Cyber Security Manager | Calderdale and Huddersfield NHS Foundation Trust
| Posting date: | 07 October 2025 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | £64,455 - £74,896 per annum |
| Hours: | Full time |
| Closing date: | 07 November 2025 |
| Location: | Elland, HX5 9JP |
| Company: | Calderdale & Huddersfield NHS Foundation Trust |
| Job type: | Permanent |
| Job reference: | 7522027/372-THIS1377 |
Summary
The Health Informatics Service(THIS), hosted byCalderdale and Huddersfield NHS Foundation Trust (CHFT),providesa broad range of IM&T services across many diverse customer organisations. Asignificantpart of this provisionreports to the Chief Technology Officer(whichaccompanyOperationalSupportand BusinessIntelligenceservices). These services are based around those functions that provide people, who have highly developed specialist knowledge,skillsand experience, allowing them tofacilitate, train, manage and advise acrossa whole rangeof IM&T related areas. TheCyber & IT Security Service (CITS)is one of these principal service areas.
The post holder will be a key member of theChief Technology Officers staffand have responsibility forleadingthe design,delivery and continuous improvement ofthe CITS service, ensuring thatthe strategic vision for the service is developed and delivered in line with mandated national policy and our internal Governance, Risk and Compliance (GRC) Framework.
Specifically, the post holder willdirect andsupport theOperational TechnicalManagerswith the implementation of the strategic vision forCyber & IT Security, across THIS, CHFT and the wider customer base, ensuring professionalisation and commercialisation are embedded as central values throughout all levels of the service.
1. To lead the development and to direct the implementation of the overall strategic vision of the CITS Service, including service/personnel development/improvement, professionalisation and commercialisation.
1. Lead on the development and implementation of the GRC Programme from a CITS perspective, ensuring all current and emerging national and locally mandated compliancy areas are encompassed (ISO27001:2013, Cyber Essentials Plus, NIS Regulation, GDPR, DATA Protection Act 2018, ENISA,DSPToolkit, OWASP top 10).
1. Lead on the strategic development of theTHIS Cyber Security Service.
1. Be responsible forremainingup to date on current security threats (threat actors/attack vectors) and ensure risk assessments are applied to promote mitigation.
1. Be responsible forthe research and evaluation of the latest Cyber Security, Information Security and IT Governance products and protocols.
1. Lead on the development and delivery of a range of Cyber & IT Security awareness sessions/workshops/presentations that will focus on improving cyber safety throughout the business, customer base and wider regional footprint.
1. Be responsible forthe management, development,supportand delivery of all CITS services delivered to both internal and externalcustomers.
1. To create and continually develop a structure that will consistently deliver excellent service and meet all customers’ requirements.
We employ more than 6,500 staff who deliver compassionate care from our two main hospitals, Calderdale Royal Hospital and Huddersfield Royal Infirmary as well as in community sites, health centres and in patients’ homes. We also are incredibly proud to have almost 150 volunteers here at CHFT.
We provide a range of services including urgent and emergency care; medical; surgical; maternity; gynaecology; critical care; children’s and young people’s services; end of life care and outpatient and diagnostic imaging services.
We provide community health services, including sexual health services in Calderdale from Calderdale Royal and local health centres. These include Todmorden Health Centre and Broad Street Plaza.
We continue to modernise and invest in our health services to build on our strong reputation. Foundation trusts are public leaders in improving quality in health services. They are part of the NHS – yet decisions about what they do and how they do it are driven by independent boards. Boards listen to their Council of Governors and respond to the needs of their members – patients, staff and the local community.
Foundation trusts provide what the health service wants, yet are also free to invest quickly in the changes to the local community needs, in striving to be the best, and in putting their patients first.
Please note: This role requires Security Check (SC) clearance. Candidates must already hold this clearance or be eligible to obtain it.
Applicants must either currently hold SC clearance or be eligible and willing to undergo the Security Check vetting process.
Due to the security-sensitive nature of this role, SC clearance is required.
Strategic
• Formulate and implement the long term Cyber & IT Security Strategy and dependant Policies and Procedures, in line with THIS, CHFT, customer and national requirements
• Formulate the Health Informatics Cyber & IT Security business plan
• Scope, design and implement GRC Methodologiesin conjunction with the DPOacross all Trust departments
• Design CITS policies in line with existing and upcoming nationally and locally mandated compliancy requirements
• Support the senior leadership team to plan thelong termdevelopment of The Health Informatics Service
• Maintain all business level certifications/accreditations –e.g.Cyber Essentials, IASME, IASME Gold, Relevant accreditations in line with DSP Toolkit.
Advisory
• Provide advice, guidance and auditing regarding:
• Audit and guide Business Asset Risk Assessments across the Trusts technical estate
• ISO27001:2013
• GDPR/NIS Regulation Technical requirements
• Cyber Essentials Plus
• Data Security and Protection Toolkit
• Cyber Incident Response, including ability to host regional calls during outages/attacks/significant vulnerabilities
• Designing and directing the internalCareCertimplementation and response process across all technical teams
• CareCert/NHS England alerts and evidential reports
• Product and Service analysis pre-procurement
• Lead on security analysis of products and services pre-implementation across a wide range of service users, including Financial, Clinical, and Operational systems
• Compliance and Compensating control scoping and design
• Advisethe ISMS Group on technical aspects of Trust Risk
• Adviseall technical teams around mandatory actions (patching etc) as well as best practice
• Provide Technical Guidance to the Information Governance Team and DPO
• Advise on Disciplinary cases of computer misuse
• Investigate and report serious orhighly sensitivesecurity breaches.
• Facilitate and deliverappropriate securityreporting across all levels of the organisation and customer base.
Educational
• Responsible for the design delivery and evaluation of:
• Technical Awareness Training
• Board Awareness Training
• Customer Organisation Awareness Training
• Skills Development Network Workshops and Seminars
Area’scovered within this training included Password Design and use, Account Safety, SPAM and Phishing awareness, OpenWiFisafety, Dark Web overview.
• Internal Staff Awareness of GRC principles and the interoperability of Governance Risk and Compliance.
Technical
Across THIS, CHFT and the wider customer base, responsibilityfor the design, maintenance, and monitoring of:
• Corestream(GRC Business Assurance tool)
• End-point protection
• Email Protection
• Encryption Technologies
• Web Filtering
• Application control
• Data Leakage
• Mobile Device Management
• Vulnerability Testing
• Penetration Testing
• Phishing simulation campaigns
• SIEM and logging systems
• Cyber Incident Response
• OWASPtop 10 compliance analysis
• Forensic Investigation/Breaches
Managerial Duties
Please see job description for full details of responsibilities
This advert closes on Wednesday 15 Oct 2025