NHS
Go back Gloucestershire Hospitals NHS Foundation Trust
Head of Cyber, Band 8b The closing date is 11 January 2026
The Head of Cyber Security is the expert responsible for protecting the confidentiality, integrity and availability of digital services and patient information across acute, community, mental health and primary care partners; our Gloucestershire Integrated Care System (ICS). Protecting our staff, systems and safeguarding our patient data from harm by ensuring technology and information that underpins patient care remains safe, available and trustworthy is of utmost importance and key in enabling delivery of safe patient care by our 15,000+ staff with confidence, transparency and compliance.
The post holder will provide strategic and operational leadership of the Cyber Security Team and acts as the expert adviser to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committees on all cyber-security matters, working closely with the Information Governance lead and DPO.
They ensure compliance with the Data Security and Protection Toolkit (DSPT) aligned with the Cyber Assessment Framework (CAF) and delivery of the NHS Cyber Security Strategy to 2030 and full participation in the regional "Defend as One" model.
The proposed interview date is: 20th January
Main duties of the job The role combines governance, assurance and hands‑on leadership of proactive and preventative tactics, threat intelligence, incident response, vulnerability management, strategy and cultural change to build cyber resilience across the Integrated Care System (ICS.
They will have a proven track record of managing and improving cyber resilience within large, complex or multi‑organisation environments; ideally within the NHS or wider public sector. They will possess deep technical and governance expertise across areas such as threat detection, vulnerability management and incident response, with the ability to translate complex technical risk into clear, articulate, actionable information for senior executives and boards with assurance and confidence.
They will demonstrate a thorough understanding of national and international cyber standards, including the Cyber Assessment Framework (CAF), Data Security and Protection Toolkit (DSPT), ISO 27001, and the NHS Cyber Security Strategy to 2030. Experience of successfully leading cyber compliance programmes, external audits and penetration‑testing remediation is essential, alongside a strong grasp of modern tooling such as MS Defender for Endpoint, Sentinel, SIEM and vulnerability‑scanning and asset management platforms.
The successful candidate will bring experience in leading multidisciplinary cyber teams, developing capability through mentoring and training and fostering an open culture of shared responsibility for cyber security.
About us We take pride in placing people at the centre of everything we do, working together as a united team. Driven by a shared ambition to continually grow, develop, and learn, we recognise and value every contribution. By combining our experience and skills, we not only support our vibrant, diverse communities, but also support one another.
With a team of over 9,000 employees, we are proud to be the largest employer in Gloucestershire and rank among the top 10 largest Trusts in the South West region. By joining our Trust, you will benefit from an excellent package that includes exclusive benefits, flexible working opportunities and the chance to gain valuable experience in one or both of our innovative hospitals.
As well as generous annual leave allowance, you will have access to the excellent NHS pension scheme, competitive bank rates, discounts at local shops and restaurants, access to two on‑site nurseries, discounted public transport, reward and recognition and a range of health and wellbeing initiatives to support you.
Job responsibilities Strategic Leadership - Act as the senior specialist for cyber security across the entire integrated care system, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan.
- Act as the primary countywide interface with NHS England CSOC, regional cyber leads, and law enforcement, facilitating threat intelligence sharing and collective defense initiatives across the IC. (etc.)
Risk and Compliance - Own and maintain the Cyber Risk Register, consolidating Trust‑ and IC‑level risks and ensuring appropriate mitigations and assurance evidence.
- Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses, and internal audits to DSPT objectives. (etc.)
Policy and Governance - Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third‑party assurance.
- Provide governance reporting to the Digital Board Committee, Audit Committee and IC Cyber Operations Group. (etc.)
People and Culture - Inspire, mentor and develop team members, supporting attainment of professional certifications.
- Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns. (etc.)
Professional Development, Education and Training - Maintain expert awareness of national policy and technical trends, ensuring skills remain current.
- Undertake continuing professional development and contribute to the learning of others.
Planning and Organisation - Develop annual cyber workplans with measurable objectives, milestones and KPIs. (etc.)
Research and Development - Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security, and IoMT protection. (etc.)
Communications and Working Relationships - Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and IC partners. (etc.)
Person Specification Qualifications & Training
Degree in Information Security, Computer Science or related discipline, or equivalent experience.
Professional security certification (CISSP, CISM, CIS MP, CCSP).
Practitioner‑level qualification in Risk Management (MoR) or equivalent experience.
Evidence of continuing professional development relevant to cyber leadership.
ITIL v4 Foundation or higher
FEDIP Practitioner or equivalent professional registration
Change, Deployment and Release Management training or experience
Experience
Significant experience leading a cyber or information security function in a large, complex or regulated organisation.
Demonstrable experience delivering Cyber Assurance Framework and Data Security Protection Toolkit assurance, including evidence gathering and remediation planning.
Experience leading incident response, including major cyber events and multi‑agency or cross‑organisational coordination.
Experience managing SIEM platforms, security monitoring or SOC environments.
Experience developing and delivering cyber strategies, programmes and roadmaps.
Strong track record of supplier assurance, contract cyber compliance and third‑party risk management
Experience producing training, SOPs and cyber playbooks.
Experience within the NHS, Integrated Care Systems or wider public sector.
Experience implementing Zero Trust approaches, identity modernisation or endpoint/server security uplift programmes
Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer name Gloucestershire Hospitals NHS Foundation Trust
£64,455 to £74,896 a year(pa pro rata if part‑time)
#J-18808-Ljbffr
Head of Cyber, Band 8b The closing date is 11 January 2026
The Head of Cyber Security is the expert responsible for protecting the confidentiality, integrity and availability of digital services and patient information across acute, community, mental health and primary care partners; our Gloucestershire Integrated Care System (ICS). Protecting our staff, systems and safeguarding our patient data from harm by ensuring technology and information that underpins patient care remains safe, available and trustworthy is of utmost importance and key in enabling delivery of safe patient care by our 15,000+ staff with confidence, transparency and compliance.
The post holder will provide strategic and operational leadership of the Cyber Security Team and acts as the expert adviser to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committees on all cyber-security matters, working closely with the Information Governance lead and DPO.
They ensure compliance with the Data Security and Protection Toolkit (DSPT) aligned with the Cyber Assessment Framework (CAF) and delivery of the NHS Cyber Security Strategy to 2030 and full participation in the regional "Defend as One" model.
The proposed interview date is: 20th January
Main duties of the job The role combines governance, assurance and hands‑on leadership of proactive and preventative tactics, threat intelligence, incident response, vulnerability management, strategy and cultural change to build cyber resilience across the Integrated Care System (ICS.
They will have a proven track record of managing and improving cyber resilience within large, complex or multi‑organisation environments; ideally within the NHS or wider public sector. They will possess deep technical and governance expertise across areas such as threat detection, vulnerability management and incident response, with the ability to translate complex technical risk into clear, articulate, actionable information for senior executives and boards with assurance and confidence.
They will demonstrate a thorough understanding of national and international cyber standards, including the Cyber Assessment Framework (CAF), Data Security and Protection Toolkit (DSPT), ISO 27001, and the NHS Cyber Security Strategy to 2030. Experience of successfully leading cyber compliance programmes, external audits and penetration‑testing remediation is essential, alongside a strong grasp of modern tooling such as MS Defender for Endpoint, Sentinel, SIEM and vulnerability‑scanning and asset management platforms.
The successful candidate will bring experience in leading multidisciplinary cyber teams, developing capability through mentoring and training and fostering an open culture of shared responsibility for cyber security.
About us We take pride in placing people at the centre of everything we do, working together as a united team. Driven by a shared ambition to continually grow, develop, and learn, we recognise and value every contribution. By combining our experience and skills, we not only support our vibrant, diverse communities, but also support one another.
With a team of over 9,000 employees, we are proud to be the largest employer in Gloucestershire and rank among the top 10 largest Trusts in the South West region. By joining our Trust, you will benefit from an excellent package that includes exclusive benefits, flexible working opportunities and the chance to gain valuable experience in one or both of our innovative hospitals.
As well as generous annual leave allowance, you will have access to the excellent NHS pension scheme, competitive bank rates, discounts at local shops and restaurants, access to two on‑site nurseries, discounted public transport, reward and recognition and a range of health and wellbeing initiatives to support you.
Job responsibilities Strategic Leadership - Act as the senior specialist for cyber security across the entire integrated care system, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan.
- Act as the primary countywide interface with NHS England CSOC, regional cyber leads, and law enforcement, facilitating threat intelligence sharing and collective defense initiatives across the IC. (etc.)
Risk and Compliance - Own and maintain the Cyber Risk Register, consolidating Trust‑ and IC‑level risks and ensuring appropriate mitigations and assurance evidence.
- Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses, and internal audits to DSPT objectives. (etc.)
Policy and Governance - Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third‑party assurance.
- Provide governance reporting to the Digital Board Committee, Audit Committee and IC Cyber Operations Group. (etc.)
People and Culture - Inspire, mentor and develop team members, supporting attainment of professional certifications.
- Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns. (etc.)
Professional Development, Education and Training - Maintain expert awareness of national policy and technical trends, ensuring skills remain current.
- Undertake continuing professional development and contribute to the learning of others.
Planning and Organisation - Develop annual cyber workplans with measurable objectives, milestones and KPIs. (etc.)
Research and Development - Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security, and IoMT protection. (etc.)
Communications and Working Relationships - Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and IC partners. (etc.)
Person Specification Qualifications & Training
Degree in Information Security, Computer Science or related discipline, or equivalent experience.
Professional security certification (CISSP, CISM, CIS MP, CCSP).
Practitioner‑level qualification in Risk Management (MoR) or equivalent experience.
Evidence of continuing professional development relevant to cyber leadership.
ITIL v4 Foundation or higher
FEDIP Practitioner or equivalent professional registration
Change, Deployment and Release Management training or experience
Experience
Significant experience leading a cyber or information security function in a large, complex or regulated organisation.
Demonstrable experience delivering Cyber Assurance Framework and Data Security Protection Toolkit assurance, including evidence gathering and remediation planning.
Experience leading incident response, including major cyber events and multi‑agency or cross‑organisational coordination.
Experience managing SIEM platforms, security monitoring or SOC environments.
Experience developing and delivering cyber strategies, programmes and roadmaps.
Strong track record of supplier assurance, contract cyber compliance and third‑party risk management
Experience producing training, SOPs and cyber playbooks.
Experience within the NHS, Integrated Care Systems or wider public sector.
Experience implementing Zero Trust approaches, identity modernisation or endpoint/server security uplift programmes
Disclosure and Barring Service Check This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer name Gloucestershire Hospitals NHS Foundation Trust
£64,455 to £74,896 a year(pa pro rata if part‑time)
#J-18808-Ljbffr