Job Description

We are seeking an experienced Cyber Security and Compliance Officer to join our digital services team. This senior specialist role is vital in protecting the Trust's systems and data and ensuring we remain resilient in a rapidly evolving cyber landscape.
You will act as an expert adviser to senior leaders and operational teams, translating complex cyber risks into clear, practical information that supports confident decision-making and helps build a strong security culture.
Collaboration is central to the role. You will work closely with internal teams and external partners to maintain compliance with NHS cyber security standards and best practice, including meeting the requirements of the Data Security and Protection Toolkit (DSPT). You will also work with Information Governance, Data Protection and both clinical and non-clinical teams, as well as contributing to work across the wider North West London collaborative to support a consistent approach to cyber security across partner organisations.
The role may expand to include providing specialist advice beyond CLCH, supporting other members of the North West London community and mental health collaborative. This may involve contributing to joint initiatives that make best use of shared skills and resources.
A key focus will be developing and delivering initiatives that strengthen the Trust's cyber resilience, including engaging training and awareness activities that help colleagues stay secure, confident and compliant.
Main duties of the job

• Lead on the development, implementation, and ongoing improvement of the Trust's cyber security framework, ensuring robust and proportionate protections are in place.
• Provide expert, senior-level cyber security advice to Trust leaders and key stakeholders, presenting technical information in a clear, pragmatic and accessible way.
• Ensure full compliance with NHS cyber security standards and best practice, including maintaining and improving the Trust's standing in the NHS Data Security and Protection Toolkit (DSPT).
• Work collaboratively with Information Governance, Data Protection, clinical and non-clinical teams to deliver a unified approach to cyber security across the organisation.
• Build strong relationships with external partners across the North West London collaborative, contributing to joint initiatives that enhance regional cyber security resilience.

About us
Just as we care about our patients' well-being, we care about yours!
We can offer you:

• A comprehensive induction into the community service followed by a local induction to introduce you to the role
• Car lease scheme(only available for Band 5 and up)
• Flexible working options
• Annual travel card loan
• Training, support and development in your career

To have a full look at our benefits and what it's like working for us please go here: https://www.clch.nhs.uk/job/pay-and-benefits
Details
Date posted
04 December 2025
Pay scheme
Agenda for change
Band
Band 8b
Salary
72,921 to 83,362 a year per annum, inclusive of HCAS
Contract
Permanent
Working pattern
Full-time
Reference number
824-CORP-7625161
Job locations
Parsons Green Health Centre
London
SW6 4UL
Job description
Job responsibilities
**Please see attached and Person Specification for full roles and responsibilities.** Job description
Job responsibilities
**Please see attached and Person Specification for full roles and responsibilities.**
Person Specification
Skills and Knowledge
Essential

• Good working knowledge of the NHS and the work of a community Trust
• Risk assessment and advice: Ability to proactively identify, assess and quantify cyber security risks while providing a balanced evaluation that considers operational and clinical impacts, ensuring that security measures align with the overall priorities of patient care and service delivery
• Technical Proficiency: A strong technical background in vulnerability assessment, risk analysis, and security auditing. Expertise in Microsoft security solutions, such as Microsoft 365 Defender, Entra, and Intune
• Up to date knowledge of cyber capabilities and emerging technologies, and how these can be applied operationally within complex organisations
• Risk Assessment: Skilled in identifying, assessing, and mitigating cyber security risks. Proficiency in using security assessment tools and methodologies.
• Incident Response: Ability to lead investigations into security incidents and provide post-incident reviews

Education
Essential

• A Master's degree in Cyber Security, Information Technology, or a related field
• Relevant certifications such as CISSP, CISM, CEH or equivalent.

Desirable

• Data Protection Officer (DPO) certification or relevant training is an advantage

Experience
Essential

• Extensive experience in a cyber security role, preferably within the healthcare sector or wider public sector.
• In-depth understanding of the NHS Data Security and Protection Toolkit (DSPT), Cyber Assessment Framework (CAF) and NHS Information Governance standards
• Has worked in partnership with external suppliers, and across different services, to ensure cyber security
• Experience of working in a large and complex multi-tiered environment
• Experience managing security and compliance within Microsoft environments, particularly using Microsoft security tools and cloud services (e.g., Azure, Microsoft 365).
• Experience leading security audits, incident management, and staff training initiatives.

Desirable

• Experience of implementing and supporting security control frameworks, such as ISO27001.
• Knowledge and experience of cyber security maturity frameworks such as NCSC CAF
• Strong background in data protection regulations, including GDPR and the Data Protection Act.

Person Specification
Skills and Knowledge
Essential

• Good working knowledge of the NHS and the work of a community Trust
• Risk assessment and advice: Ability to proactively identify, assess and quantify cyber security risks while providing a balanced evaluation that considers operational and clinical impacts, ensuring that security measures align with the overall priorities of patient care and service delivery
• Technical Proficiency: A strong technical background in vulnerability assessment, risk analysis, and security auditing. Expertise in Microsoft security solutions, such as Microsoft 365 Defender, Entra, and Intune
• Up to date knowledge of cyber capabilities and emerging technologies, and how these can be applied operationally within complex organisations
• Risk Assessment: Skilled in identifying, assessing, and mitigating cyber security risks. Proficiency in using security assessment tools and methodologies.
• Incident Response: Ability to lead investigations into security incidents and provide post-incident reviews

Education
Essential

• A Master's degree in Cyber Security, Information Technology, or a related field
• Relevant certifications such as CISSP, CISM, CEH or equivalent.

Desirable

• Data Protection Officer (DPO) certification or relevant training is an advantage

Experience
Essential

• Extensive experience in a cyber security role, preferably within the healthcare sector or wider public sector.
• In-depth understanding of the NHS Data Security and Protection Toolkit (DSPT), Cyber Assessment Framework (CAF) and NHS Information Governance standards
• Has worked in partnership with external suppliers, and across different services, to ensure cyber security
• Experience of working in a large and complex multi-tiered environment
• Experience managing security and compliance within Microsoft environments, particularly using Microsoft security tools and cloud services (e.g., Azure, Microsoft 365).
• Experience leading security audits, incident management, and staff training initiatives.

Desirable

• Experience of implementing and supporting security control frameworks, such as ISO27001.
• Knowledge and experience of cyber security maturity frameworks such as NCSC CAF
• Strong background in data protection regulations, including GDPR and the Data Protection Act.

Skills Required