Job Description

The Head of Cyber Security is the expert responsible for protecting the confidentiality, integrity and availability of digital services and patient information across acute, community, mental health and primary care partners; our Gloucestershire Integrated Care System (ICS). Protecting our staff, systems and safeguarding our patient data from harm by ensuring technology and information that underpins patient care remains safe, available and trustworthy is of utmost importance and key in in enabling delivery of safe patient care by our 15,000+ staff with confidence, transparency and compliance.



The post holder will provide strategic and operational leadership of the Cyber Security Team and acts as the expert adviser to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committees on all cyber-security matters, working closely with the Information Governance lead and DPO.



They ensure compliance with the Data Security and Protection Toolkit (DSPT) aligned with the Cyber Assessment Framework (CAF) and delivery of the NHS Cyber Security Strategy to 2030 and full participation in the regional "Defend as One" model.

The proposed interview date is:

20th January



The role combines governance, assurance and hands-on leadership of proactive and preventative tactics, threat intelligence, incident response, vulnerability management, strategy and cultural change to build cyber resilience across the Integrated Care System (ICS



They will have a proven track record of managing and improving cyber resilience within large, complex or multi-organisation environments; ideally within the NHS or wider public sector. They will possess deep technical and governance expertise across areas such as threat detection, vulnerability management and incident response, with the ability to translate complex technical risk into clear, articulate, actionable information for senior executives and boards with assurance and confidence.



They will demonstrate a thorough understanding of national and international cyber standards, including the Cyber Assessment Framework (CAF), Data Security and Protection Toolkit (DSPT), ISO 27001, and the NHS Cyber Security Strategy to 2030. Experience of successfully leading cyber compliance programmes, external audits and penetration-testing remediation is essential, alongside a strong grasp of modern tooling such as MS Defender for Endpoint, Sentinel, SIEM and vulnerability-scanning and asset management platforms.



The successful candidate will bring experience in leading multidisciplinary cyber teams, developing capability through mentoring and training and fostering an open culture of shared responsibility for cyber security.



We take pride in placing people at the centre of everything we do, working together as a united team. Driven by a shared ambition to continually grow, develop, and learn, we recognise and value every contribution. By combining our experience and skills, we not only support our vibrant, diverse communities, but also support one another.



With a team of over 9,000 employees, we are proud to be the largest employer in Gloucestershire and rank among the top 10 largest Trusts in the South West region. By joining our Trust, you will benefit from an excellent package that includes exclusive benefits, flexible working opportunities and the chance to gain valuable experience in one or both of our innovative hospitals.



As well as generous annual leave allowance, you will have access to the excellent NHS pension scheme, competitive bank rates, discounts at local shops and restaurants, access to two on-site nurseries, discounted public transport, reward and recognition and a range of health and wellbeing initiatives to support you.



Strategic Leadership



Act as the senior specialist for cyber security across the ICS, setting strategic direction and delivering the countywide Cyber Security Strategy and annual workplan. Act as the primary countywide interface with NHS England's CSOC, regional cyber leads, and law enforcement. Facilitate threat intelligence sharing and collective defense initiatives across the ICS. Track and report key cyber resilience indicators, including MDE and BitSight scores, vulnerability closure rates, CAF maturity levels, and CareCERT compliance metrics. Use data trends to inform Board-level assurance and investment priorities. Provide expert assurance to the Chief Delivery & Governance Officer, SIRO, Caldicott Guardian and Audit Committee on cyber risks, controls and maturity. Lead local adoption of NHS England's Defend as One principles, ensuring collaboration on shared tooling, intelligence and incident coordination. Represent the Trust and ICS on regional and national cyber forums, ensuring alignment with NCSC, NHS England Cyber Operations Centre (CSOC) and DHSC guidance. Lead and develop the Cyber Security Team to deliver proactive monitoring, detection, response and continuous improvement. Act as the senior technical authority for cyber incident response, providing Tier 3 escalation and decision-making oversight during major incidents.Oversee coordination between local and national CSOC functions, ensuring event data are triaged, correlated, and acted upon efficiently. Oversee the countywide security tooling stack ensuring optimal configuration and utilisation. Manage day-to-day cyber operations, including vulnerability management, penetration-testing remediation, phishing simulations and user awareness campaigns. Maintain robust incident-response plans compliant with Data Security Protection Toolkit and NCSC guidance, ensuring all major incidents are logged, triaged and reported within mandated timescales. Coordinate technical response during cyber events, acting as joint Incident Manager and providing senior briefings, root cause analysis and lessons-learned reports.

Risk and Compliance



Own and maintain the Cyber Risk Register, consolidating Trust- and ICS-level risks and ensuring appropriate mitigations and assurance evidence. Lead the internal cyber assurance programme, mapping findings from penetration tests, CareCERT responses, and internal audits to DSPT objectives. Maintain oversight of all open cyber audit actions, ensuring timely closure and evidence of improvement. Deliver the DSPT to "Standards Met" or higher, embedding continual improvement reviews throughout the year. Monitor CareCERT/NHS Cyber Alerts and ensure all critical vulnerabilities are triaged within 48 hours and resolved within 14 days. Oversee removal or mitigation of End-of-Life systems to maintain ? 95 % supported infrastructure. Promote sustainable cyber operations by adopting energy-efficient hardware lifecycle management and secure and responsible asset disposal to reduce carbon footprint. Ensure all new digital procurements and cloud deployments include security-by-design and supplier-assurance controls.

Policy and Governance



Lead the review and implementation of Cyber Security Policies, Standards and SOPs covering access, remote working, cloud, IoT/IoMT and third-party assurance. Provide governance reporting to the Digital Board Committee, Audit Committee and ICS Cyber Operations Group. Liaise with Information Governance and Data Protection Officer to ensure alignment between IG and Cyber requirements. Work closely with Information Asset Owners and Administrators to ensure security controls, DPIAs, and mitigations are documented and reviewed. Ensure all system changes or procurements undergo proportionate cyber risk assessment and IG consultation.

People and Culture



Inspire, mentor and develop team members, supporting attainment of professional certifications (CISSP, CISM, NHS Cyber Academy). Promote a culture of cyber awareness and accountability through training, communications and engagement campaigns. Act as Subject Matter Expert to advise managers, IAOs and project teams on secure-by-design principles. Manage the cyber-security budget, ensuring effective investment and demonstrable value for money. Oversee contracts for penetration testing, secure disposal and software licensing within standing financial instructions. Prepare business cases for cyber-tooling, ensuring sustainability and cost-effectiveness. Professional Development, Education and Training Maintain expert awareness of national policy and technical trends, ensuring skills remain current. Undertake continuing professional development and contribute to the learning of others.

Planning and Organisation



Develop annual cyber workplans with measurable objectives, milestones and KPIs.

Coordinate multi-organisation programmes, including CAF reviews, Windows 11 migration, and SOC development.



Contribute to digital business-continuity and disaster-recovery planning and exercises.

Research and Development



Lead continuous improvement initiatives, researching emerging threats, Zero Trust architecture, AI security, and IoMT protection. Evaluate new technologies through proof-of-concept pilots and cost-benefit analysis. Benchmark performance against national metrics (e.g. MDE, BitSight, Cyber Maturity Model).

Communications and Working Relationships



Maintain constructive relationships with internal and external stakeholders including Digital Ops, Clinical Engineering, IG, HR, Estates, suppliers, and ICS partners. Liaise with NHS England Cyber Operations Centre, Regional Cyber Leads, Police Cyber Unit, and NCSC. * Communicate complex, sensitive and sometimes contentious security information to senior leaders and technical staff clearly and confidently.