Cyber Security Lead

Job summary

Cyber Operations purpose is to support safe care and build public trust by building NHS England's cyber resilience and enabling the wider health system to be cyber resilient, supporting Transformation Directorate's purpose of delivering the best care and outcomes for the NHS.

The Cyber Operations sub-directorate consists of 4 operational areas: Cyber Operations Services (COS), Cyber Delivery, Cyber Improvement and Chief Information Security Officer (CISO). This role sits within the COS team of which SIO is a function within that team.

Service Integration and Ownership (SIO) is primarily external facing, manging the portfolio of Cyber Services to the NHS System to support them in managing cyber risk and resilience which underpin the delivery of patient services and outcomes.

Services we provide include Secure Boundary, Vulnerability management, Cyber security ratings service and the Data Security and Protection Toolkit.

Consistent, efficient, proportionate security risk management is best achieved by a blend of centralised advice, control and security services blended with individual security responsibility and actions. We support the NHS system and owners of security risk keep their services secure, deliver managed security services to the system, filling the gaps where secure design & operation or other constraints fail to deliver proportionate security across the system.

Main duties of the job

The Security Lead is focussed on system / service wide assurance to organisations to assess and ensure that they are managing their risks, practising good data security and that prescribed standards and compliance regimes are adhered to appropriately.

As a Security Lead you will:

• Have a good understanding of information security / governance frameworks / Security operations.
• Have a good understanding of the end-to-end management and enhancement of services, including management of 3rd party providers
• Manage and support a subset of the portfolio of cyber services delivered by the SIO team to the wider NHS and their interfaces with dependent parties and operational processes
• Detailed understanding of what constitutes good and poor cyber hygiene.
• A good understanding of the health and care system in England
• The ability to communicate complex concepts to audience that have limited knowledge of cyber security.
• Be able to influence organisations in improving their cyber posture whilst maximising the value from central services

The role will also be required to manage members of the team, ensuring they deliver on team objectives and promote their personal development ambitions.

About us

NHS England has a wide range of statutory functions, responsibilities and regulatory powers. These are focused on supporting the wider NHS to deliver high quality care, as well as doing those things that are best done once for the whole NHS.

Our staff bring expertise across clinical, operational, commissioning, technology, data science, cyber security, software engineering, education, and commercial specialisms -- enabling us to design and deliver high-quality NHS services.

In March 2025, the Government announced that NHS England and the Department of Health and Social Care will increasingly merge functions, ultimately leading to NHS England being fully integrated into the department.

If you currently work within the NHS and if successful at interview, we will initiate an Inter Authority Transfer (IAT) via the Electronic Staff Record (ESR).This retrieves key data from your current or previous NHS employer to support onboarding, including competency status, Continuous Service Dates (CSD), and annual leave entitlement. You may opt out at any stage of the process.

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in our offices.

Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.

We cannot offer visa sponsorship for any vacancies.