Head of Cyber, Band 8b
| Posting date: | 17 December 2025 |
|---|---|
| Salary: | £64,455.00 to £74,896.00 per year |
| Additional salary information: | £64455.00 - £74896.00 a year |
| Hours: | Full time |
| Closing date: | 11 January 2026 |
| Location: | Gloucester, GL1 2EL |
| Company: | NHS Jobs |
| Job type: | Permanent |
| Job reference: | C9318-25-0978 |
Summary
Strategic Leadership - Act as the senior specialist for cyber security across the ICS, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan. - Act as the primary countywide interface with NHS Englands CSOC, regional cyber leads, and law enforcement. Facilitate threat intelligence sharing and collective defense initiatives across the ICS. - Track and report key cyber resilience indicators, including MDE and BitSight scores, vulnerability closure rates, CAF maturity levels, and CareCERT compliance metrics. Use data trends to inform Board-level assurance and investment priorities. - Provide expert assurance to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committee on cyber risks, controls and maturity. - Lead local adoption of NHS Englands Defend as One principles, ensuring collaboration on shared tooling, intelligence and incident coordination. - Represent the Trust and ICS on regional and national cyber forums, ensuring alignment with NCSC, NHS England Cyber Operations Centre (CSOC) and DHSC guidance. - Lead and develop the Cyber Security Team to deliver proactive monitoring, detection, response and continuous improvement. - Act as the senior technical authority for cyber incident response, providing Tier 3 escalation and decision-making oversight during major incidents.Oversee coordination between local and national CSOC functions, ensuring event data are triaged, correlated, and acted upon efficiently. - Oversee the countywide security tooling stack ensuring optimal configuration and utilisation. - Manage day-to-day cyber operations, including vulnerability management, penetration-testing remediation, phishing simulations and user awareness campaigns. - Maintain robust incident-response plans compliant with Data Security Protection Toolkit and NCSC guidance, ensuring all major incidents are logged, triaged and reported within mandated timescales. - Coordinate technical response during cyber events, acting as joint Incident Manager and providing senior briefings, root cause analysis and lessons-learned reports. Risk and Compliance - Own and maintain the Cyber Risk Register, consolidating Trust- and ICS-level risks and ensuring appropriate mitigations and assurance evidence. - Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses, and internal audits to DSPT objectives. - Maintain oversight of all open cyber audit actions, ensuring timely closure and evidence of improvement. - Deliver the DSPT to Standards Met or higher, embedding continual improvement reviews throughout the year. - Monitor CareCERT/NHS Cyber Alerts and ensure all critical vulnerabilities are triaged within 48 hours and resolved within 14 days. - Oversee removal or mitigation of End-of-Life systems to maintain 95 % supported infrastructure. - Promote sustainable cyber operations by adopting energy-efficient hardware lifecycle management and secure and responsible asset disposal to reduce carbon footprint. - Ensure all new digital procurements and cloud deployments include security-by-design and supplier-assurance controls. Policy and Governance - Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third-party assurance. - Provide governance reporting to the Digital Board Committee, Audit Committee and ICS Cyber Operations Group. - Liaise with Information Governance and Data Protection Officer to ensure alignment between IG and Cyber requirements. - Work closely with Information Asset Owners and Administrators to ensure security controls, DPIAs, and mitigations are documented and reviewed. - Ensure all system changes or procurements undergo proportionate cyber risk assessment and IG consultation. People and Culture - Inspire, mentor and develop team members, supporting attainment of professional certifications (CISSP, CISM, NHS Cyber Academy). - Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns. - Act as Subject Matter Expert to advise managers, IAOs and project teams on secure-by-design principles. - Manage the cyber-security budget, ensuring effective investment and demonstrable value for money. - Oversee contracts for penetration testing, secure disposal and software licensing within standing financial instructions. - Prepare business cases for cyber-tooling, ensuring sustainability and cost-effectiveness. - Professional Development, Education and Training - Maintain expert awareness of national policy and technical trends, ensuring skills remain current. - Undertake continuing professional development and contribute to the learning of others. Planning and Organisation - Develop annual cyber workplans with measurable objectives, milestones and KPIs.Coordinate multi-organisation programmes, including CAF reviews, Windows 11 migration, and SOC development. - Contribute to digital business-continuity and disaster-recovery planning and exercises. Research and Development - Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security, and IoMT protection. - Evaluate new technologies through proof-of-concept pilots and cost-benefit analysis. - Benchmark performance against national metrics (e.g. MDE, BitSight, Cyber Maturity Model). Communications and Working Relationships - Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and ICS partners. - Liaise with NHS England Cyber Operations Centre, Regional Cyber Leads, Police Cyber Unit, and NCSC. - Communicate complex, sensitive and sometimes contentious security information to senior leaders and technical staff clearly and confidently.