Trac proudly powers the recruitment for

NHS England

About

NHS England leads the NHS in England to deliver high quality care for all. We support NHS organisations to deliver better outcomes for our patients and communities, work to get the best possible value for taxpayers, and drive improvement across the NHS.

Through our seven regional teams, NHS England supports local integrated care systems, made up of public services that provide health and care – NHS organisations, primary care professionals, local councils, social care providers and the community, voluntary and social enterprise sector – to improve the health of the population, improve the quality of care, tackle inequalities and deliver care more efficiently.

Contact

Address
Wellington House
133-155 Waterloo Road
London
SE1 8UG
Contact Number
0300 330 1369

Find out more

Jobs Website
Open
Ref: 990-TD-DPU-16847-16849-E Vacancy ID: 7403820

Health & Care System Cyber Security Compliance Lead - Joint Cyber Unit

Accepting applications until: 08-Oct-2025 23:59

Open

Accepting applications until: 08-Oct-2025 23:59

Location

Wellington Place/ Wellington House
Leeds / London
LS1 4AP
West Yorkshire

Contract type & working pattern

Fixed term: 11 months (until 30 September 2026 - Secondment only for current NHS employees)
Full time - 37.5 hours per week

Salary

£100,054.50 - £115,286.60 per annum (inclusive of 30% RRP): exclusive of London Weighting
Yearly

(NHS AfC: Band 8c)

Specialty

Cyber Security
Interview date
13/10/2025

Our Organisation

The NHS is building a culture that is positive, compassionate and inclusive – and we all have our part to play.

As employers we are committed to protecting and promoting the physical and mental health and wellbeing of all our colleagues. This underpins our values as set out in the NHS Constitution and supports us to be an Employer of Choice, while helping our colleagues to deliver high quality services for our patients and communities.

As a flexible employer, we want to support you to work in a way that is best for the NHS, our patients and you. Talk to us about how we might be able to accommodate a flexible working arrangement whether that’s a job share, part time, hybrid working or another flexible pattern. In addition, although the role advertised may have a ‘home’ office base indicated, we remain committed to supporting flexibility around workplace locations. If it works for the service, we will do our best to make it work for you.

We are an accredited Living Wage Employer which means that every colleague working for our organisation and third-party contractors will earn a real Living Wage.  We are one of over 15,000 organisations, who voluntarily chose to pay the real Living Wage.

Job overview

The Joint Cyber Unit (JCU) is a collaboration between the Department of Health and Social Care (DHSC) and NHS England (NHSE). The JCU is embedded within the Digital Policy Unit (DPU), a unit comprising both DHSC staff and NHSE staff intended to design, plan and build a digitally enabled, data driven and safe health and social care system with ministers and the NHS.

The purpose of the JCU is to provide strategic leadership in cyber security across the health and care sector, assure the cyber security of the sector, act as system stewards to improve cyber resilience across the health and care system and to provide advice which empowers health and care staff to share information appropriately and securely to deliver care.

 The JCU is comprised of two divisions:

  • Governance, Risk and Compliance – cyber and information governance, system engagement, system compliance, system supply chain, system risk management and internal JCU business operations.
  • Strategy and Policy – development and implementation of national strategy, policy and regulation.

The purpose of the Compliance and Engagement team is to monitor performance and assess the cyber security compliance of organisations across the Health and Care landscape, identifying where organisations need more support through providing evidence-based confidence in the effectiveness of cyber security controls, processes and systems. 

Advert

  • Evaluating compliance against statutory, regulatory and NHS requirements such as Data Security and Protection Toolkit (DSPT), Network and Information Systems (NIS) Regulations and national security policies.
  • Engaging with the NHSE regional cyber leads to understand drivers, blockers and emerging incidents related to cyber security.
  • Developing strategies and supports Board level decision making by presenting findings aligned to business risk and impact.
  • Developing strategies to support remediation work across the health and care system supporting organisations to improve their cyber security maturity.
  • Monitoring performance of organisations across Health and Care, identifying organisations where more support is needed and unblocks access to further support through funding, national services, regulation or engagement.
  • Analysing and reporting on compliance performance across the system identifying trends and common areas of weakness across the system.

Working for our organisation

The NHS England board have set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all, which will inform the detailed design work and we will achieve this purpose by:

  • Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities.
  • Making the NHS a great place to work, where our people can make a difference and achieve their potential.
  • Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care
  • Optimising the use of digital technology, research, and innovation
  • Delivering value for money.

If you would like to know more or require further information, please visit https://www.england.nhs.uk/.

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person.

Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.

If you are successful at interview, we will run an Inter Authority Transfer (IAT) in the Electronic Staff Record system (ESR). This transfer gathers valuable information from a previous or current NHS employer to support the onboarding process, including; statutory and mandatory competency status, Continuous Service Dates (CSD), and annual leave entitlement.  You will have the opportunity throughout the recruitment process to inform us if you do not consent.

Detailed job description and main responsibilities

As a Health and Care System Cyber Security Compliance Lead within the Joint Cyber Unit,  the post holder will work as part of a dynamic team in delivering an effective service supporting cyber security risk reduction across the health and care system.

 The post holder will lead the provision of an efficient, effective, and high quality professional and well-coordinated system wide Health and Care cyber security compliance service capable of meeting all statutory, regulatory and NHS requirements ensuring alignment with the activity of the organisation.

The post holder will be responsible for:

  • Provide team leadership and subject matter expertise in security compliance.
  • Oversee team workload and capacity, collaborating with other leaders to align resources and priorities.
  • Lead the delivery of a responsive, high quality cyber security compliance service. 
  • Drive remediation of cross-cutting security issues through the design and continuous delivery of security improvement plans.
  • Partner with regional stakeholders to strengthen cyber maturity and organisational resilience.
  • Coordinate cyber security compliance activities across a diverse stakeholder base to drive meaningful security improvement and maintain clear lines of communication. 
  • Scope and assess the security posture of Health and Care Organisations taking an evidence based approach
  • Develop and manage security compliance metrics to inform evidence based decision making
  • Lead compliance activities aligned with key frameworks and legislation such as: NCSC CAF, NIS Regulations, and the DSPT.
  • Providing cyber security expertise supporting the development, implementation, and monitoring of the compliance service.
  • Providing comprehensive compliance plans and progress reports to the relevant Boards as per the agreed reporting schedule and on an ad hoc basis as required
  • Working closely with other leads and sponsor directors to ensure interdependencies across all compliance areas are considered and actions aligned
  • Managing the day-to-day activities of the compliance service as well as contribute specialist knowledge to develop effective strategy and operational policies
  • Engaging with key strategic regional and national policy makers to inform development of strategy and policies
  • Identifying examples of national and international best practice and to ensure that benefits from relevant innovations in healthcare are realised
  • Developing and champion new initiatives or projects as necessary
  • Ensuring that the team members work cohesively within the team and with other programmes.
  •  Providing leadership, direction, and support to ensure a consistent approach through programme management to delivering organisational objectives.

The post of Health and Care System Cyber Compliance Lead has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 30% per annum.

Please be aware that RRP is non-contractual and subject to review.

Please note that the reason for the fixed term of this contract iscovering vacancy.

National Security Vetting

Important: Please be aware there are residency requirements you need to meet:

All NHS England Cyber Security personnel must hold SC level as a minimum.

To meet National Security Vetting requirements, SC clearances require 5 years continuous UK residency. In certain cases, this can be reduced to three years continuous UK residency, with additional overseas checks for the previous two years.’

Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role - will still be considered.

Please make sure you meet these requirements before applying for this role. You don’t need to have SC already, however, failure to achieve the requirements for SC after offer, will result in the job offer being withdrawn.

For further advice please check https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels/national-security-vetting-clearance-levels#security-check-sc.

For further information on National Security Vetting please check National security vetting: clearance levels - GOV.UK, information on the Security Vetting and Clearances Intranet page or contact [email protected].

You can find further details about the role, including key responsibilities and accountabilities, alongside the organisational structure and person specification in the attached Job Description and other supporting documents.

Secondments

Applicants from within the NHS will be offered on a secondment basis only, agreement should be obtained from their employer prior to submitting the application.

Role Title

The job title advertised is for the purposes of advertising, the successful candidate(s) will be hired with the job title of Cyber Operations and Engagement Lead until a formal change can be made.

Applicant requirements

You must have appropriate UK professional registration.
This post will require a submission for Disclosure to be made to check for any unspent criminal convictions.

Person specification

Qualifications

Essential criteria
  • CISSP/CISA/CISM/CRISC or equivalent qualification from a recognised security focussed professional body

Experience

Essential criteria
  • Extensive knowledge and experience of the strategies, frameworks, controls and processes used to encourage good cyber hygiene
  • Extensive knowledge and experience of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect organisational data.
  • Extensive knowledge and experience of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply this knowledge appropriately to diverse situations.
Desirable criteria
  • The post holder will have a strong track record in strategic and operational delivery within the NHS and social care, with in-depth knowledge, skills and experience in programme and project management.
  • Experience leading change projects and programmes in health and/or social care environments.

Skills

Essential criteria
  • Provide and receive highly complex, sensitive and contentious information, negotiate with senior stakeholders on difficult and controversial issues, and present complex and sensitive information to large and influential groups.
  • Negotiate on difficult and very complex and detailed issues.
  • Highly developed team management, co-ordination, and motivation skills as well as excellent listening and negotiation skills.
Desirable criteria
  • Ability to analyse complex facts and situations and develop a range of options.

Documents

Further details / informal visits contact

Name
Sarah Murphy
Job title
Head of Cyber Security Compliance and Engagement
Email address
[email protected]
Apprenticeships logo
Mindful employer. Being positive about mental health.
Disability confident committed
Step into health
Accredited Living Wage Employer

Start your application

You must sign in to a Trac account before you can apply for this job.

Sign in

By signing in you are acknowledging our privacy notice.

Create an account

Create your account and apply for your new job!