Information Security and Compliance Lead
Job overview: We’re looking for a motivated and detail‑driven Information Security & Compliance Lead to strengthen the way we govern, protect and assure our digital environment. Your work will help our systems, services and processes meet national standards and regulatory expectations, including DSPT, Cyber Essentials Plus and the Cyber Assessment Framework.
Location: Remote UK‑wide (occasionally visits Runcorn or other HCRG sites).
Seniority level: Mid‑Senior level | Employment type: Full‑time | Function: Information Technology | Industries: Hospitals and Health Care
Responsibilities
* Support the delivery and monitoring of secure infrastructure services across cloud, on‑premises and hybrid environments.
* Ensure security and compliance controls are applied consistently across networks, servers, endpoints and backup environments.
* Contribute to the maintenance of the Information Security Management System (ISMS), including policies, procedures and risk registers.
* Support internal and external audit activity, evidence gathering and assurance reviews.
* Monitor compliance with frameworks such as DSPT, Cyber Essentials Plus (CE+) and the Cyber Assessment Framework (CAF).
* Provide clear, practical security and compliance input for supplier reviews, contract renewals and new technology onboarding.
* Support incident management processes, including root cause analysis and follow‑up improvements.
* Contribute to business continuity and disaster recovery planning with relevant technical teams.
* Collaborate closely with Infrastructure, Service Operations, Business Systems and Transformation teams to embed secure‑by‑design principles across services and projects.
* Share guidance, raise awareness and promote good security and compliance practices across the organisation.
Full responsibilities available in the attached job description.
Qualifications
Essential
* Strong understanding of information security principles, with the ability to apply them in a compliance and governance context.
* Hands‑on experience supporting compliance with frameworks such as DSPT, Cyber Essentials Plus (CE+) and the Cyber Assessment Framework (CAF) or ISO 27001.
* Confident reviewing controls, assessing risks and producing clear, well‑evidenced mitigation plans.
* Familiarity with public sector or NHS data protection responsibilities, including GDPR and NHS Data Security Standards.
* Experience contributing to incident response and ensuring lessons learned are documented and embedded.
* Strong documentation skills – able to produce accurate policies, procedures, risk records and audit evidence.
* Comfortable working with Infrastructure, Service Operations and Transformation teams to ensure security and compliance requirements are understood and built in from the start.
* Able to work effectively with auditors, suppliers and governance groups, presenting information clearly and professionally.
Desirable
* Experience working within private cloud or hybrid environments, particularly where compliance requirements vary across services.
* Familiarity with toolsets such as EDR, vulnerability scanning, SIEM or MDM, particularly in relation to evidence gathering and assurance reporting.
* Relevant professional certifications (e.g., Security+, SSCP, ISO 27001, CISMP, CISSP Associate).
* Understanding of backup and disaster recovery security principles, including compliance considerations.
Package and Benefits
* £50,000 – £55,000 with group pension.
* Private medical insurance with fast access to specialist support, including musculoskeletal and mental health services.
* Membership of My Reward Hub – discounts and cashback on everyday purchases.
* Access to wages as earned, helping to manage unexpected expenses without high interest or overdraft fees.
* Online and face‑to‑face wellbeing support for mental and physical health, including counselling, trauma support and career coaching.
* Access to eLearning, bespoke career pathways and professional development through our Outstanding Learning Enterprise team.
* An open, supportive culture where ideas and contributions can shape how we deliver our purpose: changing lives through transforming health and care, supported by at least £100,000 of ringfenced innovation funding each year.
* The pride of working for an organisation committed to the highest clinical and quality standards, with the majority of services rated “Good” or “Outstanding” by the Care Quality Commission.
About the Company
We change lives by transforming health and care. Established in 2006, we are one of the UK's leading independent providers of community health and care services. We work with health and care commissioners and communities to transform services with a focus on experience, efficiency and improved outcomes, delivering and transforming adult and children community health services, primary care services including urgent care, sexual health, dermatology and MSK services as well as adult social care and wellbeing services. Across England, we support communities of many millions and directly help more than half a million people each year, guided by our simple values: we care, we think, we do.
Equal Opportunity
We're committed to equal opportunities and welcome applications from a broad, diverse range of people. We are a Disability Confident company, so we work to provide facilities, work environment adjustments and technical solutions to be as inclusive of everyone.
Privacy Notice
By applying for this job, we’ll need to process and hold information about you. For more details on how we use your information, please see our website's privacy policy.
#J-18808-Ljbffr