Policy Lead | NHS England

Posting date:	05 May 2026
Salary:	Not specified
Additional salary information:	£79,504 - £91,609 per annum (exclusive of London weighting)
Hours:	Full time
Closing date:	04 June 2026
Location:	Nationally, LS1 4AP
Company:	NHS England
Job type:	Permanent
Job reference:	7977212/990-TDD-DPU-EC2135-E

Summary

The role sits within the Joint Cyber Unit (JCU) a collaboration between the Department of Health and Social Care (DHSC) and NHS England (NHSE).

The JCU is embedded within the Digital Policy Unit (DPU), a unit comprising both DHSC staff and NHSE staff intended to design, plan and build a digitally enabled, data driven and safe health and social care system with ministers and the NHS.

The purpose of the JCU is toset develop and implements strategy,policy and standards for cyber security across the NHS and Adult Social Care in England. It has responsibility for designing, implementing and the ongoing assurance of the cyber security system risk management and compliance framework in place across the wider health and care system, as well as simplifying and transforming information governance.

As part of a joint unit with DHSC and working closely in tandem with both NHS Digital and the National Cyber Security Centre the wider team has accountability to Ministers and Parliament as well as responsibility for delivery of managed cyber security services to the system.

This role is part of theCyber Policy Projects and Delivery Function which holds the strategic narrative for cyber across the system, stewarding the implementation of the strategy and developing policy in response to specific risks and issues.

It supports work across all five of the pillars of the strategy, directly feeding into delivery of the directorate’s high-level objective to ‘drive the implementation of the health and care sector cybersecurity strategy objectives to meet a stated roadmap/timeline 2023-2030.

As aCyber Policy Lead, the post holder will work to the Head ofCyber Policy Projects and Deliveryto support the implementation of the health and care sector cybersecurity strategy objectives to meet a stated roadmap/timeline 2023-2030.The role will also cover other areas to flex to meet ministerial needs.

The post holder will be an experienced cyber policy maker, committed to working in the open and putting user experience at the heart of policy design, the post holder will need to have experience of working with Ministers, senior stakeholders in government and across the NHS and the broader digital, tech and innovation communities.

The NHS England board have set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all, which will inform the detailed design work and we will achieve this purpose by:
• Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities.
• Making the NHS a great place to work, where our people can make a difference and achieve their potential.
• Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care
• Optimising the use of digital technology, research, and innovation
• Delivering value for money.

If you would like to know more or require further information, please visit https://www.england.nhs.uk/.

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person.

Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.

NHS England hold a Sponsor Licence; this means that we may be able to sponsor you providing the Home Office requirements are met. To be eligible for sponsorship through the Skilled Worker route you’ll usually need to be paid the ‘standard’ salary rate of at least £38,700 per year, or the ‘going rate’ for your job, whichever is higher. You can find more information on theGovernment website.

The post holder will support the Head of Cyber Policy Projects and Delivery in their working with project teams within the Transformation Directorate and beyond to ensure there is a cohesive approach to how cyber tools and technology are deployed in the NHS including local capacity, commercial routes and the right regulatory framework.

Key Functional Responsibilities of Role
• Lead policy development teams alongside senior cross-government decision makers to embed secure development life cycle and security awareness, and ensure appropriate tools and skills exist
• Lead projects with high strategic impact, setting a strategy that can be used in the long term and across the organisation and wider health and care system
• Recommend security design across several projects or technologies, up to an organisational or inter-organisational level, solving unprecedented issues and problems
• Work with the existing Data Security and Protection Toolkit (DSPT) technical lead to ensure continuity of DSPT policy ownership as the scope of the tool evolves during the implementation of the Cyber Assessment Framework and its ingestion of data expands.
• Take specific ownership of the DSPT as a wider strategic tool for advancing cyber resilience including in supply chain, wider parts of the sector beyond secondary care

Please see Job Description for further information on the role.

Important: Please be aware there are residency requirements you need to meet:

All NHS England Cyber Security personnel must hold security clearance SC level as a minimum.

To meet National Security Vetting requirements, you must have resided in the UK for a minimum of 3 out of the past 5 years for SC clearance. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role will still be considered.

Please make sure you meet these requirements before applying for this role. You don’t need to have SC already, however, failure to achieve the requirements for SC after offer will result in the job offer being withdrawn.


This advert closes on Tuesday 19 May 2026