Job summary
We are seeking an exceptional and forward thinking Head of Information & Cyber Security to lead our Trust's security strategy, ensuring our information, systems, and digital services remain resilient, compliant, and protected against evolving cyber threats.
This is a senior leadership position, accountable to the Board for establishing and maintaining a Trust-wide information security management program, responsible for shaping our information security governance framework, providing expert advice to executive leadership, developing an organisational security culture, and ensuring we meet all relevant regulatory and legislative requirements.
Main duties
The Head of Information & Cyber Security is responsible for shaping and executing the Trust's information & cyber security strategy, ensuring alignment with Trust priorities and digital transformation goals.
This role will oversee the design, implementation, and continuous improvement of security policies, frameworks, standards and controls and manage the Trust's approach to risk assessment, threat intelligence, incident response and business continuity.
As Head of Information & Cyber Security you will be responsible for ensuring compliance with key regulations and standards including NIS2, DSPT, CAF, ISO27001, Cyber Essentials Plus, Data Protection Act 2018 and UK GDPR.
You will oversee the effective security operations, monitoring, vulnerability management and penetration testing programmes and act as the key point of contact with external partners such as the NHS Cyber Security Centre, suppliers and third-party security providers.
About us
We manage three major locality hospitals at North Tyneside, Wansbeck and Hexham, plus a number of smaller community hospitals and clinics from Tynemouth to Berwick on Tweed, covering one of the largest geographical areas of any NHS trust in the country. Leading in innovation and quality - opening a state of the art Northumbria Specialist Emergency Care Hospital, the first of its kind in England. Do you want to work in one of the best performing NHS organisations in England? Work in an organisation that supports its staff and focuses on staff experience as much as it does the experience of its patients? You can live and breathe in an area that has the cleanest air, cost effective living, great nightlife, some of the best schools with a wealth of history available on your doorstep. Sound too good to be true? Well it isn't, this is what you get when you work for Northumbria Healthcare, this is the Northumbria Way! Please read 'applicant guidance notes' before submitting your application.
Details
Date posted 03 March 2026
Pay scheme Agenda for change
Band Band 8c
Salary £76,965 to £88,682 a year per annum
Contract Permanent
Working pattern Full-time, Flexible working
Reference number 319-7826618JN
Job locations Manufacturing & Innovation Hub Northumbria Healthcare NHS Foundation Trust, Avenue Road, Seaton Delaval, NE25 0QJ
Job description
Job responsibilities
Responsible for developing and strengthening information and cyber security provision and implementing strong risk management strategies to protect the organisation.
Develop, maintain and effectively manage the implementation of policies, standards and controls in line with best practice, providing guidance and support to colleagues to ensure security and safety.
Develop the strategic road map for an effective vulnerability detection, assessment, remediation, and threat intelligence program.
Maintain and enhance the Information Security Management system (ISMS).
Ensure that all changes to the IT environment comply with information security requirements.
Oversee security performance assessment of suppliers and internal resources.
Provide specialist advice on information and cyber security and increase awareness amongst staff.
Work with colleagues to ensure pro-active monitoring of IT infrastructure.
Ensure adherence to standards such as ISO27001, Cyber Essentials Plus and GDPR.
Identify threats, assess their impact, and take appropriate action to resolve and prevent them.
Ability to influence and present at Committee/Board level.
Respond to or manage security incidents/breaches, oversee patching/vulnerabilities or hardening systems including detection, response, recovery, and post-incident analysis.
To develop business cases for Trust capital investments around technical security.
Person Specification
Qualifications
Essential
* Educated to Masters level (or relevant experience)
* Certified Information Security Manager (CISM) certification or Certified Information Systems Practitioner (CISSP)
* Evidence of continuing professional development
Desirable
* PRINCE2, project management, (or equivalent experience) and change management methodologies
Disclosure and Sponsorship
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Employer details
Employer name Northumbria Healthcare NHS Foundation Trust
Address
Manufacturing & Innovation Hub Northumbria Healthcare NHS Foundation Trust, Avenue Road, Seaton Delaval, NE25 0QJ
Employer's website
https://www.northumbria.nhs.uk/
#J-18808-Ljbffr