The Health Informatics Service (THIS), hosted by Calderdale and Huddersfield NHS Foundation Trust (CHFT), provides a broad range of IM&T services across many diverse customer organisations. As a significant part of this provision reports to the Chief Technology Officer (which accompanies Operational Support and Business Intelligence services). These services are based around those functions that provide people, who have highly developed specialist knowledge, skills and experience, allowing them to facilitate, train, manage and advise across a whole range of IM&T related areas. The Cyber & IT Security Service (CITS) is one of these principal service areas.
The post holder will be a key member of the Chief Technology Officer's staff and have responsibility for leading the design, delivery and continuous improvement of the CITS service, ensuring that the strategic vision for the service is developed and delivered in line with mandated national policy and our internal Governance, Risk and Compliance (GRC) Framework.
Specifically, the post holder will direct and support the Operational Technical Managers with the implementation of the strategic vision for Cyber & IT Security, across THIS, CHFT and the wider customer base, ensuring professionalisation and commercialisation are embedded as central values throughout all levels of the service.
Responsibilities
* To lead the development and to direct the implementation of the overall strategic vision of the CITS Service, including service/personnel development/improvement, professionalisation and commercialisation.
* Lead on the development and implementation of the GRC Programme from a CITS perspective, ensuring all current and emerging national and locally mandated compliancy areas are encompassed (ISO27001:2013, Cyber Essentials Plus, NIS Regulation, GDPR, DATA Protection Act 2018, ENISA, DSPToolkit, OWASP top 10).
* Be responsible for remaining up to date on current security threats (threat actors/attack vectors) and ensure risk assessments are applied to promote mitigation.
* Be responsible for the research and evaluation of the latest Cyber Security, Information Security and IT Governance products and protocols.
* Lead on the development and delivery of a range of Cyber & IT Security awareness sessions/workshops/presentations that will focus on improving cyber safety throughout the business, customer base and wider regional footprint.
* Be responsible for the management, development, support and delivery of all CITS services delivered to both internal and external customers.
* To create and continually develop a structure that will consistently deliver excellent service and meet all customers’ requirements.
* Strategic formulation and implementation of long‑term Cyber & IT Security strategy and dependent policies and procedures in line with THIS, CHFT, customer and national requirements.
* Scope, design and implement GRC methodologies in conjunction with the DPO across all Trust departments.
* Design CITS policies in line with existing and upcoming nationally and locally mandated compliancy requirements.
* Support the senior leadership team to plan the long‑term development of The Health Informatics Service.
* Maintain all business level certifications/accreditations – e.g. Cyber Essentials, IASME, IASME Gold, relevant accreditations in line with DSP Toolkit.
* Provide advice, guidance and auditing regarding ISO27001:2013, GDPR/NIS Regulation technical requirements, Cyber Essentials Plus, Data Security and Protection Toolkit, Cyber Incident Response, internal CareCert implementation and response process, CareCert/NHS England alerts and evidential reports, product and service analysis pre‑procurement, security analysis of products and services pre‑implementation across a wide range of service users.
* Advise the ISMS Group on technical aspects of Trust risk, advise all technical teams around mandatory actions (patching etc) as well as best practice, provide technical guidance to the Information Governance Team and DPO, advise on disciplinary cases of computer misuse.
* Investigate and report serious or highly sensitive security breaches, facilitate and deliver appropriate security reporting across all levels of the organisation and customer base.
* Responsible for the design delivery and evaluation of Technical Awareness Training, Board Awareness Training, Customer Organisation Awareness Training, Skills Development Network Workshops and Seminars.
* Account safety, phishing awareness, OpenWiFi safety, Dark Web overview, internal staff awareness of GRC principles and the interoperability of Governance Risk and Compliance.
* Across THIS, CHFT and the wider customer base, responsibility for the design, maintenance and monitoring of Corestream (GRC Business Assurance tool), end‑point protection, email protection, encryption technologies, web filtering, application control, data leakage, mobile device management, vulnerability testing, penetration testing, phishing simulation campaigns, SIEM and logging systems, cyber incident response, OWASP top 10 compliance analysis, forensic investigation/breaches.
* Managerial duties as detailed in the job description.
Qualifications & Conditions
* Security Check (SC) clearance is required (current or eligible to obtain).
* Qualified in Cyber, Information Security or related field with proven experience in governance, risk and compliance.
* Strong understanding of national policy (ISO27001, GDPR, NIS Regulation, Cyber Essentials Plus, ENISA, DSP Toolkit, OWASP).
* Excellent leadership and communication skills, able to influence at senior levels.
* Demonstrated ability to design and implement security strategies and programmes.
* Experience in delivering security awareness training and workshops.
Benefits
We employ more than 6,500 staff who deliver compassionate care from our two main hospitals, Calderdale Royal Hospital and Huddersfield Royal Infirmary as well as in community sites, health centres and in patients’ homes. We also have almost 150 volunteers here at CHFT. We provide a range of services including urgent and emergency care; medical; surgical; maternity; gynaecology; critical care; children’s and young people’s services; end of life care and outpatient and diagnostic imaging services. We provide community health services, including sexual health services in Calderdale from Calderdale Royal and local health centres. We continue to modernise and invest in our health services to build on our strong reputation. Foundation trusts are public leaders in improving quality in health services. They are part of the NHS – yet decisions about what they do and how they do it are driven by independent boards. Boards listen to their Council of Governors and respond to the needs of their members – patients, staff and the local community. Foundation trusts provide what the health service wants, yet are also free to invest quickly in the changes to the local community needs, in striving to be the best, and in putting their patients first.
Please note: this role requires Security Check (SC) clearance. Candidates must already hold this clearance or be eligible to obtain it.
Deadline
This advert closes on Wednesday 15 Oct 2025.
#J-18808-Ljbffr