Deputy Chief Digital Information Officer–Cyber & Information Security
Job summary
As a key member of the Group Digital Services Leadership Team, the Deputy Chief Digital Information Officer for Cyber & Information Security provides strategic leadership and executive assurance for cyber security, information security, and digital resilience across the hospital group.
The post holder will play a central role in delivering our vision of outstanding care, ensuring that digital services are secure, resilient, and trusted. They will enable safe and reliable care delivery by protecting critical systems and information, reducing cyber and information risk, and embedding security-by-design principles across digital transformation and operational services.
Operating in a complex and evolving threat landscape, the role will drive collaboration across clinical, operational, and digital teams to ensure cyber resilience supports care delivery in the right place, at the right time, and that the organisation meets national regulatory, assurance, and resilience expectations.
Main duties of the job
The Deputy Chief Digital Information Officer (Cyber & Information Security) will provide strategic leadership and operational oversight across the following core areas:
Cyber Security & Resilience
Lead the Group's cyber security and resilience strategy, providing executive oversight of threat management, incident response and recovery. Embed security-by-design and resilience-by-design principles across all digital services to support safe, reliable care.
Information Security & Assurance
Provide executive leadership for information security, ensuring compliance with NHS standards including DSPT and NIS Regulations. Oversee security architecture, access controls and third-party assurance across on-premise, cloud and managed services.
Governance, Risk & Compliance
Maintain effective cyber and information security governance, delivering clear assurance to the Board and Executive teams. Lead cyber risk management in line with corporate processes and represent the organisation in regional and national forums.
Strategic Leadership
Deputise for the Group Chief Digital Information Officer and work closely with Trust COOs and Executives to embed cyber resilience into operational decision-making. Shape Group and system-level cyber priorities aligned to organisational objectives and national guidance.
About us
St George's, Epsom and St Helier University Hospitals and Health Group cares for a population of four million people in South West London and North East Surrey.Our sites include St George's Hospital, one of 11 major trauma centres in the UK and the largest healthcare provider and major teaching hospital in the area; St Helier Hospital, home to the South West Thames Renal and Transplantation Unit and Queen Mary's Hospital for Children; and Epsom Hospital, home to the South West London Elective Orthopaedic Centre (SWLEOC).
After years of collaboration, our two Trusts became a hospitals group in 2021. While remaining as two separate Trusts, being a hospitals group will help us to collaborate more closely on research, and the development, education, and training of our 17,000-strong workforce.
At gesh we are committed to supporting flexible working arrangements. Applicants are encouraged to discuss any flexibility they may need during the recruitment process.
Job description
Job responsibilities
Cyber Security & Resilience
- Lead the development and delivery of the Groupwide cyber security and cyber resilience strategy.
- Provide executive oversight of cyber threat management, detection, response, and recovery arrangements.
- Ensure robust incident management, escalation and learning processes for cyber security events.
- Champion securitybydesign and resiliencebydesign principles across all digital programmes and services.
Information Security & Assurance
- Provide executive leadership for information security, ensuring the confidentiality, integrity and availability of data and systems.
- Assure compliance with NHS cyber and information security standards, including DSPT, NIS Regulations, and relevant national frameworks.
- Oversee technical security architecture, identity and access management, and security controls across onpremise, cloud and managed services.
- Lead assurance activity in relation to suppliers, shared services and thirdparty risk.
Governance, Risk & Compliance
- Establish and maintain effective cyber and information security governance arrangements across the Group.
- Provide clear, evidencebased assurance to the Board, Audit Committee and Executive colleagues.
- Lead cyber and information security risk management, ensuring alignment with corporate risk processes.
- Represent the organisation in regional and national cyber security and digital assurance forums.
Strategic Leadership & Relationships
- Act as a deputy to the Group Chief Digital Information Officer, including representing the Group in senior internal and external forums.
- Work in close partnership with Trust COOs and Executive leads to ensure cyber resilience is embedded into operational decisionmaking.
- Influence and shape Group, ICS and regional cyber security priorities through collaboration and leadership.
- Define, develop and embed the cyber and information security strategy, aligned to organisational objectives and national guidance.
Person Specification
Knowledge and Experience
- Director or similar role in an NHS organisation with track record for overseeing cyber security, information governance and digital assurance functions
- In-depth understanding of cyber security landscape inside and outside of the NHS, Strong grasp of data protection legislation, IG frameworks, and clinical safety requirements for digital systems
Skills and Abilities
- Highly developed communication skills with the ability to communicate and present on highly complex, sensitive and/or contentious matters and difficult situations
- Ability to persuade board and senior managers of the respective merits of different options, innovation and new market opportunities.
- Ability to develop, maintain and monitor information systems to support innovation initiatives
- Ability to make sound judgement in the absence of clear guidelines or precedent, seeking advice as necessary from more senior management when appropriate
- Leadership, vision, strategic thinking and planning with highly developed political skills
Values
- Demonstrates commitment to NHS and organisational values and behaviours
- Demonstrate commitment and role model behaviours and actions that support equality, diversity, belonging and inclusion
- Strong compassionate and inclusive leadership
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.
Employer details
Employer name
St George's University Hospitals NHS Foundation Trust
Address
St George's University Hospitals NHS Foundation Trust
Blackshaw Rd
London
SW17 0QT
Employer's website
https://www.stgeorges.nhs.uk/