Information Security Lead
Job summary
We are seeking a skilled and motivated Information Security Lead to support the strategic and operational delivery of information security and infrastructure controls across our digital estate. Reporting to the Head of Information Security and Enterprise Architecture, this role is responsible for driving compliance with cyber and data protection standards (including DSPT, CE+, and CAF), supporting the secure delivery of IT services, and embedding robust security practices across business-as-usual operations and new service transitions.
Working within the Information Security and Architecture team, the postholder will serve as a senior technical lead across key domains, including cyber assurance, infrastructure security, policy development, and risk mitigation. You will collaborate with technical teams, service management, suppliers, and transformation programmes to deliver a resilient and secure digital environment.
This role is ideal for a technically capable security practitioner or infrastructure expert looking to influence organisation-wide practices while supporting the Head of Information Security in delivering a future-ready, compliant, and secure service model.
Base: This is a remote working role with occasional requirements to attend the head office in Runcorn.
Main duties of the job
- Support the design, delivery, and monitoring of secure infrastructure services across cloud, on-premises, and hybrid environments.
- Ensure that security controls are applied consistently across networks, servers, endpoints, and backup environments (including Acronis and Barracuda solutions).
- Support the implementation of technical standards and frameworks aligned with NHS DSPT, Cyber Essentials Plus (CE+), and the Cyber Assessment Framework (CAF).
- Collaborate with the Infrastructure and Service Operations teams to deliver secure-by-design solutions.
- Assist in maintaining the Information Security Management System (ISMS), policies, procedures, and risk registers.
- Contribute to internal and external security audits, assessments, and evidence gathering.
- Monitor and report on compliance status, raising risks and recommending mitigations where appropriate.
- Deliver technical security input into supplier reviews, contract renewals, and new technology onboarding.
Please see the job description attached for a full list of responsibilities.
About us
About the Company
We change lives by transforming health and care.
Established in 2006, we are one of the UKs leading independent providers of community health and care services, working with health and care commissioners and communities to transform services with a focus on experience, efficiency and improved outcomes. We deliver and transform adult and children community health services, primary care services including urgent care, sexual health, dermatology and MSK services as well as adult social care and wellbeing services.Across England, we support communities of many millions and directly help more than half a million people each year - guided by our simple values: we care, we think, we do.
Were committed to equal opportunities and welcome applications from a broad, diverse range of people who want to join our team. Were a Disability Confident Committed company, so we work to provide facilities, work environment adjustments and technical solutions to be as inclusive of everyone.
While it doesnt happen often, sometimes a role is very popular, and well need to close it earlier than the date weve shown here. If youre keen to join our team, wed love to hear from you so please apply as soon as you can.
To find out more about HCRG Care Group, please visit https://www.hcrgcaregroup.com/about-us-2
Job description
Job responsibilities
- Strong understanding of information and cyber security principles, including access controls, network security, encryption, endpoint protection, and vulnerability management.
- Practical experience supporting compliance with regulatory and best practice frameworks, including:
- Data Security and Protection Toolkit (DSPT)
- Cyber Essentials Plus (CE+)
- Cyber Assessment Framework (CAF)orISO 27001
- Ability to assess security risks, develop mitigation plans, and communicate recommendations to technical and non-technical audiences.
- Familiarity with NHS and public sector data protection responsibilities (e.g. NHS Data Security Standards, GDPR, DSP roles).
- Experience participating in security incident response, post-incident reviews, and technical root cause analysis.
- Knowledge of identity and access management, security logging/monitoring, and asset/information classification.
- Strong documentation skills able to produce policies, procedures, risk registers, and audit evidence clearly and accurately.
- Experience collaborating with Infrastructure, Digital Transformation, and Service Operations teams to embed secure-by-design principles.
- Confident in engaging with external auditors, suppliers, and governance bodies to represent the organisations security posture.
Desirable:
- Exposure to private cloud environments and related security tooling.
- Experience in security toolsets such as antivirus/EDR, vulnerability scanners, SIEM, or MDM solutions.
- Relevant industry qualifications (e.g. CompTIA Security+, SSCP, CISSP Associate, ISO 27001 Lead Implementer).
- Knowledge of backup and DR security principles (experience with Acronis, Barracuda, or equivalent welcome).
As an Information Security Lead youll be part of our valued team at HCRG Care Group.
You will feel valued as anInformation Security Leadwithin HCRG Care Group, receiving access to exclusive rewards and benefits including:
- £45,000 - £55,000 with group pension
- Private medical insurance with fast access to the most used specialists including for musculoskeletal problems and for mental health support at locations across the country
- Free tea, coffee and milk at your base location in Runcorn
- Membership of My Reward Hub, giving you access to discounts on every day purchases like grocery shopping as well as cashback and voucher offers for treats for you and those special to you
- Access to your wages as you earn them to help cover lifes emergencies and avoid overdraft fees or high interest rates
- Online and face to face help with your mental and physical wellbeing from healthy recipes and activity challenges through to post trauma support, legal, debt and life management help, as well career coaching and counselling
- Access to eLearning, bespoke career pathways and opportunities for continuing professional development through our Outstanding learning and development team, The Learning Enterprise
- An open, just culture where youre encouraged to have and implement ideas which can help us deliver our purpose: changing lives through transforming health and care backed up by at least £100,000 of ringfenced innovation funding each year
- The pride of working for an organisation committed to the highest clinical and quality standards: with the majority of our rated services holding good or outstanding ratings from the Care Quality Commission
Person Specification
General Requirements
- Click Apply for this job above to view the Job Description on our career site
- Click Apply for this job above to view the Job Description on our career site
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer details
Employer name
HCRG Care Group
Address
HCRG Care Group
Runcorn
Cheshire
WA7 4QX
Employer's website
https://www.hcrgcaregroup.com/
- Company
- HCRG Care Group
- Location
- Runcorn, United Kingdom WA7 4QX
Hybrid / WFH Options - Employment Type
- Permanent
- Salary
- £45000.00 - £55000.00 a year
- Posted
- Company
- HCRG Care Group
- Location
- Runcorn, United Kingdom WA7 4QX
Hybrid / WFH Options - Employment Type
- Permanent
- Salary
- £45000.00 - £55000.00 a year
- Posted