Trac proudly powers the recruitment for
NHS England
About
NHS England leads the NHS in England to deliver high quality care for all. We support NHS organisations to deliver better outcomes for our patients and communities, work to get the best possible value for taxpayers, and drive improvement across the NHS.
Through our seven regional teams, NHS England supports local integrated care systems, made up of public services that provide health and care – NHS organisations, primary care professionals, local councils, social care providers and the community, voluntary and social enterprise sector – to improve the health of the population, improve the quality of care, tackle inequalities and deliver care more efficiently.
Principal Cyber Security Adviser
Accepting applications until: 25-Jan-2026 23:59
Vacancy status: Open
Accepting applications until: 25-Jan-2026 23:59
Key details
Location
- Gwefan
- Wellington Place, Leeds or Wellington House, London
- Tref
- Leeds or London
- Cod post
- LS1 4AP
- Major / Minor Region
- West Yorkshire
Contract type & working pattern
- Contract
- Secondment: 10 months (until 31st October 2026)
- Oriau
- Full time
- Job share
- Flexible working
Salary
- Cyflog
- £99,483 - £115,287 per annum (this includes a RRP payment of 30%). Exclusive of HCAS
- Cyfnod cyflog
- Yearly
- Gradd
- (NHS AfC: Band 8c)
Specialty
- Prif leoliad
- Cyber Security
Our Organisation
The NHS is building a culture that is positive, compassionate and inclusive – and we all have our part to play.
As employers we are committed to protecting and promoting the physical and mental health and wellbeing of all our colleagues. This underpins our values as set out in the NHS Constitution and supports us to be an Employer of Choice, while helping our colleagues to deliver high quality services for our patients and communities.
As a flexible employer, we want to support you to work in a way that is best for the NHS, our patients and you. Talk to us about how we might be able to accommodate a flexible working arrangement whether that’s a job share, part time, hybrid working or another flexible pattern. In addition, although the role advertised may have a ‘home’ office base indicated, we remain committed to supporting flexibility around workplace locations. If it works for the service, we will do our best to make it work for you.
We are an accredited Living Wage Employer which means that every colleague working for our organisation and third-party contractors will earn a real Living Wage. We are one of over 15,000 organisations, who voluntarily chose to pay the real Living Wage.
Trosolwg o'r swydd
This role sits within the Joint Cyber Unit (JCU) a collaboration between the Department of Health and Social Care (DHSC) and NHS England (NHSE). The JCU is embedded within the Digital Policy Unit (DPU), a unit comprising both DHSC staff and NHSE staff intended to design, plan and build a digitally enabled, data driven and safe health and social care system with ministers and the NHS.
The purpose of the JCU is to provide strategic leadership in cyber security across the health and care sector, assure the cyber security of the sector, act as system stewards to improve cyber resilience across the health and care system and to provide advice which empowers health and care staff to share information appropriately and securely to deliver care.
The JCU sets, develops, and implements strategy, policy and standards for cyber security across the NHS and Adult Social Care in England. It has responsibility for designing, implementing and the ongoing assurance of the cyber security system risk management and compliance framework in place across the wider health and care system.
The JCU is comprised of two divisions:
- Governance, Risk and Compliance – cyber and information governance, system engagement, system compliance, system supply chain, system risk management and internal JCU business operations.
- Strategy and Policy – development and implementation of national strategy, policy and regulation
Advert
The Principal Cyber Security Adviser post sits within the Governance, Risk and Compliance division in the System Cyber Risk and Assurance function which is responsible for managing cyber risk across the health and care system, ensuring that we operate within the appetite set by both the NHSE and DHSC board.
As a Principal Cyber Security Adviser assigned to lead the cyber risk assessment capability, the post holder will work as part of a dynamic team in delivering an effective service supporting managers and staff across the Joint Cyber Unit to:
- Provide expert level subject matter knowledge in the cyber security area from both a technical and a business perspective to advise on issues across the cyber security domain and all activity across the Joint Cyber Unit.
- Establish and oversee process for assessing cyber risk and advising proportionate national interventions, including funding and regulatory levers, across the system.
- Lead the development of risk assessments into flagged scenarios and make recommendations as to how risk is best managed, articulating recommendation verbally and in writing, potentially to senior audiences.
- Lead on the reporting to the National Chief Information Security Officer on system cyber risk through development and oversight of a system cyber risk scenario library, drawing on support from the cyber risk intelligence and cyber governance teams.
Gweithio i'n sefydliad
Our work supports the NHS to deliver high quality services for patients and best value for taxpayers.
Our staff bring expertise across hundreds of specialisms — including clinical, operational, commissioning, technology, data science, cyber security, software engineering, education, and commercial — enabling us to design and deliver high-quality NHS services.
We lead the NHS in England by:
- Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities
- Making the NHS a great place to work, where our people can make a difference and achieve their potential
- Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care
- Optimising the use of digital technology, research, and innovation
- Delivering value for money
Earlier this year, the Government announced that NHS England will gradually merge with the Department of Health and Social Care, leading to full integration. The aim is to create a smaller, more strategic centre that reduces duplication and eliminates waste.
If successful at interview, we will initiate an Inter Authority Transfer (IAT) via the Electronic Staff Record (ESR). This retrieves key data from your current or previous NHS employer to support onboarding, including competency status, Continuous Service Dates (CSD), and annual leave entitlement. You may opt out at any stage of the recruitment process.
Swydd-ddisgrifiad a phrif gyfrifoldebau manwl
The post holder should have expertise in managing cyber security risks in large and complex environments and should be able to evidence their commitment to continuing professional development. This is a lead role within the risk and assurance function, as such the post holder will need to have line management experience and the ability to deal with competing priorities and tight deadlines.
They should also have the ability to build and maintain strong working relationships with other teams and be able to communicate cyber security risk topics to a range of stakeholders (both technical and non-technical).
The post holder will provide efficient, effective and high quality, professional and well-co-ordinated cyber security leadership meeting all statutory, regulatory and NHS requirements ensuring alignment with the activity of the organisation.
The postholder will have strong risk management and risk analysis skills and an expert grasp of the cyber components.
The post holder will be responsible for:
- Establishing and leading a capability to assess system cyber risk and recommend proportionate national interventions (e.g. regulatory action, funding decisions, and technical support) to manage it.
- Personally, delivering risk assessments, potentially to extremely tight timescales and with limited information, including recommendations on how to proportionately manage the risk.
- Contribute to Cyber Improvement programme where relevant to areas of responsibility.
- Build relationships across Joint Cyber Unit, NHSE, and NHS more broadly to both facilitate own understanding of system cyber risk and embed a rational risk basis into all of the unit’s activity.
- Work closely with the cyber risk intelligence team to understand the state of system cyber risk and appropriately feed this into risk assessments.
Essential criteria:
- Subject matter expertise across a number of key areas relating to cyber security.
- Strong risk management and risk analysis skills and an expert grasp of the cyber components.
- Evidence of post qualifying and continuing professional development.
- Should have an appreciation of the relationship between the Department of Health, NHS England and individual provider and commissioning organisations.
- Experience of delivering against competing priorities and deadlines while also directing the work of teams/individuals.
- A willingness to train to gain appropriate cyber qualifications. (ISACA: Certified Information Security Manager (CISM)
Important Information for Role:
Please be aware there are residency requirements you need to meet:
- All NHS England Cyber Security personnel must hold security clearance SC level as a minimum. To meet National Security Vetting requirements, you must have resided in the UK for a minimum of 3 out of the past 5 years for SC clearance. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role will still be considered.
- The post of Principal Cyber Security Adviser has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 30% per annum. Please be aware that RRP is non-contractual and subject to review.
- All roles in the Technology, Digital & Data Directorate require a Basic DBS check.
You can find further details about the role, including key responsibilities and accountabilities, alongside the organisational structure and person specification in the attached Job Description and other supporting documents.
Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person.
Secondments
Applicants from within the NHS will be offered on a secondment basis only, agreement should be obtained from their employer prior to submitting the application.
Applicant requirements
Person specification
Qualifications
Meini prawf hanfodol
- A willingness to train to gain appropriate cyber qualifications ISACA: Certified Information Security Manager (CISM)
Knowledge & Experience
Meini prawf hanfodol
- Subject matter expertise across a number of key areas relating to cyber security.
- Evidence of post qualifying and continuing professional development.
- Should have an appreciation of the relationship between the Department of Health, NHS England and individual provider and commissioning organisations.
- Experience of delivering against competing priorities and deadlines while also directing the work of teams/individuals.
Skills
Meini prawf hanfodol
- Strong risk management and risk analysis skills and an expert grasp of the cyber components.
Documents
- Job Description (PDF, 496.6KB)
- Occupational Functional Requirements Form (PDF, 69.8KB)
- NHSE - Verification of ID and RTW Guide (PDF, 306.6KB)
- Guide to Completing Your Application (DOCX, 42.7KB)
- Note for Existing NHS Employees applying for Fixed Term vacancies (DOCX, 26.2KB)
- Redundancy Clawback (PDF, 16.7KB)
Further details / informal visits contact
- Enw
- Karen Dempster
- Teitl y swydd
- Head of Strategic Business Management & Operations
- Cyfeiriad ebost
- [email protected]
- Rhif ffôn
- 07783 817745
Start your application
Sign in
Create an account
Create your account and apply for your new job!