Trac proudly powers the recruitment for
NHS England
About
NHS England’s purpose is to create the conditions for an ambitious and high quality NHS. We empower our people and partners to solve problems, provide outstanding care for every patient and improve the nation's health.
Our 7 regional teams work directly with systems and NHS providers across the country. Each region acts as the interface between national strategy and local delivery, overseeing performance, supporting improvement and enabling transformation at scale.
Contact
- Address
- Wellington House
- 133-155 Waterloo Road
- London
- SE1 8UG
- Contact Number
- 0300 330 1369
Head of Security – Cyber GRC
Accepting applications until: 15-Jul-2026 23:59
Vacancy status: Open
Accepting applications until: 15-Jul-2026 23:59
Key details
Location
- Site
- Wellington Place, Leeds, Hexagon House, Exeter & Wellington House, London
- Town
- Leeds, Exeter, London
- Postcode
- LS1 4AP
- Major / Minor Region
- West Yorkshire
Contract type & working pattern
- Contract
- Permanent
- Hours
- Full time
- Part time
- Job share
- Flexible working
Salary
- Salary
- £103,355.20 - £119,091.70 Per Annum (this includes a RRP payment of 30%, exclusive of HCAS)
- Salary period
- Yearly
- Grade
- (NHS AfC: Band 8c)
Specialty
- Main area
- Cyber Operations
Our Organisation
We share the core values set out in the NHS Constitution, which all colleagues are expected to demonstrate.
We support you to work in a way that is best for the NHS, our patients and you and your colleagues. Talk to us about how we might be able to accommodate a flexible working arrangement, whether that’s a job share, part time, hybrid working or another flexible pattern.
Job overview
The Head of Cyber Governance, Risk & Compliance (GRC) plays a pivotal role in protecting some of the UK’s most critical national infrastructure. Reporting to the Security Principal, the role provides senior operational leadership for Cyber GRC and assurance across NHS England’s complex and highly federated technology landscape.
NHS England operates at national scale, delivering and enabling services that are essential to patient safety, public trust and national resilience. This role operates at the heart of that system, ensuring that cyber risk is understood, governed and managed proportionately while enabling digital transformation at pace.
The post holder will lead the day to day delivery of the Cyber GRC function with delegated authority, managing specialist teams and exercising matrix leadership across cyber, digital and technology services. The role is focused on leading technological change, ensuring governance and assurance remain effective as services, operating models and platforms continue to evolve.
Cyber resilience is fundamental to the successful delivery of the NHS Long Term & 10 Year Health Plans. This role will help ensure that transformation and modernisation initiatives can be delivered safely, securely and without disruption from cyber incidents, supporting continuity of care and public confidence. It offers a rare opportunity to shape how cyber security enables, rather than constrains, one of the largest and most complex health systems in the world.
Advert
The post holder will provide senior operational leadership for NHS England's Cyber GRC function, acting under delegated authority from the Security Principal to ensure effective governance across a complex, highly federated and evolving environment.
Key responsibilities include leading the operation and development of centralised cyber governance, policy and risk management frameworks, ensuring security policies, standards and controls remain fit for purpose, aligned to business risk and capable of protecting critical national infrastructure that underpins safe patient care and public trust. The role will oversee compliance and assurance activity against recognised frameworks and obligations, including ISO 27001, the NCSC Cyber Assessment Framework and nationally mandated requirements.
The post holder will lead the development and communication of high-quality cyber risk and resilience reporting, providing clear insight to senior leaders and governance forums to support informed decision-making during significant organisational, technological and service change.
Working in partnership with technology, operational and transformation teams, the role will embed security by design into services and programmes, supporting delivery of the NHS Long Term and 10 Year Health Plans. The role requires calm, credible leadership and resilience, balancing competing priorities while leading specialist teams and matrixed stakeholders through sustained change in a high-profile environment.
Working for our organisation
NHS England has a wide range of statutory functions, responsibilities and regulatory powers. These are focused on supporting the wider NHS to deliver high quality care, as well as doing those things that are best done once for the whole NHS.
Our staff bring expertise across clinical, operational, commissioning, technology, data science, cyber security, software engineering, education, and commercial specialisms — enabling us to design and deliver high-quality NHS services.
In March 2025, the Government announced that NHS England and the Department of Health and Social Care will increasingly merge functions, ultimately leading to NHS England being fully integrated into the department.
If you currently work within the NHS and if successful at interview, we will initiate an Inter Authority Transfer (IAT) via the Electronic Staff Record (ESR). This retrieves key data from your current or previous NHS employer to support onboarding, including competency status, Continuous Service Dates (CSD), and annual leave entitlement. You may opt out at any stage of the process.
Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in our offices.
Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.
We cannot offer visa sponsorship for any vacancies.
Detailed job description and main responsibilities
Please see the attached Job Description and Person Specification for more information about the role and responsibilities.
Please ensure your supporting statement includes demonstratable evidence and specific examples on how you meet the criteria for each of the key skills specified. This will be used in both the shortlisting and interview processes
Important: Please be aware there are residency requirements you need to meet:
All NHS England Cyber Security personnel must hold Security Clearance level as a minimum. To meet National Security Vetting requirements, SC clearances require 5 years continuous UK residency. In certain cases, this can be reduced to three years continuous UK residency, with additional overseas checks for the previous two years. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role - will still be considered.
Please make sure you meet these requirements before applying for this role. You don’t need to have SC already, however, failure to achieve the requirements for SC after offer will result in the job offer being withdrawn. For further advice please check https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels/national-security-vetting-clearance-levels#security-check-sc
Please be aware that should you be successful in this position, you will be hired to the job title of Head of Security and this job title is advertised to attract the right skills needed for the role.
The post of Head of Security has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 30% per annum.
Please be aware that RRP is non-contractual and subject to review
If you like what you have read and think you have the skills and experience, we need then don't delay, apply today! We get lots of applications for our roles and so we sometimes have to close our posts early. Don't miss out!
Our commitments to you
We are passionate about creating an inclusive workplace that promotes and values diversity. We know that different ideas, perspectives and backgrounds create a stronger and more creative work environment that delivers better patient outcomes.
We strive to ensure our people feel trusted, valued and empowered. When you join us, we want you to grow and excel, and we offer many opportunities for you to do that.
We welcome your talent and enthusiasm irrespective of age, disability, neuro-divergence, sex, gender identity and gender expression, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances.
We ensure all applicants are treated fairly and consistently at every stage of the recruitment process. This includes considering reasonable adjustments for people who have a disability and/or who are neuro-divergent.
We welcome applications from disabled candidates. If you meet all the essential criteria, you will be guaranteed an interview.
Your application is your opportunity to demonstrate how you meet the requirements of the role. While we appreciate you may have had some support with your application (for example, using AI technology or guidance from a trusted individual), it’s important all the information you provide in it reflects your own knowledge, skills and experience and we trust that you apply on that basis.
If you’re applying for this role on a secondment basis, please get agreement from your current line manager before you apply.
We don’t accept applications via recruitment agencies, and we cannot offer visa sponsorship for any vacancies.
To comply with the HM Government Functional Standard GovS 007, and specifically the Personnel Security Standards 2024, individuals employed or contracted by NHS England may be required to undergo a Baseline Personnel Security Standards check, dependent on the role.
NHS Business Services Authority is responsible for processing your application; our privacy can be accessed directly on the application page when you select to apply.
If you are appointed to a post, your information will also be transferred into the NHS Electronic Staff Records system.
If you have a query about your application, please contact the recruitment team: [email protected] or 0300 330 1369.
NHS England
Applicant requirements
Person specification
Knowledge
Essential criteria
- Highly developed specialist knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organisational network operation and minimise negative effect by cybersecurity risks.
Desirable criteria
- Detailed knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
- Specialist knowledge of technologies and technology-based solutions dealing with information security issues; ability to apply these in protecting information security across the organisation.
Skills & Experience
Essential criteria
- Expert knowledge of IT security policies, standards, and procedures; ability to utilise a variety of administrative skill sets and technical knowledge to ensure cyber security compliance.
Desirable criteria
- Advanced specialist knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect organisational data.
Qualifications
Essential criteria
- Masters level degree in Cyber Security or relevant subject, or equivalent level of experience.
Documents
Further details / informal visits contact
- Name
- Dulcie Herreros
- Job title
- Deputy Director of Security
- Email address
- [email protected]
Start your application
Sign in
Create an account
Create your account and apply for your new job!



