible for the design delivery and evaluation of:

  • Technical Awareness Training

  • Board Awareness Training

  • Customer Organisation Awareness Training

  • Skills Development Network Workshops and Seminars

Areas covered within this training included Password Design and use, Account Safety, SPAM and Phishing awareness, Open WiFi safety, Dark Web overview.

  • Internal Staff Awareness of GRC principles and the interoperability of Governance Risk and Compliance.

Technical

  • Across THIS, CHFT and the wider customer base, responsibility for the design, maintenance, and monitoring of:

  • Corestream (GRC Business Assurance tool)

  • End-point protection

  • Email Protection

  • Encryption Technologies

  • Web Filtering

  • Application control

  • Data Leakage

  • Mobile Device Management

  • Vulnerability Testing

  • Penetration Testing

  • Phishing simulation campaigns

  • SIEM and logging systems

  • Cyber Incident Response

  • OWASP top 10 compliance analysis

  • Forensic Investigation/Breaches

Managerial Duties

  • Line manage a number of direct reports.

  • To ensure all direct reports have up to date PDRs and half yearly reviews carried out in line with relevant policy of the host.

  • To ensure that all direct reports have up to date Job Descriptions and Personal Specifications outlining the expectations of their role.

  • Apply and participate in effective performance review and personal development planning.

  • Apply all key employment policies and guidelines.

  • Minimise risk and maintain a healthy and safe working environment.

  • Contribute to and ensure the smooth running of the Health Informatics Service.

  • Support colleagues within the Health Informatics Service in achievement of their own and team objectives.

  • Keep up to date by developing a network of personal contacts.

Financial Duties

  • Ensure adherence to financial policy and practice.

  • Ensure adherence to quality control mechanisms.

  • Contribute to The Health Informatics Services service development and continuous improvement strategies as/where appropriate.

  • Ensure all mandatory requirements are delivered and ensure Health Informatics Service delivers best value.

  • Maintain budgetary controls.

Managing Self

  • Participate in regular supervision.

  • Attend all mandatory training.

  • Participate annually identifying, developing and agreeing your own development plan with your Line Manager using the Trust Appraisal.

  • Comply with all Trust policies, procedures and protocols.

  • Carry out duties with due regard to the Trusts Equal Opportunity Policy.

  • Seek advice and support from Line Manager whenever necessary.

  • Maintain professional conduct including appearance at all times.

  • Ensure maintenance of Professional Registration.

  • Willingness to work across a national footprint and throughout a multitype organisational customer base, including Primary and Secondary Care settings, Prisons, 3rd sector etc.

Job description

Job responsibilities

Please note: This role requires Security Check (SC) clearance. Candidates must already hold this clearance or be eligible to obtain it.

Applicants must either currently hold SC clearance or be eligible and willing to undergo the Security Check vetting process.

Due to the security-sensitive nature of this role, SC clearance is required.

Strategic

  • Formulate and implement the long term Cyber & IT Security Strategy and dependant Policies and Procedures, in line with THIS, CHFT, customer and national requirements

  • Formulate the Health Informatics Cyber & IT Security business plan

  • Scope, design and implement GRC Methodologies in conjunction with the DPO across all Trust departments

  • Design CITS policies in line with existing and upcoming nationally and locally mandated compliancy requirements

  • Support the senior leadership team to plan the long term development of The Health Informatics Service

  • Maintain all business level certifications/accreditations e.g. Cyber Essentials, IASME, IASME Gold, Relevant accreditations in line with DSP Toolkit.

Advisory

  • Provide advice, guidance and auditing regarding:

  • Audit and guide Business Asset Risk Assessments across the Trusts technical estate

  • ISO27001:2013

  • GDPR/NIS Regulation Technical requirements

  • Cyber Essentials Plus

  • Data Security and Protection Toolkit

  • Cyber Incident Response, including ability to host regional calls during outages/attacks/significant vulnerabilities

  • Designing and directing the internal CareCert implementation and response process across all technical teams

  • CareCert/NHS England alerts and evidential reports

  • Product and Service analysis pre-procurement

  • Lead on security analysis of products and services pre-implementation across a wide range of service users, including Financial, Clinical, and Operational systems

  • Compliance and Compensating control scoping and design

  • Advise the ISMS Group on technical aspects of Trust Risk

  • Tracking and reporting security performance in terms of finance, quality and key milestones to the Trust Board, ISMS Group, and GRC Governance Groups.

  • Internal Management process and change management security requirement

  • Advise all technical teams around mandatory actions (patching etc) as well as best practice

  • Provide technical and security guidance to Project Management Boards

  • Provide Technical Guidance to the Information Governance Team and DPO

  • Advise on Disciplinary cases of computer misuse

  • Investigate and report serious or highly sensitive security breaches.

  • Facilitate and deliver appropriate security reporting across all levels of the organisation and customer base.

Educational

  • Responsible for the design delivery and evaluation of:

  • Technical Awareness Training

  • Board Awareness Training

  • Customer Organisation Awareness Training

  • Skills Development Network Workshops and Seminars

Areas covered within this training included Password Design and use, Account Safety, SPAM and Phishing awareness, Open WiFi safety, Dark Web overview.

  • Internal Staff Awareness of GRC principles and the interoperability of Governance Risk and Compliance.

Technical

  • Across THIS, CHFT and the wider customer base, responsibility for the design, maintenance, and monitoring of:

  • Corestream (GRC Business Assurance tool)

  • End-point protection

  • Email Protection

  • Encryption Technologies

  • Web Filtering

  • Application control

  • Data Leakage

  • Mobile Device Management

  • Vulnerability Testing

  • Penetration Testing

  • Phishing simulation campaigns

  • SIEM and logging systems

  • Cyber Incident Response

  • OWASP top 10 compliance analysis

  • Forensic Investigation/Breaches

Managerial Duties

  • Line manage a number of direct reports.

  • To ensure all direct reports have up to date PDRs and half yearly reviews carried out in line with relevant policy of the host.

  • To ensure that all direct reports have up to date Job Descriptions and Personal Specifications outlining the expectations of their role.

  • Apply and participate in effective performance review and personal development planning.

  • Apply all key employment policies and guidelines.

  • Minimise risk and maintain a healthy and safe working environment.

  • Contribute to and ensure the smooth running of the Health Informatics Service.

  • Support colleagues within the Health Informatics Service in achievement of their own and team objectives.

  • Keep up to date by developing a network of personal contacts.

Financial Duties

  • Ensure adherence to financial policy and practice.

  • Ensure adherence to quality control mechanisms.

  • Contribute to The Health Informatics Services service development and continuous improvement strategies as/where appropriate.

  • Ensure all mandatory requirements are delivered and ensure Health Informatics Service delivers best value.

  • Maintain budgetary controls.

Managing Self

  • Participate in regular supervision.

  • Attend all mandatory training.

  • Participate annually identifying, developing and agreeing your own development plan with your Line Manager using the Trust Appraisal.

  • Comply with all Trust policies, procedures and protocols.

  • Carry out duties with due regard to the Trusts Equal Opportunity Policy.

  • Seek advice and support from Line Manager whenever necessary.

  • Maintain professional conduct including appearance at all times.

  • Ensure maintenance of Professional Registration.

  • Willingness to work across a national footprint and throughout a multitype organisational customer base, including Primary and Secondary Care settings, Prisons, 3rd sector etc.

Person Specification

QUALIFICATIONS / TRAINING

Essential

  • Degree standard or equivalent level of knowledge acquired through experience
  • Leadership/management qualification or relevant experience
  • Cyber Security Certification (e.g. C|EH, CISSP, HCISPP, CISA etc.)
  • ITIL Framework Qualification or equivalent level of knowledge acquired through experience
  • Professional Qualification in Governance Risk and Compliance (eg GRCP)
  • Evidence of continuing professional development
  • Willingness to undertake professional training relating to the role

Desirable

  • Forward planning to support your Personal/Professional Development Plan (PDP)

KNOWLEDGE, EXPERIENCE & EXPERTISE

Essential

  • A senior service delivery position within a large public/private sector organisation
  • Experience of working across a complex range of health or social care organisations
  • A substantial proven track record of IT Security; planning and implementation of multiple complex systems - gained from working in a range of organisations in an NHS setting
  • A demonstrable understanding of the principles of modernisation in the NHS, including experience around service improvement and re-design, monitoring change and facilitating staff in changing their working practices, CareCert, GDPR etc
  • An understanding of corporate governance and risk management systems and processes
  • Able to develop, put in place and oversee progress tracking and reporting mechanisms which mitigate and manage delivery and operational risks
  • Experience of benefits realisation
  • Budget management experience, utilising standard financial budgetary controls
  • Experience of Vulnerability testing methodologies
  • Experience of Pen Testing Methodologies
  • Experience in the use of an Enterprise level Security portfolio
  • In-depth professional knowledge of relevant IM&T developments and programmes within the NHS environment and beyond, including European wide Cyber related Law
  • In-depth professional knowledge of the National and Local NHS Digital Health agenda
  • Flexible approach to work self-motivated and able to work on own initiative with minimum supervision and be able to handle many different competing priorities at once
  • Excellent interpersonal skills. Able to effectively communicate with all levels of staff both verbally and in writing
  • Ability to work nationally (with occasional overnight stays).
  • Ability to work in various locations throughout the network of services provided by Calderdale and Huddersfield NHS Foundation Trust.
  • Able to fulfil the health requirements of the post as identified in the Job Description, taking into account any reasonable adjustments recommended by Occupational Health.
  • Ability to source, assimilate and analyse extremely complex data and information relating to wide range of services and translate into an easily understood format

Desirable

  • Experience of Firewall configuration and audit criteria
Person Specification

QUALIFICATIONS / TRAINING

Essential

  • Degree standard or equivalent level of knowledge acquired through experience
  • Leadership/management qualification or relevant experience
  • Cyber Security Certification (e.g. C|EH, CISSP, HCISPP, CISA etc.)
  • ITIL Framework Qualification or equivalent level of knowledge acquired through experience
  • Professional Qualification in Governance Risk and Compliance (eg GRCP)
  • Evidence of continuing professional development
  • Willingness to undertake professional training relating to the role

Desirable

  • Forward planning to support your Personal/Professional Development Plan (PDP)

KNOWLEDGE, EXPERIENCE & EXPERTISE

Essential

  • A senior service delivery position within a large public/private sector organisation
  • Experience of working across a complex range of health or social care organisations
  • A substantial proven track record of IT Security; planning and implementation of multiple complex systems - gained from working in a range of organisations in an NHS setting
  • A demonstrable understanding of the principles of modernisation in the NHS, including experience around service improvement and re-design, monitoring change and facilitating staff in changing their working practices, CareCert, GDPR etc
  • An understanding of corporate governance and risk management systems and processes
  • Able to develop, put in place and oversee progress tracking and reporting mechanisms which mitigate and manage delivery and operational risks
  • Experience of benefits realisation
  • Budget management experience, utilising standard financial budgetary controls
  • Experience of Vulnerability testing methodologies
  • Experience of Pen Testing Methodologies
  • Experience in the use of an Enterprise level Security portfolio
  • In-depth professional knowledge of relevant IM&T developments and programmes within the NHS environment and beyond, including European wide Cyber related Law
  • In-depth professional knowledge of the National and Local NHS Digital Health agenda
  • Flexible approach to work self-motivated and able to work on own initiative with minimum supervision and be able to handle many different competing priorities at once
  • Excellent interpersonal skills. Able to effectively communicate with all levels of staff both verbally and in writing
  • Ability to work nationally (with occasional overnight stays).
  • Ability to work in various locations throughout the network of services provided by Calderdale and Huddersfield NHS Foundation Trust.
  • Able to fulfil the health requirements of the post as identified in the Job Description, taking into account any reasonable adjustments recommended by Occupational Health.
  • Ability to source, assimilate and analyse extremely complex data and information relating to wide range of services and translate into an easily understood format

Desirable

  • Experience of Firewall configuration and audit criteria

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website (opens in a new window).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

UK Registration

Applicants must have current UK professional registration. For further information please see NHS Careers website (opens in a new window).

Employer details

Employer name

Calderdale and Huddersfield NHS Foundation Trust

Address

The Health Informatics Service

Unit 13, Ainley Industrial Estate, Ainley Bottom

Elland

HX5 9JP


Employer's website

https://www.cht.nhs.uk (Opens in a new tab)

Employer details

Employer name

Calderdale and Huddersfield NHS Foundation Trust

Address

The Health Informatics Service

Unit 13, Ainley Industrial Estate, Ainley Bottom

Elland

HX5 9JP


Employer's website

https://www.cht.nhs.uk (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Chief Technology Officer

Keith Redmond

Keith.redmond@this.nhs.uk

07717892542

Details

Date posted

08 October 2025

Pay scheme

Agenda for change

Band

Band 8b

Salary

Depending on experience per annum

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

372-THIS1377

Job locations

The Health Informatics Service

Unit 13, Ainley Industrial Estate, Ainley Bottom

Elland

HX5 9JP


Supporting documents

Privacy notice

Calderdale and Huddersfield NHS Foundation Trust's privacy notice (opens in a new tab)