The Head of Cyber Governance, Risk & Compliance (GRC) plays a pivotal role in protecting some of the UK’s most critical national infrastructure. Reporting to the Security Principal, the role provides senior operational leadership for Cyber GRC and assurance across NHS England’s complex and highly federated technology landscape.
NHS England operates at national scale, delivering and enabling services that are essential to patient safety, public trust and national resilience. This role operates at the heart of that system, ensuring that cyber risk is understood, governed and managed proportionately while enabling digital transformation at pace.
Overview
The post holder will lead the day to day delivery of the Cyber GRC function with delegated authority, managing specialist teams and exercising matrix leadership across cyber, digital and technology services. The role is focused on leading technological change, ensuring governance and assurance remain effective as services, operating models and platforms continue to evolve.
Cyber resilience is fundamental to the successful delivery of the NHS Long Term & 10 Year Health Plans. This role will help ensure that transformation and modernisation initiatives can be delivered safely, securely and without disruption from cyber incidents, supporting continuity of care and public confidence.
Key responsibilities
* Lead operation and development of cyber governance, policy and risk management frameworks, ensuring security policies, standards and controls remain fit for purpose and aligned to business risk.
* Oversee assurance activity against recognised frameworks and obligations, including ISO 27001, the NCSC Cyber Assessment Framework and nationally mandated requirements.
* Lead the development and communication of high‑quality cyber risk and resilience reporting, providing clear insight to senior leaders and governance forums to support informed decision‑making during significant organisational, technological and service change.
* Embed security by design into services and programmes in partnership with technology, operational and transformation teams, supporting delivery of the NHS Long Term and 10 Year Health Plans.
* Provide senior operational leadership for NHS England’s Cyber GRC function under delegated authority, exercising matrix leadership across cyber, digital and technology services.
Requirements
All NHS England Cyber Security personnel must hold Security Clearance level as a minimum. To meet National Security Vetting requirements, SC clearances require 5 years continuous UK residency; this can be reduced to three years continuous UK residency with additional overseas checks for the previous two years. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role will still be considered. Failure to achieve the requirements for SC after an offer will result in the job offer being withdrawn.
The post of Head of Security has been awarded a Recruitment and Retention Premia (RRP). In recognition of current labour market conditions, the role attracts an additional monthly RRP payment equal to 30% per annum. RRP is non‑contractual and subject to review.
This advert closes on Wednesday 27 May 2026.
#J-18808-Ljbffr